Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verdacht auf Malware in Zusammenhang mit conhost

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Thema geschlossen
Alt 04.02.2023, 17:27   #1
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Hallo
seit einiger Zeit habe ich den Verdacht, dass unsere Rechner mit Schadsoftware infiziert sind.
Beispielweise öffnen und schließen sich unmotiviert consolenfenster und entsprechende Prozesse sind in der Registry gelistet.
Daher wollte ich mit dem Schulrechner unserer Tochter mal anfangen und den genauer analysieren. Den in der Checkliste aufgeführten Scan habe ich ausgeführt und angehangen.
Als Virensoftware wird McAfee Total Protection eingesetzt und regelmäßig aktuallisiert, ebenso werden Windows updates regelmäßig eingespielt. Die Virensoftware hat bislang aber keine Ergebnisse gefunden.

Danke & viele Grüße
Hans-Jürgen

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2023
Ran by User (administrator) on LAPTOP-TOVUM2BS (LENOVO 82A2) (04-02-2023 17:10:07)
Running from C:\Users\paula\Downloads\Papa
Loaded Profiles: User & paula
Platform: Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (MUSARUBRA US LLC -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\dispatcher.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\msedgewebview2.exe <12>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\UserSSCtrl.exe
(DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atieclxx.exe
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\sldworks_fs.exe
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\paula\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <23>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize (2)\SWVisualize.Queue.Server.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\5.4.105.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_22_7\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(services.exe ->) (Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(sihost.exe ->) 0 C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(sihost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe <6>
(sihost.exe ->) 0 C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2252.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.21146.0_x64__8wekyb3d8bbwe\onenoteim.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_422.33900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084192 2020-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [357944 2022-02-08] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3216784 2022-09-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9923856 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\Installer\setup.exe [4022216 2023-01-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\RunOnce: [ccleaner_update_helper] => C:\Program Files\CCleaner\ccleaner_update_helper.exe [710992 2023-01-30] (PIRIFORM SOFTWARE LIMITED -> Piriform)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-08-18] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4095184 2021-08-11] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\paula\AppData\Local\Microsoft\Teams\Update.exe [2587416 2023-01-09] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [Opera Browser Assistant] => C:\Users\paula\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3916232 2022-12-20] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\MountPoints2: {e74f27b5-09cd-11ec-aabe-f8a2d6e80c66} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-30] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2020 Fast Start.lnk [2021-08-23]
ShortcutTarget: SOLIDWORKS 2020 Fast Start.lnk -> C:\Windows\Installer\{3F4681F3-B30B-4531-ADB2-3661B531F926}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2021 Fast Start.lnk [2022-03-22]
ShortcutTarget: SOLIDWORKS 2021 Fast Start.lnk -> C:\Windows\Installer\{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [File not signed]
Startup: C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-12-28]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03933E32-E682-4E55-A74B-9C44C9BE4E88} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {0537EDE7-55E0-4BC7-8B2C-98409E68FF61} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {0652DF37-E549-45F3-AA26-19093AB2C6F6} - System32\Tasks\SOLIDWORKS Electrical Archiver => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe [275912 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)
Task: {06A91B9B-9780-4A93-A467-A9618F8CB78D} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {0F4EDE93-0408-4281-9305-60F7B9795690} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [661408 2023-02-01] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {12E9E526-1A20-49FC-8271-F449F40D79BD} - System32\Tasks\Opera scheduled Autoupdate 1629315665 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [41906896 2021-08-11] (Opera Software AS -> Opera Software)
Task: {193B012A-CE38-4800-8C29-C58DC1A1CF1A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {1DB6AB68-B9C9-4735-B9DA-5E523B547903} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {216EDC6A-6E9A-4AF1-9F55-60A069CEB36A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4dbfac73-560c-46f4-a3b4-8d2ad6664efd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {223993BB-5B5D-4D86-8118-7B1A515AAEEC} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {229AA8CC-B7CE-4DCF-8FA1-B68E1287BB4A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {23A71281-F51B-43D5-A157-3656A052672B} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {28B20591-8D63-4D76-B0C9-D0BD1BF80001} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {295377EC-45F9-4584-9EA7-FBD4B824988B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D33D57F-E734-4F57-988B-07B1309A1B64} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {321F6758-1FA0-4ED2-8F1C-60AE4F561A00} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {32E96B56-C417-4AD2-BF06-772D8C7AA6AA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {355B11B0-D02A-42F8-900A-1B60956C7E3F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\36546c7c-5db5-4d39-b8ab-a2ebd1918d36 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {371D4512-1086-43B2-B347-638020514BFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {3871551E-8055-4FBE-857C-62A004ED49AD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {3BE74C7C-737F-43F8-AD2C-2D907E0D175C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {468A3CD7-D8EB-4F80-9563-BE1A1FE128F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A031822-F4ED-4A4C-B5B4-0F1B454009CB} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {4E5C5973-9117-4898-A198-9C8668AC9EBB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24584376 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {58949759-2280-47CD-AF35-AEAC31293DEF} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [63960 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {5AC2C119-CC36-44B4-B36B-2BCF88E3AA9D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Wsc Startup event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {659055C8-970E-4BE0-AFE0-DBD0B98900A0} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {695391D1-573B-4CEF-87FF-EAD15ADF41B0} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4092968 2022-09-08] (McAfee, LLC -> McAfee, LLC)
Task: {6BD7A99C-13E7-46AD-94BF-5F8653B722E1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {787FFE05-3762-4308-9578-4108900C790D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [466944 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {7F598745-086E-4C77-B6D1-69750909CAAF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1003496 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7FDF1513-830B-4265-9A8D-9F1290D7E205} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {82BEE1B1-5140-4523-9D4C-1C9B8EFEF0E4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {85201293-2A6F-45C4-A554-78EF8F3DC16C} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {88AD7BEE-D899-4565-92FF-1CF07A87C172} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [47104 2021-08-24] (Advanced Micro Devices, Inc.) [File not signed]
Task: {89C59246-80EA-442A-9CAF-26EA2B46273E} - System32\Tasks\Opera scheduled assistant Autoupdate 1629315681 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [41906896 2021-08-11] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {8A59DDC2-FB4D-47F1-857D-AEA42104F26E} - System32\Tasks\Opera scheduled assistant Autoupdate 1612209386 => C:\Users\paula\AppData\Local\Programs\Opera\launcher.exe [2607560 2023-01-19] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\paula\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {971ACE7C-4A56-446F-9814-A5524C7383C8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (No File)
Task: {A0061D87-A25F-41AB-A3A5-B6FDEAEFC7C3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A16539EE-2645-4E0E-9BCD-DF8A88ACD50C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [768288 2022-03-24] (McAfee, LLC -> McAfee, LLC)
Task: {A34B6C59-0108-4BC1-81ED-9ADA4F223F3D} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {AAF59C3C-8DD6-4C9F-8836-7ED8D8DEB8EE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [269272 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {ADCA7BDA-0A7D-49C4-B079-B313143887C3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\297ca788-2a8d-45d3-ab10-6554caf55dbc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {AE093EDC-AEF5-4FD2-A74F-D271BC291B7F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B2B73314-6D70-4B2C-8C37-7EE8EFD16E16} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {B35271B8-2242-4C16-B283-94747B6C1279} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a102a663-2a89-40db-b661-8075fa7a706e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {B706F2B8-E302-42E9-81CB-CFAFB9194EAC} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [932376 2022-10-13] (McAfee, LLC -> McAfee, LLC)
Task: {BB2E0810-81F5-4D82-91D6-C73150BF847B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-08-17] (Google Inc -> Google LLC)
Task: {C83ABACA-75A1-4A7C-8455-F95067B7A9F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {CCF7E1CE-A3F6-47D1-893D-26110A8B4870} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CED89B4F-4E02-46DC-A0DA-E6A5A9B39564} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {CF73B423-0B02-43FA-B1A3-381ED7698B6C} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {D94EF845-A9E6-4DE9-81AB-FB29D602E816} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DA3BF6C0-9525-4EBB-B170-74D94F8490A8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {DA6EEDCD-5DDD-4389-87C9-22F0457C6DF5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {DAB1AD04-6207-412D-BC78-DD008EB3B1ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {DB014619-BBC0-4C48-A1A6-26A20B54CD74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-08-17] (Google Inc -> Google LLC)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {EB295AF2-508F-4061-B391-6F4CDEA18B4C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED0BA2CF-8D0E-4D83-B722-5654BEC4F084} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {F1F28710-FC17-4752-B5E5-91F281549DA7} - System32\Tasks\Opera scheduled Autoupdate 1612209381 => C:\Users\paula\AppData\Local\Programs\Opera\launcher.exe [2607560 2023-01-19] (Opera Norway AS -> Opera Software)
Task: {F22F0B6A-D0D1-4F8D-8AAB-8787C09804FB} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [466944 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {F2FF319C-020D-4911-A8A4-3BD0A6F1AD24} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {F5F01F63-9905-4B2E-813F-07B06E027ACA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {F6BE1AAC-FF44-4B82-AC2D-AD90472F1FC7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [932376 2022-10-13] (McAfee, LLC -> McAfee, LLC)
Task: {FC2E46B1-F974-4FDB-9A0A-C07822FFFB53} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SOLIDWORKS Electrical Archiver.job => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{2c73278c-8bfc-40c2-b9c5-851cd9df4d71}: [DhcpNameServer] 192.168.179.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-17]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [File not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2023-01-11] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\x86\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [File not signed]
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> \\devsilo1\builds\sw2021_sp03\sw\Release\x64\d210326.009.BGS.final\composer\Bin\npcomposerplayerwebplugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-08-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-08-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2023-01-10] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js [2021-08-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\zlonrrylmi4.cfg [2021-08-18] <==== ATTENTION

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-08-17]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR HKLM\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2022-02-25] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
S3 CoordinatorServiceHost; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe [79520 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe [2283600 2021-04-27] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [185288 2021-03-27] (Dassault Systemes SolidWorks Corp. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [364928 2020-06-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
S3 impi_hydra; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\hydra_service.exe [924472 2021-03-27] (Intel(R) Software Development Products -> Intel Corporation)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1808728 2020-05-27] (Lenovo -> Lenovo(beijing) Limited)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [11072008 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [856472 2023-02-03] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_22_7\McApExe.exe [816696 2022-10-17] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\5.4.105.0\\McCSPServiceHost.exe [3379584 ] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1571608 2022-10-09] (McAfee, LLC -> McAfee, LLC)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [366520 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4248712 2022-10-14] (McAfee, LLC -> McAfee, LLC)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [98624 2020-07-22] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-07-22] (ProtonVPN AG -> )
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe [252936 2021-03-27] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SmartSense; C:\WINDOWS\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe [155848 2020-08-30] (Lenovo -> Lenovo Group Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2021-08-23] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [607160 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 SWVisualize2020.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [30208 2020-05-08] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
R2 SWVisualize2021.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize (2)\SWVisualize.Queue.Server.exe [30368 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-08-18] (LAVASOFT SOFTWARE CANADA INC -> )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137552 2022-12-15] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_b2ecd28976c27717\amdacpafd.sys [348056 2021-08-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41536 2021-07-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\amdkmdag.sys [80540576 2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77888 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181072 2019-07-22] (GENESYS LOGIC, INC. -> Genesys Logic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476224 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349760 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84440 2022-09-15] (Microsoft Windows Early Launch Anti-Malware Publisher -> Trellix US LLC.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [445504 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [920128 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [665424 2022-07-07] (Musarubra US LLC -> Trellix US LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [119632 2022-07-07] (Musarubra US LLC -> Trellix US LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [112712 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [234584 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S4 RsFx0321; C:\WINDOWS\System32\DRIVERS\RsFx0321.sys [258720 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_23312dee5c4e1993\rtu53cx22x64.sys [1008864 2022-10-05] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2022-10-16] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [127512 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
R3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [28680 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-15] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-04 17:09 - 2023-02-04 17:10 - 000000000 ____D C:\FRST
2023-02-04 17:08 - 2023-02-04 17:10 - 000000000 ____D C:\Users\paula\Downloads\Papa
2023-02-04 16:31 - 2023-02-04 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2023-02-04 16:30 - 2023-02-04 16:30 - 000722202 _____ C:\WINDOWS\system32\perfh007.dat
2023-02-04 16:30 - 2023-02-04 16:30 - 000149258 _____ C:\WINDOWS\system32\perfc007.dat
2023-02-03 12:29 - 2023-02-03 12:29 - 000000000 ____D C:\Users\paula\Documents\Benutzerdefinierte Office-Vorlagen
2023-02-01 21:34 - 2023-02-04 16:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-30 07:55 - 2023-02-04 16:25 - 000000000 ____D C:\ProgramData\McInstTemp0190101675061719
2023-01-26 16:24 - 2023-01-26 16:24 - 000000020 ___SH C:\Users\User\ntuser.ini
2023-01-26 15:45 - 2023-01-26 16:13 - 000000000 ___RD C:\Users\paula\Documents\Wichtiges
2023-01-24 14:05 - 2023-01-24 14:05 - 001049564 _____ C:\Users\paula\Downloads\Was ist Rechtsterrorismus.pdf
2023-01-14 20:08 - 2023-01-14 20:08 - 000000000 ___HD C:\$WinREAgent
2023-01-07 13:21 - 2023-01-08 20:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-04 17:08 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-04 17:03 - 2022-11-21 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-04 17:03 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-04 16:41 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-04 16:31 - 2022-11-21 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2023-02-04 16:30 - 2022-11-21 23:45 - 001809546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-04 16:30 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-04 16:29 - 2022-02-14 20:04 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-04 16:28 - 2020-08-17 18:08 - 000000000 ____D C:\Users\paula\AppData\LocalLow\Mozilla
2023-02-04 16:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-04 16:26 - 2021-08-29 12:45 - 000000000 ___RD C:\Users\paula\Berufskolleg Opladen
2023-02-04 16:26 - 2021-08-29 12:00 - 000000000 ___RD C:\Users\paula\OneDrive - Berufskolleg Opladen
2023-02-04 16:26 - 2020-09-07 13:46 - 000000000 ____D C:\Users\paula\AppData\Roaming\WTablet
2023-02-04 16:25 - 2022-11-21 23:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-04 16:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-04 16:25 - 2020-11-10 18:16 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-04 16:25 - 2020-08-17 18:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-04 13:28 - 2020-08-12 14:57 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-04 13:26 - 2022-11-21 23:49 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2775161839-3573256424-1513776773-1002
2023-02-04 13:26 - 2022-11-21 23:49 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2775161839-3573256424-1513776773-1002
2023-02-04 13:26 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-04 13:26 - 2020-11-10 17:18 - 000002410 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-03 22:39 - 2022-11-21 23:49 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-03 22:39 - 2022-11-21 23:49 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-03 13:20 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Roaming\WhatsApp
2023-02-03 13:19 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Local\WhatsApp
2023-02-03 13:18 - 2020-08-17 18:35 - 000000000 ____D C:\Users\paula\AppData\Local\SquirrelTemp
2023-02-03 13:13 - 2022-11-21 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-03 13:12 - 2020-08-17 18:05 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-03 12:14 - 2022-11-21 23:49 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-01-31 17:15 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\D3DSCache
2023-01-30 11:19 - 2020-10-03 19:29 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-30 10:41 - 2022-11-21 23:49 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-01-30 10:41 - 2022-10-16 10:32 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-30 10:41 - 2022-10-16 10:32 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-30 07:55 - 2022-11-21 23:49 - 000003346 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2023-01-30 07:55 - 2022-05-07 06:17 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2023-01-30 07:55 - 2021-01-15 19:19 - 000000000 ____D C:\Program Files (x86)\McAfee
2023-01-30 07:54 - 2020-08-17 20:44 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-30 07:54 - 2020-08-17 20:44 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-01-30 07:53 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files\CCleaner
2023-01-26 20:03 - 2021-08-29 13:54 - 000000000 ___RD C:\Users\paula\Documents\TAHR 12 & 13
2023-01-26 19:13 - 2021-08-29 13:52 - 000000000 ____D C:\Users\paula\Documents\Gemeinde
2023-01-26 16:14 - 2022-01-15 17:54 - 000000000 ____D C:\Users\paula\AppData\Roaming\KeePass
2023-01-26 16:12 - 2021-08-29 13:50 - 000000000 ____D C:\Users\paula\Documents\Bewerbungen
2023-01-26 16:10 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\Packages
2023-01-26 16:09 - 2021-08-29 13:53 - 000000000 ___RD C:\Users\paula\Documents\TAHR 11
2023-01-24 14:53 - 2021-08-29 11:46 - 000000000 ____D C:\Users\paula\AppData\Local\CrashDumps
2023-01-23 22:47 - 2022-11-21 23:49 - 000004228 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1612209381
2023-01-23 22:47 - 2021-02-01 20:56 - 000001420 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2023-01-15 17:02 - 2022-11-21 23:45 - 001755128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-15 17:02 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-01-14 20:43 - 2020-08-17 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-14 20:41 - 2020-08-17 22:19 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-01-14 20:11 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-14 20:09 - 2022-11-21 23:45 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-14 15:59 - 2021-09-14 13:50 - 000000000 ____D C:\Users\paula\AppData\Local\AMD_Common
2023-01-09 21:32 - 2022-11-21 23:00 - 000000000 ____D C:\Users\paula
2023-01-09 11:46 - 2022-02-08 12:00 - 000002413 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-01-09 11:46 - 2022-02-08 12:00 - 000002405 _____ C:\Users\paula\Desktop\Microsoft Teams (work or school).lnk
2023-01-07 13:25 - 2020-08-17 18:08 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk

==================== Files in the root of some directories ========

2022-01-17 22:35 - 2022-01-17 22:35 - 018809915 _____ (Dr. J. Rathlev                                              ) C:\Users\paula\pb-setup-x64-6.2.1000.exe
2020-08-12 10:11 - 2020-08-12 10:11 - 000003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         

Alt 04.02.2023, 17:27   #2
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



[CODEFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2023
Ran by User (04-02-2023 17:11:05)
Running from C:\Users\paula\Downloads\Papa
Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) (2022-11-21 22:49:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2775161839-3573256424-1513776773-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2775161839-3573256424-1513776773-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2775161839-3573256424-1513776773-1000 - Limited - Disabled)
Gast (S-1-5-21-2775161839-3573256424-1513776773-501 - Limited - Disabled)
paula (S-1-5-21-2775161839-3573256424-1513776773-1002 - Limited - Enabled) => C:\Users\paula
User (S-1-5-21-2775161839-3573256424-1513776773-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2775161839-3573256424-1513776773-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {FE987762-0FB6-6BB6-1BF1-73F8ED8566FA}
FW: McAfee Firewall (Enabled) {C6A3F647-45D9-6AEE-30AE-DACD13562181}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DEXPERIENCE Marketplace for SOLIDWORKS (HKLM\...\{0060450C-5B44-424B-BD42-559F2A5D820A}) (Version: 6.29.641 - Dassault Systemes SolidWorks Corp)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.118 - Advanced Micro Devices, Inc.) Hidden
AMD MicroPEP Driver (HKLM-x32\...\{C36029EB-19FF-4462-A283-03B41BE9EFA4}) (Version: 1.0.29.0 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.17.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.9 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD SFH Driver (HKLM-x32\...\{A52D862F-3082-46E6-B1A2-7473F111FA1F}) (Version: 1.0.0.316 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.8.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{491043b2-acc5-4890-a5f2-1f5e3cc4427a}) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{82C2A7D9-6BFC-4BED-9EF9-C49780F02C3E}) (Version: 15.5.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Backuptrans Android WhatsApp to iPhone Transfer (x64) 3.2.175 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Backuptrans Android WhatsApp to iPhone Transfer (x64)) (Version: 3.2.175 - Backuptrans)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.68 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeCAD 0.18.4 (Installiert für den aktuellen Benutzer) (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\FreeCAD0184) (Version: 0.18.4 - FreeCAD Team)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.9.7 - Open source)
GDR 6164 für SQL Server*2014 (KB4583463) (64-bit) (HKLM\...\KB4583463) (Version: 12.3.6164.21 - Microsoft Corporation)
GDR 6169 für SQL Server*2014 (KB5014165) (64-bit) (HKLM\...\KB5014165) (Version: 12.3.6169.19 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
iMyFone iTransor for WhatsApp 4.6.2.3 (HKLM-x32\...\{BFC593FB-4E14-452E-94C2-75F382A89294}_is1) (Version: 4.6.2.3 - Shenzhen iMyFone Technology Co., Ltd.)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
iTunes (HKLM\...\{B71B64F9-B245-4E4B-802E-DB6AB834EA13}) (Version: 12.12.3.5 - Apple Inc.)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
KeePass Password Safe 2.52 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.52 - Dominik Reichl)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
Macrium Reflect Free (HKLM\...\{5664B4BB-6EA2-4981-A1C1-D08B5A088867}) (Version: 8.0.6979 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free (HKLM\...\MacriumReflect) (Version: v8.0.6979 - Paramount Software (UK) Ltd.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R50 - McAfee, LLC)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.70 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{E22449E8-E716-41AA-B449-E7CF16F5EAF1}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\OneDriveSetup.exe) (Version: 23.020.0125.0002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 RsFx Driver (HKLM\...\{C11487CA-E3B7-4D8E-9D6F-5C3DC6C81200}) (Version: 12.3.6169.19 - Microsoft Corporation) Hidden
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{5F0DFD0B-0027-4E9A-AA13-4CEA6A9C020D}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{F40FD7AB-C262-4655-8A5C-74781F2BEC06}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Teams) (Version: 1.5.00.33362 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{07C0BFE1-3291-409C-B96A-797340719C8F}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{826216B1-0F04-409B-A33E-C6A004AA1097}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (HKLM\...\{3577C582-28BF-47CF-A134-0F4E2C3A6148}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 (HKLM-x32\...\{DD6BC8D7-4582-4677-BAAC-4AB933E6C315}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 (HKLM-x32\...\{7B77DE7F-5219-435E-9CE1-FC77F1D4CCAD}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913 (HKLM\...\{620A7633-7A09-42A8-8580-076A4483C4B0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913 (HKLM\...\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Finalizer (HKLM-x32\...\{F93E37BD-4053-37CA-A7BB-A5B74508006C}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x64 Hosting Support (HKLM\...\{A8C30947-7C1B-3A31-8FD8-CEC6D3357D34}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x86 Hosting Support (HKLM-x32\...\{11A9EF3E-6616-31B1-82BC-1080366FA34D}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.3.6024.0 - Microsoft Corporation)
Movavi Video Editor Plus 2020 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Movavi Video Editor Plus 2020) (Version: 20.4.0 - Movavi)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 109.0.1 (x64 de)) (Version: 109.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.1.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.6.1 (x86 de)) (Version: 102.6.1 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Opera Stable 78.0.4093.147 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Opera 78.0.4093.147) (Version: 78.0.4093.147 - Opera Software)
Opera Stable 94.0.4606.76 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Opera 94.0.4606.76) (Version: 94.0.4606.76 - Opera Software)
Personal Backup 6.2.16.0 (64-bit) (HKLM\...\Personal Backup 6_is1) (Version: 6.2.16.0 - Dr. J. Rathlev)
Photo Common (HKLM-x32\...\{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ProtonVPN (HKLM-x32\...\{2E5B3FB1-FDCC-4BC8-AA99-E0EE5343CAF8}) (Version: 1.16.3 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.3) (Version: 1.16.3 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
PyCharm 2020.2.2 (HKLM-x32\...\PyCharm 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)
PyCharm Community Edition 2020.2.2 (HKLM-x32\...\PyCharm Community Edition 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)
RyzenMasterSDK (HKLM\...\{17BE94CF-FF53-4C12-81F5-E10EB6844849}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit) (HKLM\...\KB4022619) (Version: 12.3.6024.0 - Microsoft Corporation)
Smart View (HKLM-x32\...\{C7B50A89-F1D6-41C1-9375-0AF0C4CFE66F}) (Version: 1.0.0.0 - Samsung )
SOLIDWORKS 2020 German Resources (HKLM\...\{B7698A2D-ACFD-4DAE-B9A1-41F67EB9F770}) (Version: 28.130.0086 - Ihr Firmenname) Hidden
SOLIDWORKS 2020 graphics support (HKLM-x32\...\{1CB88B4C-EAEF-466E-A3FD-E612127EBAC4}) (Version: 1.0.1 - Dassault Systemes)
SOLIDWORKS 2020 SP03 (HKLM\...\{3F4681F3-B30B-4531-ADB2-3661B531F926}) (Version: 28.130.0086 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2020 SP03 (HKLM-x32\...\SolidWorks Installation Manager 20200-40300-1100-100) (Version: 28.3.0.86 - SolidWorks Corporation)
SOLIDWORKS 2021 German Resources (HKLM\...\{A8E011F9-AB58-4C9C-AB8C-7435C7E04FEB}) (Version: 29.130.0059 - Ihr Firmenname) Hidden
SOLIDWORKS 2021 SP03 (HKLM\...\{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}) (Version: 29.130.0059 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2021 SP03 (HKLM-x32\...\SolidWorks Installation Manager 20210-40300-1100-100) (Version: 29.3.0.59 - SolidWorks Corporation)
SOLIDWORKS CAM 2020 SP03 (HKLM\...\{4DFF26A7-85C6-4495-ADE0-54FDF9AB6F31}) (Version: 28.30.0086 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS CAM 2021 SP03 (HKLM\...\{EFF51C01-6447-44F1-B1C6-567BA8E08A3C}) (Version: 29.30.0059 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2020 SP03 (HKLM\...\{85C65312-5967-431C-817F-6A5DF2B5FCAB}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Composer 2021 SP03 (HKLM\...\{670D74D1-A07B-4C70-8E11-18FC4B0BAF7E}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS eDrawings 2020 SP03 (HKLM\...\{B21DE16A-42B5-46A8-A905-59579C7E70C4}) (Version: 28.30.0025 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2021 SP03 (HKLM\...\{C7289F2C-60FD-4FBB-A862-18DB7AC0D2C1}) (Version: 29.30.0026 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2021 SP03 (HKLM\...\{C8E61D1C-BE08-4220-9009-053BD2AF1F73}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS Flow Simulation 2020 SP03  (HKLM\...\{5C774D0E-6ED5-41E6-BF46-5E97C5D3EBF2}) (Version: 28.30.0087 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2021 SP03  (HKLM\...\{BC6FEA11-71C2-4D72-A909-2A94B1179DA3}) (Version: 29.30.0060 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2020 SP03 (HKLM\...\{DB735F3C-98A6-4F88-B7FC-F2609F18150E}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Plastics 2021 SP03 (HKLM\...\{CE4CA359-906F-4F01-AF89-EB0F83B122F5}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS Visualize 2020 SP03 (HKLM\...\{9963E472-2AFC-46A4-B128-D9926F267B80}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Visualize 2021 SP03 (HKLM\...\{C493AED2-A596-43E9-9F47-446B35978A42}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.3.6024.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.13565 - Microsoft Corporation)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.41-1 - Wacom Technology Corp.)
WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{546D15D7-D6AF-422B-B4E5-05AF20BA8573}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{17194DA0-755B-4BAA-A8C9-EC5549F7D596}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{6422f3d1-f66a-42ab-9726-67fca9d3964b}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{5679da19-0d54-46e0-bb97-0510f136fef6}) (Version: 7.0.2417.4248 - Lavasoft)
WebAdvisor von McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.802 - McAfee, LLC)
WhatsApp (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\WhatsApp) (Version: 2.2304.7 - WhatsApp)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66233218-CA57-4AB2-BA43-A97AA4635960}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{FC071B45-4A5F-408F-92F8-4D9D693E866F}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/06/2021 4.8.0.0) (HKLM\...\A24A5DD571B1BD4FED5E3558FDDBD8579A5EE14C) (Version: 01/06/2021 4.8.0.0 - Google, Inc.)
Windows-Treiberpaket - HS Incorporated (massfilter_hs) USB  (10/20/2010 2.0.0.8) (HKLM\...\80E97631DA49E8B2E4C5B606C9597BC75EE612F5) (Version: 10/20/2010 2.0.0.8 - HS Incorporated)
Windows-Treiberpaket - HTC, Corporation (HTCAND64) USB  (07/30/2015 2.0.0007.00030) (HKLM\...\C45A70BDABC1DAE5CCD49C4E701E67757AB039E6) (Version: 07/30/2015 2.0.0007.00030 - HTC, Corporation)
Windows-Treiberpaket - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (usbbus) USB  (02/17/2016 5.3.0.0) (HKLM\...\6188905E45DED139E292A4F6A3CA637A65162F4D) (Version: 02/17/2016 5.3.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics, Inc. (AndnetBus) USB  (01/06/2021 4.8.0.0) (HKLM\...\4F72F5ED592B4C4B69E07DA9895BAE687A32F8AA) (Version: 01/06/2021 4.8.0.0 - LG Electronics, Inc.)
Windows-Treiberpaket - Motorola (motccgp) USB  (03/01/2013 3.4.0.0) (HKLM\...\73BEF56236CE0FD380A1692BBA70B9C6B533518B) (Version: 03/01/2013 3.4.0.0 - Motorola)
Windows-Treiberpaket - PANTECH Co., Ltd.  (PSKTBUS) USB  (06/20/2012 4.0.21.0) (HKLM\...\31F11A15A3058696191A3708600383CAA429752E) (Version: 06/20/2012 4.0.21.0 - PANTECH Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (06/10/2014 2.11.10.0) (HKLM\...\7C7D77F30DA293C8D56A9D5FB8C3E70F4E17DA7F) (Version: 06/10/2014 2.11.10.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SHARP (shu0bus) USB  (08/11/2011 5.28.4.0) (HKLM\...\8A1FC0FFE8E99DF8171E25D8C5AFF587290A67EF) (Version: 08/11/2011 5.28.4.0 - SHARP)
Wondershare Filmora9(Build 9.5.1) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Zoom (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSpeakerSystem_3.20602.609.0_x64__rz1tebttyb220 [2020-08-12] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-01-14] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0 [2020-08-17] (Spotify AB) [Startup Task]
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.4.0_x86__xpfg3f7e9an52 [2020-08-17] (New Work SE)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{04271989-C4D2-45E0-850A-8F3B68BDA890} -> [OneDrive - Berufskolleg Opladen] => C:\Users\paula\OneDrive - Berufskolleg Opladen [2021-08-29 12:00]
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{04271989-C4D2-9B3B-C51F-53A6054170F7} -> [Berufskolleg Opladen] => C:\Users\paula\Berufskolleg Opladen [2021-08-29 12:45]
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\paula\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\paula\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\User\Desktop\facebook.lnk -> C:\Users\User\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com

==================== Loaded Modules (Whitelisted) =============

2020-08-17 20:17 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-08-17 20:17 - 2017-09-12 09:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2023-01-08 20:53 - 2023-01-08 20:53 - 101966336 _____ () [File not signed] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2252.7.0_x64__cv1g1gvanyjgm\WhatsApp.dll
2023-01-08 20:53 - 2023-01-08 20:53 - 008573952 _____ () [File not signed] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2252.7.0_x64__cv1g1gvanyjgm\WhatsAppNative.dll
2021-08-24 17:38 - 2021-08-24 17:38 - 001704960 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-05-08 20:57 - 2020-05-08 20:57 - 000205312 _____ (Dassault Systèmes SolidWorks Corporation) [File not signed] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swccu.dll
2020-05-08 18:53 - 2020-05-08 18:53 - 000210432 _____ (Dassault Systèmes SolidWorks Corporation) [File not signed] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\SWLoginClientCLR.dll
2020-05-08 18:52 - 2020-05-08 18:52 - 000019968 _____ (Dassault Systèmes SolidWorks Corporation) [File not signed] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\win7helperbaseu.dll
2020-08-17 18:05 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-08-12 14:57 - 2020-08-12 14:57 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-08-12 14:57 - 2020-08-12 14:57 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2020-08-17 20:17 - 2017-09-12 09:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-24] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-08-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-24] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-08-18] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2023-01-10] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\sharepoint.com -> hxxps://bkopladen-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2023-02-04 16:19 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\paula\Pictures\Camera Roll\a8964664-854d-40de-ab47-34cfc10ceb0a.jpg
DNS Servers: 192.168.179.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD1BC0C8-91C3-4021-86D5-174D19736838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{64AFD36B-BA53-4A47-B9DD-90FD5AF23AD1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F6D890D0-550A-4D60-AC75-09E5D86DB23C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8EBD307C-E4D1-42C1-B05F-F0F97EEE9943}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{ED767DE2-7891-44D2-8AD5-918F01A12332}] => (Allow) LPort=8029
FirewallRules: [{213D925F-F2ED-4170-AE12-979251518EBB}] => (Allow) LPort=8028
FirewallRules: [{185F632A-3543-4160-99ED-38856D11F21D}] => (Allow) LPort=8028
FirewallRules: [{D1CF6247-F015-41F9-8253-80D9C188E671}] => (Allow) LPort=8029
FirewallRules: [{0534F0CA-27B8-400C-8C7D-1AF73286773E}] => (Allow) LPort=8029
FirewallRules: [{38B1BCB5-39F5-4DB3-AB7E-D918965439D0}] => (Allow) LPort=8028
FirewallRules: [{AD090B38-7758-4B1E-9AAE-E5D34AFD1080}] => (Allow) LPort=8028
FirewallRules: [{267A457B-F647-4B09-87D7-80F31EC7F1B6}] => (Allow) LPort=8029
FirewallRules: [{C7F719AF-45D4-4CAE-AC70-1B1C9EDE50F0}] => (Allow) LPort=8028
FirewallRules: [{5FE44928-696D-4C8A-A400-22EE06B642C0}] => (Allow) LPort=8029
FirewallRules: [{32C58891-618A-4B4E-9813-C069FD392F49}] => (Allow) LPort=8029
FirewallRules: [{6992CB83-74BE-4EEF-B867-24A893B16FA0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C4A27734-864F-4C8F-8545-00FC40E02A6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{CF1D2948-713E-4277-A179-6DE40873CE01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{23AFB29A-F57F-438A-89BD-358717A44ED9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{87079EB2-E7B3-46F6-90A1-D5582DE48481}] => (Allow) LPort=8029
FirewallRules: [{3FFB9A0A-6BD1-4200-A73B-016AE654B1C5}] => (Allow) LPort=8028
FirewallRules: [{78890D42-9377-491E-9EB8-9C53A0C55221}] => (Allow) LPort=8028
FirewallRules: [{BC8FB9DA-75E2-42C8-B8F4-8C58CC38705C}] => (Allow) LPort=8029
FirewallRules: [{896330A1-6B17-4AE1-B223-A05F5AB77483}] => (Allow) LPort=8028
FirewallRules: [{77077CD5-2B54-4222-9234-5B032718010C}] => (Allow) LPort=8029
FirewallRules: [{E653B26F-9F03-4B0B-8F8A-0D38FF713561}] => (Allow) LPort=8028
FirewallRules: [{478C76F3-154C-4D17-BBFE-127082523252}] => (Allow) LPort=8029
FirewallRules: [{9373CDB6-F060-4FBB-BCFF-18B91FE85320}] => (Allow) LPort=8028
FirewallRules: [{D40F29E1-1728-4189-8BBA-E00B416C57B8}] => (Allow) LPort=8029
FirewallRules: [{2B2892EE-44DA-4702-99C8-11AE53179CFB}] => (Allow) LPort=8029
FirewallRules: [{99BA49AE-632B-4305-9164-CA284399D8F7}] => (Allow) LPort=8028
FirewallRules: [{5A91EFA5-B227-41A8-8979-7EDB29A06CC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3C0B1813-C0C3-4322-A895-D686D155FEA1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{144205B8-1750-4D41-95E6-37DD76C00FA7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{33EA2062-7AF2-4788-8F58-64C7329049EF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{0EA1214E-A948-4870-A386-6AB48A4F5EF3}] => (Allow) LPort=8029
FirewallRules: [{94F40235-129A-4F22-8E2C-9626DBF6CCCA}] => (Allow) LPort=8028
FirewallRules: [{F43BD7BA-DF3A-48F2-A650-3A7B00F6472D}] => (Allow) LPort=8028
FirewallRules: [{75ACDF4F-7709-4541-B85F-0EB05E9144F6}] => (Allow) LPort=8029
FirewallRules: [{1D2EED2F-2EFA-4789-9243-84A6AE6BA24E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{133F1289-BE2D-4D7C-9D5F-18E2490A2034}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{57A05E3C-FA01-4A77-A583-D52F0F89B7C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8CB8B1F9-8901-45E1-9D97-460E9403D692}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{0FD95F41-26FC-44FD-BD77-10525388C7C0}] => (Allow) LPort=8029
FirewallRules: [{779BADD4-0C9E-4B4B-AFD1-38FA81A73F8B}] => (Allow) LPort=8028
FirewallRules: [{E6768030-818B-4631-8B40-1B0F09FE865D}] => (Allow) LPort=8028
FirewallRules: [{4D0C3460-B98A-40F5-98BE-F55ABFA24450}] => (Allow) LPort=8029
FirewallRules: [{5E5709B9-AEF6-4CD9-B7B3-284586D218E0}] => (Allow) LPort=8028
FirewallRules: [{19DF264F-B89D-4754-AF73-B0DDB084BCE9}] => (Allow) LPort=8029
FirewallRules: [{1C5690B7-A685-4C41-957F-91AD6D49FECA}] => (Allow) LPort=8029
FirewallRules: [{713E4B34-2FA6-4707-843D-F9DE41720E9D}] => (Allow) LPort=8028
FirewallRules: [{6FE84046-CE40-4781-82E1-8500320C29BD}] => (Allow) LPort=8029
FirewallRules: [{C524E5B0-BC26-4783-8E52-256A6C3F89E8}] => (Allow) LPort=8028
FirewallRules: [{539BCFA3-D9BC-451D-86AD-44EAF1573337}] => (Allow) LPort=8028
FirewallRules: [{674341BD-1411-4486-B396-970765358165}] => (Allow) LPort=8029
FirewallRules: [{BA469BA1-8858-4275-B9CF-F803F3A5B3FE}] => (Allow) LPort=8028
FirewallRules: [{D126FEFE-5F86-4E2E-97A2-F27E0340798F}] => (Allow) LPort=8029
FirewallRules: [{3C97A1D4-5CB1-47ED-9EE4-34957984022C}] => (Allow) LPort=8028
FirewallRules: [{5EA7D479-43B8-4F80-B5D5-758EADDD5DAD}] => (Allow) LPort=8029
FirewallRules: [{7B033BD7-3B7F-4E3A-9254-2D994036BB19}] => (Allow) LPort=8028
FirewallRules: [{4562C2DC-47BA-41F4-9DCD-11625C91732F}] => (Allow) LPort=8029
FirewallRules: [{508D85C2-892A-4378-94A1-5DD84A745297}] => (Allow) LPort=8029
FirewallRules: [{B3B13FDA-6134-4E38-A769-80E7692E90B1}] => (Allow) LPort=8028
FirewallRules: [{F8C58831-78C6-46B9-A5DD-33380242C254}] => (Allow) LPort=8028
FirewallRules: [{828587BB-504C-47F4-99DA-D005404A34F9}] => (Allow) LPort=8029
FirewallRules: [{CDD25159-396E-457D-B576-6C0B3E789AC3}] => (Allow) LPort=8029
FirewallRules: [{EEA7CE45-2DAE-43AF-9077-59CBAFC0E1A5}] => (Allow) LPort=8028
FirewallRules: [{57EC6750-691F-4772-9F0C-FD3BE26A02F2}] => (Allow) LPort=8029
FirewallRules: [{2C8F8E58-1514-42CB-88B0-368E920EFE3D}] => (Allow) LPort=8028
FirewallRules: [{682B566D-A1E5-4BC0-8DDB-3C14096EDEED}] => (Allow) LPort=8028
FirewallRules: [{E6A766A0-BBC2-4346-8EEA-7619560C8436}] => (Allow) LPort=8029
FirewallRules: [{04864A6F-485C-441A-97A8-D90F73ECF947}] => (Allow) LPort=8029
FirewallRules: [{FA9D3F46-70A6-440A-AF57-0C840B6F534E}] => (Allow) LPort=8028
FirewallRules: [{332DF50F-6649-4B9A-AC0F-35452CE24D96}] => (Allow) LPort=8029
FirewallRules: [{C76F7CC7-44F1-4FC2-A73F-8BCC2E33C56E}] => (Allow) LPort=8028
FirewallRules: [{A6DE493C-B244-43C5-9DB2-34FF718B732A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3426B30C-9FFB-41C9-9CCA-BD94114DB376}] => (Allow) LPort=8028
FirewallRules: [{AC768BEF-9E5C-4027-A115-3517EA9C6C9E}] => (Allow) LPort=8029
FirewallRules: [{8D396862-19C4-48F2-B720-89BDD2A28B18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D938054D-D794-41CE-998F-3E51C975D62C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{142B110D-F9FF-409A-A844-595CB212D950}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6D59D116-4388-4C7F-8CAD-1A15BAF4DA89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{793F5AE0-D2E0-4A4F-8567-8C0E6D9675B1}] => (Allow) LPort=8029
FirewallRules: [{04DAFDB2-AA16-4E72-AAE7-4B8352C6F4B0}] => (Allow) LPort=8028
FirewallRules: [{4DFD0EFE-C1E0-47AC-9A84-D0C667B82E37}] => (Allow) LPort=8028
FirewallRules: [{231CE089-CE04-4376-B2E0-5BE61755FA4F}] => (Allow) LPort=8029
FirewallRules: [{BDA887BA-BF36-461B-9ABB-C27EF1835FB6}] => (Allow) LPort=8028
FirewallRules: [{8F0FC990-234B-4E4C-86B0-932B03D4E7BD}] => (Allow) LPort=8029
FirewallRules: [{56CA56BB-C4F9-48F6-8C91-FD2EC854DCA8}] => (Allow) LPort=8029
FirewallRules: [{F64FF321-D4E7-4784-A677-7FFC218320B5}] => (Allow) LPort=8028
FirewallRules: [{1B116F75-132E-425B-841A-BC1FB29218AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{43B5CD09-087D-4707-85BE-F565EEFA8F96}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{1EB88B63-9799-4BD1-B9D5-0FBF2EBF481A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{23E0C755-41DE-4994-B212-BFC6C8218817}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{52516F50-0635-4B6F-8E8E-BCD27A5574C7}] => (Allow) LPort=8029
FirewallRules: [{FCBBCCB5-F4D5-4C2A-8355-3D39258ED5CB}] => (Allow) LPort=8028
FirewallRules: [{4BA591FA-15B3-4509-A28D-ECD6EB98C83C}] => (Allow) LPort=8029
FirewallRules: [{491E83B3-9616-42C0-B14A-AD9C53305EA6}] => (Allow) LPort=8028
FirewallRules: [{6283DE8B-CA84-43E4-AD1D-5CA0BA9EA8CC}] => (Allow) LPort=8029
FirewallRules: [UDP Query User{94DADEBE-5F45-4EC8-99E9-592DCCBE4AFF}C:\users\paula\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\paula\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{A21F04E7-96B0-40BB-BDFF-30DE23D969FD}C:\users\paula\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\paula\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{75220D26-C1D5-4C27-98DE-A1A2525AE91F}] => (Allow) LPort=8029
FirewallRules: [{1689A9C3-7701-4E8E-A86E-FFD169D086C0}] => (Allow) LPort=8028
FirewallRules: [{0B2191D9-13E2-40A9-9D9C-DC5C80FD10A2}] => (Allow) LPort=8029
FirewallRules: [{CDD95E45-18D9-4720-9439-64079D3953C5}] => (Allow) LPort=8028
FirewallRules: [{7329CACE-5776-449F-AAFC-4BC91A628BCA}] => (Allow) LPort=8029
FirewallRules: [{CBC3B772-E136-45A5-984D-DA997338E79D}] => (Allow) LPort=8028
FirewallRules: [{A84D2FAF-70A9-4B71-A80D-A67A2BCEBF24}] => (Allow) LPort=8029
FirewallRules: [{D69743FC-6B13-4968-B55D-F43A6D385D84}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{EABF3089-FEEE-47D1-9D6C-8BC134527A00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{355D7BDE-38CC-4BD1-8FDF-48C588A4A67D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3032F570-FEFE-4156-A3B8-BDBAA32D5C6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{670AFC02-503B-472C-B4DC-3F5697F555C9}] => (Allow) LPort=8028
FirewallRules: [{C2826694-18BC-46BD-9B01-0B1F445EAA85}] => (Allow) LPort=8028
FirewallRules: [{DC22C111-BD99-446E-91F1-7FFFFDD5A974}] => (Allow) LPort=8028
FirewallRules: [{C1C91D73-23E7-40E0-923D-A24076AB7D76}] => (Allow) LPort=8028
FirewallRules: [{52E456CB-7F46-4AAB-B82D-8762504246EB}] => (Allow) LPort=8028
FirewallRules: [{826E024D-F4D9-4DF8-8F30-46A5316091B6}] => (Allow) LPort=8028
FirewallRules: [{EA75AA0D-AC44-4B03-B638-42E6ADF10CBB}] => (Allow) LPort=8028
FirewallRules: [{A9C63FBB-47A4-4234-9FF1-076686AC158A}] => (Allow) LPort=8028
FirewallRules: [{73D38897-F5BB-42CF-9B28-FD5BEFE3F7D3}] => (Allow) LPort=8028
FirewallRules: [{C84CCC1F-C821-4D43-BBF9-1F0D1F017A1C}] => (Allow) LPort=8028
FirewallRules: [{8854A686-E5F8-4F43-A75C-E0550188F950}] => (Allow) LPort=8028
FirewallRules: [{F1B2366B-BECA-4043-93B8-FD0484BB0BB2}] => (Allow) LPort=8028
FirewallRules: [{342B2D56-DB1E-4191-A63D-130737AB54C1}] => (Allow) LPort=8028
FirewallRules: [{3A672249-9464-476C-911E-70F974F3B36C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B158A431-A046-4A49-B0BD-FB28CA4EA9FC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B534465-564C-4528-8030-EF662D615D76}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DD5CF970-22C5-4576-8EC7-A36A135B7537}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F203363D-D837-4FEA-8404-45D75FF62A13}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1642767B-46B3-4F28-BC22-D9D502AEA508}] => (Allow) LPort=8028
FirewallRules: [UDP Query User{54958A3F-FA8A-41B2-B7E3-2FD40C9DC876}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8F70A2AB-6003-4033-8D08-FF7F21206665}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{524F941A-7B2E-4BE7-8F99-E8E97C100465}] => (Allow) LPort=1900
FirewallRules: [{7BECDAE4-816A-4809-8BA9-FA975D323A2C}] => (Allow) LPort=2869
FirewallRules: [{53610D1C-2B76-45FF-ADAF-AF2642F80B3D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1E0FD9A-631F-4C29-831D-CED476342744}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56D4CBC8-7CC3-443E-BCC4-362F41788715}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65778158-76AA-4BD9-B9AC-443003138367}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{17468B6B-16AB-4FC5-B405-3297023E0054}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6408FC02-6D4B-456C-8065-0565D490DE4B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A9D0D59-BD02-453D-97D7-39AC63F3B40B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D7578CF-F5D8-44D7-82F4-403768239F0D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BF9B836E-4188-4546-A28E-23FB5C6B6984}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F53A1B56-850A-4BF5-AE17-2346E95866DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FBAECCB-D554-4F76-9423-6EE6142067C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{98F55B1A-7715-433C-829D-94DFE7C073E7}C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe] => (Block) C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{28C9112A-D577-4A2E-AD14-C9FAF09256E9}C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe] => (Block) C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [{F2B199C5-DE59-4163-BF2D-806C14BC6B48}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{A082F06A-733A-4B44-93C7-347A6A580CA6}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{1FF4B7D0-F584-4EF4-A6A1-C5C866105BEC}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{9BB70B16-2C37-47BD-837C-6625D6ECA060}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{2E52DBEF-EE12-4BB8-A15C-DC2DD57E0295}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{91B66A60-1ADB-42B0-AB9D-6FB9115C29DE}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{0FE54DE3-A74A-474B-9A81-4C8F45FE1D20}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{039EFECD-05FD-4514-923B-9ABC063E9142}] => (Allow) LPort=8028
FirewallRules: [{C3DD4A07-C387-4C7C-B97F-80FCB4FFBFD9}] => (Allow) LPort=8028
FirewallRules: [{14E96F8F-CBCC-498A-93DF-6EBA1DC01651}] => (Allow) LPort=8028
FirewallRules: [{65016AF4-770C-4F5E-A4E2-7B4A140C29D8}] => (Allow) LPort=8028
FirewallRules: [{84C34DD9-0662-4AB7-9FB6-B47293F20204}] => (Allow) LPort=8028
FirewallRules: [{BD3FBC0E-7395-4BB8-A40C-560AF9C7F8B7}] => (Allow) LPort=8028
FirewallRules: [{A28339F2-B44C-40ED-ADFE-B389EB2DE175}] => (Allow) LPort=8028
FirewallRules: [{573BA75D-28C5-4CC1-8CFE-347AC81A9B7D}] => (Allow) LPort=8028
FirewallRules: [{BE11A616-578A-47CD-9849-1DA9CC997CF7}] => (Allow) LPort=8028
FirewallRules: [{4893EFF6-A346-4873-AF47-5CB03D72F082}] => (Allow) LPort=8028
FirewallRules: [{2461FF8E-7358-47A5-9DCD-0E3DEE05AC00}] => (Allow) LPort=8028
FirewallRules: [{7A4CC3CB-CE62-4EF2-BBCA-2C41EF228B71}] => (Allow) LPort=8028
FirewallRules: [{B0D369BD-3342-4851-974A-66E7176C340D}] => (Allow) LPort=8028
FirewallRules: [{AAE6FC1F-44AC-4669-A3A4-9026B8737D26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{42FBD029-F8CA-45A2-AE74-1B053C04E95D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9ED08D70-5A0A-4355-904C-45675214A0AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9B6FEF10-8AF7-4E27-987A-590D40985645}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [TCP Query User{42BDC57F-9138-4853-94CE-CED7E3F93D44}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{21FD1B2E-3651-407F-B88C-44828E1F3E31}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [{38429A01-60C5-4247-94C2-3230DEA0AFBB}] => (Allow) LPort=8028
FirewallRules: [{E1A5704D-976A-46EC-B477-63C8E6EAD14C}] => (Allow) LPort=8028
FirewallRules: [{A22549F3-D7F8-4802-BC2A-0FDFB46AE6F5}] => (Allow) LPort=8028
FirewallRules: [{895867F6-F12E-4138-AA6C-85A9658931A7}] => (Allow) LPort=8028
FirewallRules: [{26DF2890-2328-4E8E-8579-0CEF74CFDAB7}] => (Allow) LPort=8028
FirewallRules: [{632E99A8-3AC7-47A1-ABFE-425CDD113668}] => (Allow) LPort=8028
FirewallRules: [{1D17DD2C-E29B-4256-860C-ABFA173D635D}] => (Allow) LPort=8028
FirewallRules: [{4E388E4C-9B5C-41D9-B8B9-9D1C732D274D}] => (Allow) LPort=8028
FirewallRules: [{D6EC2E7D-2285-4C7D-84B3-74B604630218}] => (Allow) LPort=8028
FirewallRules: [{E3BAAF39-5480-4AE0-99E4-0EDB34908818}] => (Allow) LPort=8029
FirewallRules: [{7C6897F0-B60F-4442-B290-00F00B2C64EF}] => (Allow) LPort=8028
FirewallRules: [{BCEE1F26-401B-40CE-949A-BA8788B613D7}] => (Allow) LPort=8029
FirewallRules: [{35D49B48-788D-4010-8039-B54DB6B65B39}] => (Allow) LPort=8028
FirewallRules: [{5A752116-D25F-4F56-824C-F3759E596C17}] => (Allow) LPort=8029
FirewallRules: [{BCF42D1D-DAA8-409B-B3D7-5E1232F62228}] => (Allow) LPort=8028
FirewallRules: [{E998642D-CF74-4F67-A9D7-4236B7133034}] => (Allow) LPort=8029
FirewallRules: [{388560F6-C31D-41BB-AD26-C11C9A7A89D5}] => (Allow) LPort=8029
FirewallRules: [{91584BFB-A6EB-457A-A6E7-1023B6061844}] => (Allow) LPort=8028
FirewallRules: [{69E296DC-89A9-41BD-93DB-D12E19C4BF06}] => (Allow) LPort=8028
FirewallRules: [{5E69D41E-7F51-4574-AAB5-EEFD6C85D9BC}] => (Allow) LPort=8029
FirewallRules: [{38EEF388-56E8-4E50-A79A-6738D2D02941}] => (Allow) LPort=8028
FirewallRules: [{699C3A47-02DB-4B21-9661-068BB6ECF5F6}] => (Allow) LPort=8029
FirewallRules: [{6231B5EB-FD21-44BD-A368-0BEFBFFDFE1E}] => (Allow) LPort=8028
FirewallRules: [{840D8F0A-6335-4B10-8E4C-C190E27F5668}] => (Allow) LPort=8029
FirewallRules: [{25B61B85-2B63-464A-A3EB-47392F27602E}] => (Allow) LPort=8028
FirewallRules: [{A892AF11-3488-4803-9A3D-AEA167393C6C}] => (Allow) LPort=8029
FirewallRules: [{CE53AE1D-4A0E-4161-AFA6-3A61993B1544}] => (Allow) LPort=8028
FirewallRules: [{AD677376-51FC-4AB6-B15B-2F0F01E001ED}] => (Allow) LPort=8029
FirewallRules: [{C79CD10F-92D1-4085-823E-DA49E0CCD6F4}] => (Allow) LPort=8029
FirewallRules: [{AEC95247-9FDF-4FD2-8257-0A87B5906D7F}] => (Allow) LPort=8028
FirewallRules: [{4B58AE6D-DEC6-4DD0-B33D-903CAA282B3A}] => (Allow) LPort=8029
FirewallRules: [{F24737DB-8B65-427C-9594-DC2C05FD3819}] => (Allow) LPort=8028
FirewallRules: [{FE8F73D8-B3CE-497E-8E94-7581DD273416}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{986BD2F6-8AA0-4B58-92B8-D4EA60E73D24}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C0FA445-403F-421C-BD9F-0A6DB424C3AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9F78297C-55A8-4224-B593-A4CA942EB6F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21165843-16C0-41B5-8688-50DC4A419B57}] => (Allow) LPort=8029
FirewallRules: [{651DC043-47C6-457D-A102-0A95611AB8AD}] => (Allow) LPort=8028
FirewallRules: [{F0A65FF9-F3EC-42B0-AAF2-613D2C5D81FD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F142352D-A696-42DF-96C4-14C195C0227E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F44D2325-565A-4DE5-BBA7-F86324BE0055}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{51590CAC-DAC4-4221-AAE9-30C5AEAE52FE}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{23A670FE-C59B-4FEA-A669-6ACC1552C043}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E3FEFA1B-7A48-4697-9ED1-2BF773705E1B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EAA24A79-CEDB-4E37-9AA8-982598D97B0E}] => (Allow) LPort=8028
FirewallRules: [{61899AD4-FEE6-4E85-8D08-E3A01D48ED9D}] => (Allow) LPort=8029

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:475.69 GB) (Free:229.03 GB) (48%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/03/2023 12:19:34 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (02/03/2023 12:19:34 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/01/2023 08:53:29 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (02/01/2023 08:53:29 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/30/2023 08:01:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-TOVUM2BS.local already in use; will try LAPTOP-TOVUM2BS-2.local instead

Error: (01/30/2023 08:01:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 LAPTOP-TOVUM2BS.local. Addr 192.168.179.5

Error: (01/30/2023 08:01:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.179.5:5353   16 LAPTOP-TOVUM2BS.local. AAAA 2A01:0C23:717E:1701:389E:82B8:0B88:AA78

Error: (01/30/2023 08:01:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 LAPTOP-TOVUM2BS.local. AAAA FE80:0000:0000:0000:CBFF:2288:8A49:C38C


System errors:
=============
Error: (02/04/2023 04:25:29 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "FAA2BAE84AEB", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die 
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung 
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar 
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.

Error: (02/04/2023 04:25:29 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "FAA2BAE84AEB", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die 
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung 
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar 
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.

Error: (02/04/2023 04:25:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bfs" wurde aufgrund folgenden Fehlers nicht gestartet: 
Zugriff verweigert

Error: (02/04/2023 04:25:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎02.‎2023 um 13:43:52 unerwartet heruntergefahren.

Error: (02/04/2023 04:23:11 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{209500FC-6B45-4693-8871-6296C4843751}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/04/2023 04:19:18 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-TOVUM2BS)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/30/2023 08:54:25 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-TOVUM2BS)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/30/2023 07:55:01 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-TOVUM2BS)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===============
Date: 2023-02-04 16:55:14
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2023-02-04 16:54:16
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO DMCN32WW 07/14/2020
Motherboard: LENOVO ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Processor: AMD Ryzen 7 4700U with Radeon Graphics 
Percentage of memory in use: 42%
Total physical RAM: 15725.3 MB
Available physical RAM: 9097.3 MB
Total Virtual: 16749.3 MB
Available Virtual: 7056.09 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:229.03 GB) (Model: WDC PC SN730 SDBPNTY-512G-1101) NTFS

\\?\Volume{daea3309-93bd-442e-b19d-32d69c29a808}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.4 GB) NTFS
\\?\Volume{505278d4-8887-4d1c-a4b4-3c0d40af36d0}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3DEA6EA5)

Partition: GPT.

==================== End of Addition.txt =======================
         
--- --- ---
__________________


Alt 04.02.2023, 18:15   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Zitat:
und entsprechende Prozesse sind in der Registry gelistet.
Das mal bitte erklären. Wo sollen Prozesse in der Registry bitte gelistet werden?

Zitat:
Als Virensoftware wird McAfee Total Protection eingesetzt
Wieso installierst du so einen Unsinn?
Microsoft hat bereits seit Windows 8, also vor über 10 Jahren, einen Virenscanner in Windows fest eingebaut.

Zitat:
SOLIDWORKS 2020
SOLIDWORKS 2021
Ist das ein gewerblich genutztes System? Derartige Software ist nicht gerade billig und für reines Privatvergnügen ziemlich übertrieben.
__________________
__________________

Geändert von cosinus (04.02.2023 um 18:45 Uhr)

Alt 05.02.2023, 08:13   #4
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Antworten zu den Fragen



Hallo Cosinus

Zitat:
Zitat von cosinus Beitrag anzeigen
Das mal bitte erklären. Wo sollen Prozesse in der Registry bitte gelistet werden?
Entschuldigung, ich meine nicht in der Registry sondern im Taskamanager unter Benutzer

Zitat:
Zitat von cosinus Beitrag anzeigen
Wieso installierst du so einen Unsinn?
Microsoft hat bereits seit Windows 8, also vor über 10 Jahren, einen Virenscanner in Windows fest eingebaut.
Da ich immer gehört habe, dass ein aktueller Virenscanner wichtig sei und McAfee als Probe-Abo vorinstalliert war, habe ich den genommen.


Zitat:
Zitat von cosinus Beitrag anzeigen
Ist das ein gewerblich genutztes System? Derartige Software ist nicht gerade billig und für reines Privatvergnügen ziemlich übertrieben.

Das ist kein gewerblich genutztes System, die Software wird in Zusammenhang mit der Schulausbildung (Technisches Kolleg) genutzt.

Alt 05.02.2023, 18:35   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Störende, veraltete oder unnötige Programme deinstallieren

Bitte über Programme und Features (appwiz.cpl) deinstallieren:
  • 7-Zip 19.00 (x64)
  • Adobe Acrobat (64-bit) (PDF-Dateien lassen sich wunderbar mit Mozilla Firefox oder SumatraPDF anzeigen)
  • Adobe Refresh Manager
  • CCleaner
  • Google Chrome (durch Mozilla Firefox ersetzen)
  • IrfanView 4.54 (64-bit)
  • Java 8 Update 301
  • McAfee® Total Protection
  • Opera Stable 78.0.4093.147
  • Opera Stable 94.0.4606.76
  • Web Companion
  • WebAdvisor von McAfee

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.02.2023, 19:08   #6
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Hallo Cosinus
habe die Progamme aus der Liste deinstalliert.
Allerdings konnte ich
  • Adore Refresh Manager und
  • Opera Stable 78.0.4093.147
in der Liste der installierten Apps nicht finden und somit nicht darüber deinstallieren.
Gruß
Hans-Jürgen

Alt 05.02.2023, 19:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.02.2023, 20:51   #8
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Die Meldung lautet 15 gefundene und 9 reparierte Probleme
hier die Log Dateien C000

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-05-2023
# Duration: 00:00:01
# OS:       Windows 11 (Build 22621.1105)
# Cleaned:  9
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2979 octets] - [05/02/2023 20:36:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
         
und S000

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-05-2023
# Duration: 00:00:11
# OS:       Windows 11 (Build 22621.1105)
# Scanned:  32104
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\User\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\paula\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
         
Hier die Files von dem zweiten Scan

C001
Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-05-2023
# Duration: 00:00:11
# OS:       Windows 11 (Build 22621.1105)
# Scanned:  32104
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\User\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\paula\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
         
und S001

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-05-2023
# Duration: 00:00:07
# OS:       Windows 11 (Build 22621.1105)
# Scanned:  32104
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\User\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\paula\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 


AdwCleaner[S00].txt - [2979 octets] - [05/02/2023 20:36:58]
AdwCleaner[C00].txt - [2456 octets] - [05/02/2023 20:39:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
         

Alt 05.02.2023, 21:34   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Dann jetzt neue FRST-Logs. (FRST.txt und Addition.txt)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.02.2023, 21:50   #10
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Hier FRST


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2023
durchgeführt von paula (ACHTUNG: der Benutzer ist kein Administrator) auf LAPTOP-TOVUM2BS (LENOVO 82A2) (05-02-2023 21:41:22)
Gestartet von C:\Users\paula\Downloads\Papa
Geladene Profile: paula
Plattform: Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe <6>
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\sldworks_fs.exe
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(IdeaNotebookAddin).exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(SmartInteractAddin).exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(sihost.exe ->) (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
konnte nicht auf den Prozess zugreifen -> AggregatorHost.exe
konnte nicht auf den Prozess zugreifen -> AppleMobileDeviceService.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> dasHost.exe
konnte nicht auf den Prozess zugreifen -> dasHost.exe
konnte nicht auf den Prozess zugreifen -> dwm.exe
konnte nicht auf den Prozess zugreifen -> fontdrvhost.exe
konnte nicht auf den Prozess zugreifen -> fontdrvhost.exe
konnte nicht auf den Prozess zugreifen -> LenovoVantage-(VantageCoreAddin).exe
konnte nicht auf den Prozess zugreifen -> LenovoVantageService.exe
konnte nicht auf den Prozess zugreifen -> Locator.exe
konnte nicht auf den Prozess zugreifen -> lsass.exe
konnte nicht auf den Prozess zugreifen -> MacriumService.exe
konnte nicht auf den Prozess zugreifen -> MoUsoCoreWorker.exe
konnte nicht auf den Prozess zugreifen -> MsMpEng.exe
konnte nicht auf den Prozess zugreifen -> NisSrv.exe
konnte nicht auf den Prozess zugreifen -> OfficeClickToRun.exe
konnte nicht auf den Prozess zugreifen -> RtkAudUService64.exe
konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe
konnte nicht auf den Prozess zugreifen -> SecurityHealthService.exe
konnte nicht auf den Prozess zugreifen -> services.exe
konnte nicht auf den Prozess zugreifen -> SgrmBroker.exe
konnte nicht auf den Prozess zugreifen -> smss.exe
konnte nicht auf den Prozess zugreifen -> spoolsv.exe
konnte nicht auf den Prozess zugreifen -> sqlbrowser.exe
konnte nicht auf den Prozess zugreifen -> sqlservr.exe
konnte nicht auf den Prozess zugreifen -> sqlwriter.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> wininit.exe
konnte nicht auf den Prozess zugreifen -> winlogon.exe
konnte nicht auf den Prozess zugreifen -> WmiApSrv.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084192 2020-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [357944 2022-02-08] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3216784 2022-09-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9923856 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM-x32\...\RunOnce: [ccleaner_update_helper] => C:\Program Files\CCleaner\ccleaner_update_helper.exe [710992 2023-01-30] (PIRIFORM SOFTWARE LIMITED -> Piriform)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\paula\AppData\Local\Microsoft\Teams\Update.exe [2587416 2023-01-09] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [MicrosoftEdgeAutoLaunch_F77C53ECB7B48E59FF4F92F15CDCE50B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\MountPoints2: {e74f27b5-09cd-11ec-aabe-f8a2d6e80c66} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2023-02-05]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Keine Datei)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2020 Fast Start.lnk [2021-08-23]
ShortcutTarget: SOLIDWORKS 2020 Fast Start.lnk -> C:\Windows\Installer\{3F4681F3-B30B-4531-ADB2-3661B531F926}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2021 Fast Start.lnk [2022-03-22]
ShortcutTarget: SOLIDWORKS 2021 Fast Start.lnk -> C:\Windows\Installer\{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [Datei ist nicht signiert]
Startup: C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-12-28]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\SOLIDWORKS Electrical Archiver.job => 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{2c73278c-8bfc-40c2-b9c5-851cd9df4d71}: [DhcpNameServer] 192.168.179.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\paula\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-05]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF DefaultProfile: qg5hrhob.default
FF ProfilePath: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\qg5hrhob.default [2021-02-03]
FF ProfilePath: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\px9awhdl.default-release [2023-02-05]
FF Notifications: Mozilla\Firefox\Profiles\px9awhdl.default-release -> hxxps://www.pinterest.de
FF HomepageOverride: Mozilla\Firefox\Profiles\px9awhdl.default-release -> Disabled: _jaMembersttab03_@www.testonlinespeed.com
FF NewTabOverride: Mozilla\Firefox\Profiles\px9awhdl.default-release -> Disabled: _jaMembersttab03_@www.testonlinespeed.com
FF Extension: (MyWay Search By TestOnlineSpeed) - C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\px9awhdl.default-release\Extensions\_jaMembersttab03_@www.testonlinespeed.com.xpi [2020-12-13] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=232815466&version=9.107.19.17966&track=TTAB03&trackRevision=1&fromId=_jaMembersttab03_%40www.testonlinespeed.com&isBridgeExtension=false]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [Datei ist nicht signiert]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\x86\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [Datei ist nicht signiert]
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> \\devsilo1\builds\sw2021_sp03\sw\Release\x64\d210326.009.BGS.final\composer\Bin\npcomposerplayerwebplugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js [2021-08-18] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files\mozilla firefox\zlonrrylmi4.cfg [2021-08-18] <==== ACHTUNG

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default [2022-12-07]
CHR Notifications: Default -> hxxps://app.houseparty.com
CHR Extension: (Houseparty) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpcknggdnfoghhojnkpldmfnnjiobdp [2020-12-13]
CHR Extension: (Avira Password Manager) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-10-23]
CHR Extension: (Avira Safe Shopping) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-10-23]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-10-23]
CHR Extension: (Avira Browserschutz) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2022-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-14]
CHR HKLM\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

Opera: 
=======
OPR Profile: C:\Users\paula\AppData\Roaming\Opera Software\Opera Stable [2023-02-05]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\paula\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-09-10]
OPR Extension: (Opera Crypto Wallet) - C:\Users\paula\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-09-10]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\paula\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-09-10]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2022-02-25] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
S3 CoordinatorServiceHost; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe [79520 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)
S2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe [2283600 2021-04-27] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [185288 2021-03-27] (Dassault Systemes SolidWorks Corp. -> )
S2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [364928 2020-06-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S3 impi_hydra; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\hydra_service.exe [924472 2021-03-27] (Intel(R) Software Development Products -> Intel Corporation)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
S2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1808728 2020-05-27] (Lenovo -> Lenovo(beijing) Limited)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [11072008 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [366520 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
S3 NlaSvc; C:\WINDOWS\System32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [98624 2020-07-22] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-07-22] (ProtonVPN AG -> )
S2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe [252936 2021-03-27] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SmartSense; C:\WINDOWS\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe [155848 2020-08-30] (Lenovo -> Lenovo Group Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2021-08-23] (SolidWorks) [Datei ist nicht signiert]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [607160 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
S2 SWVisualize2020.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [30208 2020-05-08] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
S2 SWVisualize2021.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize (2)\SWVisualize.Queue.Server.exe [30368 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2023-02-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2023-02-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137552 2022-12-15] (Microsoft Windows -> Microsoft Corporation)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_b2ecd28976c27717\amdacpafd.sys [348056 2021-08-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41536 2021-07-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\amdkmdag.sys [80540576 2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181072 2019-07-22] (GENESYS LOGIC, INC. -> Genesys Logic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
U3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S4 RsFx0321; C:\WINDOWS\System32\DRIVERS\RsFx0321.sys [258720 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_23312dee5c4e1993\rtu53cx22x64.sys [1008864 2022-10-05] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2022-10-16] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [127512 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
R3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [28680 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2023-02-05] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473376 2023-02-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2023-02-05] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-15] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-02-05 20:36 - 2023-02-05 20:39 - 000000000 ____D C:\AdwCleaner
2023-02-05 20:35 - 2023-02-05 20:35 - 008791352 _____ (Malwarebytes) C:\Users\paula\Downloads\adwcleaner.exe
2023-02-05 20:10 - 2023-02-05 20:10 - 000000000 ____D C:\Program Files\Samsung
2023-02-05 20:08 - 2023-02-05 20:08 - 004951360 _____ (Samsung Electronics Co., Ltd) C:\Users\paula\Downloads\Samsung_NVM_Express_Driver_3.3.exe
2023-02-05 19:07 - 2023-02-05 19:07 - 000722202 _____ C:\WINDOWS\system32\perfh007.dat
2023-02-05 19:07 - 2023-02-05 19:07 - 000149258 _____ C:\WINDOWS\system32\perfc007.dat
2023-02-05 18:57 - 2023-02-05 19:00 - 000000000 ____D C:\ProgramData\McInstTemp0066001675619843
2023-02-04 17:09 - 2023-02-05 21:41 - 000000000 ____D C:\FRST
2023-02-04 17:08 - 2023-02-04 17:11 - 000000000 ____D C:\Users\paula\Downloads\Papa
2023-02-03 12:29 - 2023-02-03 12:29 - 000000000 ____D C:\Users\paula\Documents\Benutzerdefinierte Office-Vorlagen
2023-02-01 21:34 - 2023-02-04 16:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-26 15:45 - 2023-01-26 16:13 - 000000000 ___RD C:\Users\paula\Documents\Wichtiges
2023-01-24 14:05 - 2023-01-24 14:05 - 001049564 _____ C:\Users\paula\Downloads\Was ist Rechtsterrorismus.pdf
2023-01-14 20:08 - 2023-01-14 20:08 - 000000000 ___HD C:\$WinREAgent
2023-01-07 13:21 - 2023-01-08 20:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-02-05 21:41 - 2022-11-21 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-05 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-05 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-05 21:41 - 2021-08-29 12:45 - 000000000 ___RD C:\Users\paula\Berufskolleg Opladen
2023-02-05 21:41 - 2021-08-29 12:00 - 000000000 ___RD C:\Users\paula\OneDrive - Berufskolleg Opladen
2023-02-05 20:52 - 2020-08-17 18:08 - 000000000 ____D C:\Users\paula\AppData\LocalLow\Mozilla
2023-02-05 20:50 - 2022-02-14 20:04 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-05 20:48 - 2022-11-21 22:48 - 000000000 ____D C:\WINDOWS\Lenovo
2023-02-05 20:48 - 2020-08-17 18:00 - 000000000 ____D C:\Users\paula\AppData\Local\Lenovo
2023-02-05 20:42 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\D3DSCache
2023-02-05 20:39 - 2021-08-29 11:46 - 000000000 ____D C:\Users\paula\AppData\Local\CrashDumps
2023-02-05 20:33 - 2020-09-07 13:46 - 000000000 ____D C:\Users\paula\AppData\Roaming\WTablet
2023-02-05 20:30 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-05 19:11 - 2019-10-17 05:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-05 19:10 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-02-05 19:07 - 2022-11-21 23:45 - 001809546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-05 19:07 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-05 19:03 - 2020-08-12 15:04 - 000000000 ____D C:\ProgramData\McAfee
2023-02-05 19:01 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-05 19:01 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\Packages
2023-02-05 19:01 - 2020-08-12 10:11 - 000000000 ____D C:\ProgramData\Packages
2023-02-05 19:00 - 2022-11-21 23:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-05 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-05 19:00 - 2021-01-15 19:19 - 000000000 ____D C:\Program Files\McAfee
2023-02-05 19:00 - 2020-11-10 18:16 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-05 18:58 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-05 18:58 - 2020-10-17 19:32 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-02-05 18:55 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-05 18:54 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files\CCleaner
2023-02-05 18:51 - 2022-07-18 16:09 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-02-04 16:25 - 2020-08-17 18:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-04 13:28 - 2020-08-12 14:57 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-04 13:26 - 2020-11-10 17:18 - 000002410 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-03 13:20 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Roaming\WhatsApp
2023-02-03 13:19 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Local\WhatsApp
2023-02-03 13:18 - 2020-08-17 18:35 - 000000000 ____D C:\Users\paula\AppData\Local\SquirrelTemp
2023-02-03 13:12 - 2020-08-17 18:05 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-01-30 11:19 - 2020-10-03 19:29 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-26 20:03 - 2021-08-29 13:54 - 000000000 ___RD C:\Users\paula\Documents\TAHR 12 & 13
2023-01-26 19:13 - 2021-08-29 13:52 - 000000000 ____D C:\Users\paula\Documents\Gemeinde
2023-01-26 16:14 - 2022-01-15 17:54 - 000000000 ____D C:\Users\paula\AppData\Roaming\KeePass
2023-01-26 16:12 - 2021-08-29 13:50 - 000000000 ____D C:\Users\paula\Documents\Bewerbungen
2023-01-26 16:09 - 2021-08-29 13:53 - 000000000 ___RD C:\Users\paula\Documents\TAHR 11
2023-01-15 17:02 - 2022-11-21 23:45 - 001755128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-14 20:43 - 2020-08-17 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-14 20:41 - 2020-08-17 22:19 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-01-14 20:11 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-14 20:09 - 2022-11-21 23:45 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-14 15:59 - 2021-09-14 13:50 - 000000000 ____D C:\Users\paula\AppData\Local\AMD_Common
2023-01-09 21:32 - 2022-11-21 23:00 - 000000000 ____D C:\Users\paula
2023-01-09 11:46 - 2022-02-08 12:00 - 000002413 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-01-09 11:46 - 2022-02-08 12:00 - 000002405 _____ C:\Users\paula\Desktop\Microsoft Teams (work or school).lnk
2023-01-07 13:25 - 2020-08-17 18:08 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2022-01-17 22:35 - 2022-01-17 22:35 - 018809915 _____ (Dr. J. Rathlev                                              ) C:\Users\paula\pb-setup-x64-6.2.1000.exe

==================== FLock ==============================

2020-08-17 22:26 C:\ae01826cc761478f2a7cf12cfbbb05
2022-12-08 15:59 C:\bootTel.dat
2021-08-30 20:54 C:\Config.Msi
2022-05-07 06:24 C:\PerfLogs
2023-02-05 19:00 C:\WINDOWS\system32\config
2022-05-07 06:42 C:\WINDOWS\system32\Configuration
2022-05-07 06:24 C:\WINDOWS\system32\DriverState
2022-11-21 22:50 C:\WINDOWS\system32\FxsTmp
2022-05-07 06:24 C:\WINDOWS\system32\ias
2022-11-21 23:45 C:\WINDOWS\system32\MsDtc
2022-05-07 06:24 C:\WINDOWS\system32\networklist
2021-08-23 17:31 C:\WINDOWS\system32\RsFx
2023-02-05 21:41 C:\WINDOWS\system32\SleepStudy
2023-02-05 21:41 C:\WINDOWS\system32\sru
2023-02-05 19:01 C:\WINDOWS\system32\Tasks
2022-11-21 23:45 C:\WINDOWS\system32\Tasks_Migrated
2022-12-17 22:10 C:\WINDOWS\system32\WDI
2023-02-05 19:01 C:\Program Files\WindowsApps
2022-11-21 23:49 C:\WINDOWS\diagerr.xml
2022-11-21 23:49 C:\WINDOWS\diagwrn.xml
2022-11-21 23:45 C:\WINDOWS\LiveKernelReports
2022-06-07 07:55 C:\WINDOWS\MEMORY.DMP
2022-12-08 19:57 C:\WINDOWS\Minidump
2022-05-07 06:24 C:\WINDOWS\ModemLogs
2023-02-05 20:48 C:\WINDOWS\Prefetch
2023-02-05 19:00 C:\WINDOWS\ServiceState
2023-02-05 21:41 C:\WINDOWS\SystemTemp
2023-02-05 21:41 C:\WINDOWS\Temp
2022-05-07 06:25 C:\WINDOWS\WUModels
2022-05-07 06:42 C:\WINDOWS\SysWOW64\config
2022-05-07 06:42 C:\WINDOWS\SysWOW64\Configuration
2022-11-21 22:50 C:\WINDOWS\SysWOW64\FxsTmp
2022-05-07 06:24 C:\WINDOWS\SysWOW64\Msdtc
2022-05-07 06:24 C:\WINDOWS\SysWOW64\NetworkList
2022-05-07 06:24 C:\WINDOWS\SysWOW64\sru
2022-05-07 06:42 C:\WINDOWS\SysWOW64\Tasks
2022-05-07 06:24 C:\WINDOWS\system32\Drivers\DriverData
2022-03-22 17:54 C:\WINDOWS\Tasks\SOLIDWORKS Electrical Archiver.job
2022-11-21 23:46 C:\Users\defaultuser100000
2023-01-26 16:24 C:\Users\User
2023-02-05 19:01 C:\ProgramData\Packages
2022-05-07 11:39 C:\ProgramData\WindowsHolographicDevices

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)



ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator -> Der Speicher fr die Startkonfigurationsdaten konnte nicht ge”ffnet werden.
Zugriff verweigert

==================== Ende von FRST.txt ========================
         
--- --- ---


und Addition.txt
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-02-2023
durchgeführt von paula (05-02-2023 21:45:10)
Gestartet von C:\Users\paula\Downloads\Papa
Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) (2022-11-21 22:49:44)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-2775161839-3573256424-1513776773-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2775161839-3573256424-1513776773-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2775161839-3573256424-1513776773-1000 - Limited - Disabled)
Gast (S-1-5-21-2775161839-3573256424-1513776773-501 - Limited - Disabled)
paula (S-1-5-21-2775161839-3573256424-1513776773-1002 - Limited - Enabled) => C:\Users\paula
User (S-1-5-21-2775161839-3573256424-1513776773-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2775161839-3573256424-1513776773-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

3DEXPERIENCE Marketplace for SOLIDWORKS (HKLM\...\{0060450C-5B44-424B-BD42-559F2A5D820A}) (Version: 6.29.641 - Dassault Systemes SolidWorks Corp)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.118 - Advanced Micro Devices, Inc.) Hidden
AMD MicroPEP Driver (HKLM-x32\...\{C36029EB-19FF-4462-A283-03B41BE9EFA4}) (Version: 1.0.29.0 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.17.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.9 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD SFH Driver (HKLM-x32\...\{A52D862F-3082-46E6-B1A2-7473F111FA1F}) (Version: 1.0.0.316 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.8.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{491043b2-acc5-4890-a5f2-1f5e3cc4427a}) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{82C2A7D9-6BFC-4BED-9EF9-C49780F02C3E}) (Version: 15.5.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Backuptrans Android WhatsApp to iPhone Transfer (x64) 3.2.175 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Backuptrans Android WhatsApp to iPhone Transfer (x64)) (Version: 3.2.175 - Backuptrans)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeCAD 0.18.4 (Installiert für den aktuellen Benutzer) (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\FreeCAD0184) (Version: 0.18.4 - FreeCAD Team)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.9.7 - Open source)
GDR 6164 für SQL Server*2014 (KB4583463) (64-bit) (HKLM\...\KB4583463) (Version: 12.3.6164.21 - Microsoft Corporation)
GDR 6169 für SQL Server*2014 (KB5014165) (64-bit) (HKLM\...\KB5014165) (Version: 12.3.6169.19 - Microsoft Corporation)
iMyFone iTransor for WhatsApp 4.6.2.3 (HKLM-x32\...\{BFC593FB-4E14-452E-94C2-75F382A89294}_is1) (Version: 4.6.2.3 - Shenzhen iMyFone Technology Co., Ltd.)
iTunes (HKLM\...\{B71B64F9-B245-4E4B-802E-DB6AB834EA13}) (Version: 12.12.3.5 - Apple Inc.)
KeePass Password Safe 2.52 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.52 - Dominik Reichl)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
Macrium Reflect Free (HKLM\...\{5664B4BB-6EA2-4981-A1C1-D08B5A088867}) (Version: 8.0.6979 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free (HKLM\...\MacriumReflect) (Version: v8.0.6979 - Paramount Software (UK) Ltd.)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{E22449E8-E716-41AA-B449-E7CF16F5EAF1}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\OneDriveSetup.exe) (Version: 23.020.0125.0002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 RsFx Driver (HKLM\...\{C11487CA-E3B7-4D8E-9D6F-5C3DC6C81200}) (Version: 12.3.6169.19 - Microsoft Corporation) Hidden
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{5F0DFD0B-0027-4E9A-AA13-4CEA6A9C020D}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{F40FD7AB-C262-4655-8A5C-74781F2BEC06}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Teams) (Version: 1.5.00.33362 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{07C0BFE1-3291-409C-B96A-797340719C8F}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{826216B1-0F04-409B-A33E-C6A004AA1097}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (HKLM\...\{3577C582-28BF-47CF-A134-0F4E2C3A6148}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 (HKLM-x32\...\{DD6BC8D7-4582-4677-BAAC-4AB933E6C315}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 (HKLM-x32\...\{7B77DE7F-5219-435E-9CE1-FC77F1D4CCAD}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913 (HKLM\...\{620A7633-7A09-42A8-8580-076A4483C4B0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913 (HKLM\...\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Finalizer (HKLM-x32\...\{F93E37BD-4053-37CA-A7BB-A5B74508006C}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x64 Hosting Support (HKLM\...\{A8C30947-7C1B-3A31-8FD8-CEC6D3357D34}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x86 Hosting Support (HKLM-x32\...\{11A9EF3E-6616-31B1-82BC-1080366FA34D}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.3.6024.0 - Microsoft Corporation)
Movavi Video Editor Plus 2020 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Movavi Video Editor Plus 2020) (Version: 20.4.0 - Movavi)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 109.0.1 (x64 de)) (Version: 109.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.1.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.6.1 (x86 de)) (Version: 102.6.1 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Personal Backup 6.2.16.0 (64-bit) (HKLM\...\Personal Backup 6_is1) (Version: 6.2.16.0 - Dr. J. Rathlev)
Photo Common (HKLM-x32\...\{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ProtonVPN (HKLM-x32\...\{2E5B3FB1-FDCC-4BC8-AA99-E0EE5343CAF8}) (Version: 1.16.3 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.3) (Version: 1.16.3 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
PyCharm 2020.2.2 (HKLM-x32\...\PyCharm 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)
PyCharm Community Edition 2020.2.2 (HKLM-x32\...\PyCharm Community Edition 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)
RyzenMasterSDK (HKLM\...\{17BE94CF-FF53-4C12-81F5-E10EB6844849}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit) (HKLM\...\KB4022619) (Version: 12.3.6024.0 - Microsoft Corporation)
Smart View (HKLM-x32\...\{C7B50A89-F1D6-41C1-9375-0AF0C4CFE66F}) (Version: 1.0.0.0 - Samsung )
SOLIDWORKS 2020 German Resources (HKLM\...\{B7698A2D-ACFD-4DAE-B9A1-41F67EB9F770}) (Version: 28.130.0086 - Ihr Firmenname) Hidden
SOLIDWORKS 2020 graphics support (HKLM-x32\...\{1CB88B4C-EAEF-466E-A3FD-E612127EBAC4}) (Version: 1.0.1 - Dassault Systemes)
SOLIDWORKS 2020 SP03 (HKLM\...\{3F4681F3-B30B-4531-ADB2-3661B531F926}) (Version: 28.130.0086 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2020 SP03 (HKLM-x32\...\SolidWorks Installation Manager 20200-40300-1100-100) (Version: 28.3.0.86 - SolidWorks Corporation)
SOLIDWORKS 2021 German Resources (HKLM\...\{A8E011F9-AB58-4C9C-AB8C-7435C7E04FEB}) (Version: 29.130.0059 - Ihr Firmenname) Hidden
SOLIDWORKS 2021 SP03 (HKLM\...\{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}) (Version: 29.130.0059 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2021 SP03 (HKLM-x32\...\SolidWorks Installation Manager 20210-40300-1100-100) (Version: 29.3.0.59 - SolidWorks Corporation)
SOLIDWORKS CAM 2020 SP03 (HKLM\...\{4DFF26A7-85C6-4495-ADE0-54FDF9AB6F31}) (Version: 28.30.0086 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS CAM 2021 SP03 (HKLM\...\{EFF51C01-6447-44F1-B1C6-567BA8E08A3C}) (Version: 29.30.0059 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2020 SP03 (HKLM\...\{85C65312-5967-431C-817F-6A5DF2B5FCAB}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Composer 2021 SP03 (HKLM\...\{670D74D1-A07B-4C70-8E11-18FC4B0BAF7E}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS eDrawings 2020 SP03 (HKLM\...\{B21DE16A-42B5-46A8-A905-59579C7E70C4}) (Version: 28.30.0025 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2021 SP03 (HKLM\...\{C7289F2C-60FD-4FBB-A862-18DB7AC0D2C1}) (Version: 29.30.0026 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2021 SP03 (HKLM\...\{C8E61D1C-BE08-4220-9009-053BD2AF1F73}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS Flow Simulation 2020 SP03  (HKLM\...\{5C774D0E-6ED5-41E6-BF46-5E97C5D3EBF2}) (Version: 28.30.0087 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2021 SP03  (HKLM\...\{BC6FEA11-71C2-4D72-A909-2A94B1179DA3}) (Version: 29.30.0060 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2020 SP03 (HKLM\...\{DB735F3C-98A6-4F88-B7FC-F2609F18150E}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Plastics 2021 SP03 (HKLM\...\{CE4CA359-906F-4F01-AF89-EB0F83B122F5}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS Visualize 2020 SP03 (HKLM\...\{9963E472-2AFC-46A4-B128-D9926F267B80}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Visualize 2021 SP03 (HKLM\...\{C493AED2-A596-43E9-9F47-446B35978A42}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.3.6024.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.13565 - Microsoft Corporation)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.41-1 - Wacom Technology Corp.)
WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{546D15D7-D6AF-422B-B4E5-05AF20BA8573}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{17194DA0-755B-4BAA-A8C9-EC5549F7D596}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{6422f3d1-f66a-42ab-9726-67fca9d3964b}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.)
WhatsApp (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\WhatsApp) (Version: 2.2304.7 - WhatsApp)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66233218-CA57-4AB2-BA43-A97AA4635960}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{FC071B45-4A5F-408F-92F8-4D9D693E866F}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/06/2021 4.8.0.0) (HKLM\...\A24A5DD571B1BD4FED5E3558FDDBD8579A5EE14C) (Version: 01/06/2021 4.8.0.0 - Google, Inc.)
Windows-Treiberpaket - HS Incorporated (massfilter_hs) USB  (10/20/2010 2.0.0.8) (HKLM\...\80E97631DA49E8B2E4C5B606C9597BC75EE612F5) (Version: 10/20/2010 2.0.0.8 - HS Incorporated)
Windows-Treiberpaket - HTC, Corporation (HTCAND64) USB  (07/30/2015 2.0.0007.00030) (HKLM\...\C45A70BDABC1DAE5CCD49C4E701E67757AB039E6) (Version: 07/30/2015 2.0.0007.00030 - HTC, Corporation)
Windows-Treiberpaket - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (usbbus) USB  (02/17/2016 5.3.0.0) (HKLM\...\6188905E45DED139E292A4F6A3CA637A65162F4D) (Version: 02/17/2016 5.3.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics, Inc. (AndnetBus) USB  (01/06/2021 4.8.0.0) (HKLM\...\4F72F5ED592B4C4B69E07DA9895BAE687A32F8AA) (Version: 01/06/2021 4.8.0.0 - LG Electronics, Inc.)
Windows-Treiberpaket - Motorola (motccgp) USB  (03/01/2013 3.4.0.0) (HKLM\...\73BEF56236CE0FD380A1692BBA70B9C6B533518B) (Version: 03/01/2013 3.4.0.0 - Motorola)
Windows-Treiberpaket - PANTECH Co., Ltd.  (PSKTBUS) USB  (06/20/2012 4.0.21.0) (HKLM\...\31F11A15A3058696191A3708600383CAA429752E) (Version: 06/20/2012 4.0.21.0 - PANTECH Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (06/10/2014 2.11.10.0) (HKLM\...\7C7D77F30DA293C8D56A9D5FB8C3E70F4E17DA7F) (Version: 06/10/2014 2.11.10.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SHARP (shu0bus) USB  (08/11/2011 5.28.4.0) (HKLM\...\8A1FC0FFE8E99DF8171E25D8C5AFF587290A67EF) (Version: 08/11/2011 5.28.4.0 - SHARP)
Wondershare Filmora9(Build 9.5.1) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Zoom (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.10044.0_x64__0a9344xs7nr4m [0000-00-00] (Advanced Micro Devices Inc.) [Startup Task]
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.13.0_neutral__yxz26nhyzhsrt [0000-00-00] (Microsoft Corp.)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.1.5965.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)
Glance by Mirametrix -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_9.26.3905.0_x64__17mer8kcn3j54 [0000-00-00] (Mirametrix Inc.) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_141.2.441.0_x64__v10z8vjag6ke6 [0000-00-00] (HP Inc.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4 [0000-00-00] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [0000-00-00] (LENOVO INC.)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corp.)
Movie Maker - Video Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.6.10.0_x64__bzg06mxvgh4fa [0000-00-00] (V3TApps)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32791.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-11-27] (Microsoft Corporation)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.121.0_x64__pwbj9vvecjh7j [0000-00-00] (Amazon Development Centre (London) Ltd)
Python 3.8 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0 [0000-00-00] (Python Software Foundation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Studios) [MS Ad]
Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.13.9.0_x64__7pb5ddty8z1pa [0000-00-00] (Trello, Inc.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2252.7.0_x64__cv1g1gvanyjgm [0000-00-00] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-15] (Microsoft Windows)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{04271989-C4D2-45E0-850A-8F3B68BDA890} -> [OneDrive - Berufskolleg Opladen] => C:\Users\paula\OneDrive - Berufskolleg Opladen [2021-08-29 12:00]
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{04271989-C4D2-9B3B-C51F-53A6054170F7} -> [Berufskolleg Opladen] => C:\Users\paula\Berufskolleg Opladen [2021-08-29 12:45]
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\paula\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\paula\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Keine Datei
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2020-08-17 20:17 - 2016-07-21 09:54 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-08-17 20:17 - 2017-09-12 09:34 - 001506304 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ () [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 003567616 _____ () [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2023-01-08 20:53 - 2023-01-08 20:53 - 101966336 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2252.7.0_x64__cv1g1gvanyjgm\WhatsApp.dll
2023-01-08 20:53 - 2023-01-08 20:53 - 008573952 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2252.7.0_x64__cv1g1gvanyjgm\WhatsAppNative.dll
2021-08-24 17:38 - 2021-08-24 17:38 - 001704960 _____ (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-05-08 20:57 - 2020-05-08 20:57 - 000205312 _____ (Dassault Systèmes SolidWorks Corporation) [Datei ist nicht signiert] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swccu.dll
2020-05-08 18:53 - 2020-05-08 18:53 - 000210432 _____ (Dassault Systèmes SolidWorks Corporation) [Datei ist nicht signiert] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\SWLoginClientCLR.dll
2020-05-08 18:52 - 2020-05-08 18:52 - 000019968 _____ (Dassault Systèmes SolidWorks Corporation) [Datei ist nicht signiert] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\win7helperbaseu.dll
2020-08-12 14:57 - 2020-08-12 14:57 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-08-12 14:57 - 2020-08-12 14:57 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001189888 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 006184448 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 006867456 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000735232 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001104896 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000325120 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 003668480 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000517120 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 004228608 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000480256 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000205824 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000127488 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000390656 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 095598080 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 005587968 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000462848 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000188928 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 002878464 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-08-17 20:17 - 2017-09-12 09:36 - 000708608 _____ (Wondershare) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\sharepoint.com -> hxxps://bkopladen-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-03-19 05:49 - 2023-02-04 16:19 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\paula\Pictures\Camera Roll\a8964664-854d-40de-ab47-34cfc10ceb0a.jpg
DNS Servers: 192.168.179.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{FD1BC0C8-91C3-4021-86D5-174D19736838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{64AFD36B-BA53-4A47-B9DD-90FD5AF23AD1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{F6D890D0-550A-4D60-AC75-09E5D86DB23C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{8EBD307C-E4D1-42C1-B05F-F0F97EEE9943}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{ED767DE2-7891-44D2-8AD5-918F01A12332}] => (Allow) LPort=8029
FirewallRules: [{213D925F-F2ED-4170-AE12-979251518EBB}] => (Allow) LPort=8028
FirewallRules: [{185F632A-3543-4160-99ED-38856D11F21D}] => (Allow) LPort=8028
FirewallRules: [{D1CF6247-F015-41F9-8253-80D9C188E671}] => (Allow) LPort=8029
FirewallRules: [{0534F0CA-27B8-400C-8C7D-1AF73286773E}] => (Allow) LPort=8029
FirewallRules: [{38B1BCB5-39F5-4DB3-AB7E-D918965439D0}] => (Allow) LPort=8028
FirewallRules: [{AD090B38-7758-4B1E-9AAE-E5D34AFD1080}] => (Allow) LPort=8028
FirewallRules: [{267A457B-F647-4B09-87D7-80F31EC7F1B6}] => (Allow) LPort=8029
FirewallRules: [{C7F719AF-45D4-4CAE-AC70-1B1C9EDE50F0}] => (Allow) LPort=8028
FirewallRules: [{5FE44928-696D-4C8A-A400-22EE06B642C0}] => (Allow) LPort=8029
FirewallRules: [{32C58891-618A-4B4E-9813-C069FD392F49}] => (Allow) LPort=8029
FirewallRules: [{6992CB83-74BE-4EEF-B867-24A893B16FA0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C4A27734-864F-4C8F-8545-00FC40E02A6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{CF1D2948-713E-4277-A179-6DE40873CE01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{23AFB29A-F57F-438A-89BD-358717A44ED9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{87079EB2-E7B3-46F6-90A1-D5582DE48481}] => (Allow) LPort=8029
FirewallRules: [{3FFB9A0A-6BD1-4200-A73B-016AE654B1C5}] => (Allow) LPort=8028
FirewallRules: [{78890D42-9377-491E-9EB8-9C53A0C55221}] => (Allow) LPort=8028
FirewallRules: [{BC8FB9DA-75E2-42C8-B8F4-8C58CC38705C}] => (Allow) LPort=8029
FirewallRules: [{896330A1-6B17-4AE1-B223-A05F5AB77483}] => (Allow) LPort=8028
FirewallRules: [{77077CD5-2B54-4222-9234-5B032718010C}] => (Allow) LPort=8029
FirewallRules: [{E653B26F-9F03-4B0B-8F8A-0D38FF713561}] => (Allow) LPort=8028
FirewallRules: [{478C76F3-154C-4D17-BBFE-127082523252}] => (Allow) LPort=8029
FirewallRules: [{9373CDB6-F060-4FBB-BCFF-18B91FE85320}] => (Allow) LPort=8028
FirewallRules: [{D40F29E1-1728-4189-8BBA-E00B416C57B8}] => (Allow) LPort=8029
FirewallRules: [{2B2892EE-44DA-4702-99C8-11AE53179CFB}] => (Allow) LPort=8029
FirewallRules: [{99BA49AE-632B-4305-9164-CA284399D8F7}] => (Allow) LPort=8028
FirewallRules: [{5A91EFA5-B227-41A8-8979-7EDB29A06CC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{3C0B1813-C0C3-4322-A895-D686D155FEA1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{144205B8-1750-4D41-95E6-37DD76C00FA7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{33EA2062-7AF2-4788-8F58-64C7329049EF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{0EA1214E-A948-4870-A386-6AB48A4F5EF3}] => (Allow) LPort=8029
FirewallRules: [{94F40235-129A-4F22-8E2C-9626DBF6CCCA}] => (Allow) LPort=8028
FirewallRules: [{F43BD7BA-DF3A-48F2-A650-3A7B00F6472D}] => (Allow) LPort=8028
FirewallRules: [{75ACDF4F-7709-4541-B85F-0EB05E9144F6}] => (Allow) LPort=8029
FirewallRules: [{1D2EED2F-2EFA-4789-9243-84A6AE6BA24E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{133F1289-BE2D-4D7C-9D5F-18E2490A2034}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{57A05E3C-FA01-4A77-A583-D52F0F89B7C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{8CB8B1F9-8901-45E1-9D97-460E9403D692}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{0FD95F41-26FC-44FD-BD77-10525388C7C0}] => (Allow) LPort=8029
FirewallRules: [{779BADD4-0C9E-4B4B-AFD1-38FA81A73F8B}] => (Allow) LPort=8028
FirewallRules: [{E6768030-818B-4631-8B40-1B0F09FE865D}] => (Allow) LPort=8028
FirewallRules: [{4D0C3460-B98A-40F5-98BE-F55ABFA24450}] => (Allow) LPort=8029
FirewallRules: [{5E5709B9-AEF6-4CD9-B7B3-284586D218E0}] => (Allow) LPort=8028
FirewallRules: [{19DF264F-B89D-4754-AF73-B0DDB084BCE9}] => (Allow) LPort=8029
FirewallRules: [{1C5690B7-A685-4C41-957F-91AD6D49FECA}] => (Allow) LPort=8029
FirewallRules: [{713E4B34-2FA6-4707-843D-F9DE41720E9D}] => (Allow) LPort=8028
FirewallRules: [{6FE84046-CE40-4781-82E1-8500320C29BD}] => (Allow) LPort=8029
FirewallRules: [{C524E5B0-BC26-4783-8E52-256A6C3F89E8}] => (Allow) LPort=8028
FirewallRules: [{539BCFA3-D9BC-451D-86AD-44EAF1573337}] => (Allow) LPort=8028
FirewallRules: [{674341BD-1411-4486-B396-970765358165}] => (Allow) LPort=8029
FirewallRules: [{BA469BA1-8858-4275-B9CF-F803F3A5B3FE}] => (Allow) LPort=8028
FirewallRules: [{D126FEFE-5F86-4E2E-97A2-F27E0340798F}] => (Allow) LPort=8029
FirewallRules: [{3C97A1D4-5CB1-47ED-9EE4-34957984022C}] => (Allow) LPort=8028
FirewallRules: [{5EA7D479-43B8-4F80-B5D5-758EADDD5DAD}] => (Allow) LPort=8029
FirewallRules: [{7B033BD7-3B7F-4E3A-9254-2D994036BB19}] => (Allow) LPort=8028
FirewallRules: [{4562C2DC-47BA-41F4-9DCD-11625C91732F}] => (Allow) LPort=8029
FirewallRules: [{508D85C2-892A-4378-94A1-5DD84A745297}] => (Allow) LPort=8029
FirewallRules: [{B3B13FDA-6134-4E38-A769-80E7692E90B1}] => (Allow) LPort=8028
FirewallRules: [{F8C58831-78C6-46B9-A5DD-33380242C254}] => (Allow) LPort=8028
FirewallRules: [{828587BB-504C-47F4-99DA-D005404A34F9}] => (Allow) LPort=8029
FirewallRules: [{CDD25159-396E-457D-B576-6C0B3E789AC3}] => (Allow) LPort=8029
FirewallRules: [{EEA7CE45-2DAE-43AF-9077-59CBAFC0E1A5}] => (Allow) LPort=8028
FirewallRules: [{57EC6750-691F-4772-9F0C-FD3BE26A02F2}] => (Allow) LPort=8029
FirewallRules: [{2C8F8E58-1514-42CB-88B0-368E920EFE3D}] => (Allow) LPort=8028
FirewallRules: [{682B566D-A1E5-4BC0-8DDB-3C14096EDEED}] => (Allow) LPort=8028
FirewallRules: [{E6A766A0-BBC2-4346-8EEA-7619560C8436}] => (Allow) LPort=8029
FirewallRules: [{04864A6F-485C-441A-97A8-D90F73ECF947}] => (Allow) LPort=8029
FirewallRules: [{FA9D3F46-70A6-440A-AF57-0C840B6F534E}] => (Allow) LPort=8028
FirewallRules: [{332DF50F-6649-4B9A-AC0F-35452CE24D96}] => (Allow) LPort=8029
FirewallRules: [{C76F7CC7-44F1-4FC2-A73F-8BCC2E33C56E}] => (Allow) LPort=8028
FirewallRules: [{A6DE493C-B244-43C5-9DB2-34FF718B732A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3426B30C-9FFB-41C9-9CCA-BD94114DB376}] => (Allow) LPort=8028
FirewallRules: [{AC768BEF-9E5C-4027-A115-3517EA9C6C9E}] => (Allow) LPort=8029
FirewallRules: [{8D396862-19C4-48F2-B720-89BDD2A28B18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D938054D-D794-41CE-998F-3E51C975D62C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{142B110D-F9FF-409A-A844-595CB212D950}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6D59D116-4388-4C7F-8CAD-1A15BAF4DA89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{793F5AE0-D2E0-4A4F-8567-8C0E6D9675B1}] => (Allow) LPort=8029
FirewallRules: [{04DAFDB2-AA16-4E72-AAE7-4B8352C6F4B0}] => (Allow) LPort=8028
FirewallRules: [{4DFD0EFE-C1E0-47AC-9A84-D0C667B82E37}] => (Allow) LPort=8028
FirewallRules: [{231CE089-CE04-4376-B2E0-5BE61755FA4F}] => (Allow) LPort=8029
FirewallRules: [{BDA887BA-BF36-461B-9ABB-C27EF1835FB6}] => (Allow) LPort=8028
FirewallRules: [{8F0FC990-234B-4E4C-86B0-932B03D4E7BD}] => (Allow) LPort=8029
FirewallRules: [{56CA56BB-C4F9-48F6-8C91-FD2EC854DCA8}] => (Allow) LPort=8029
FirewallRules: [{F64FF321-D4E7-4784-A677-7FFC218320B5}] => (Allow) LPort=8028
FirewallRules: [{1B116F75-132E-425B-841A-BC1FB29218AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{43B5CD09-087D-4707-85BE-F565EEFA8F96}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{1EB88B63-9799-4BD1-B9D5-0FBF2EBF481A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{23E0C755-41DE-4994-B212-BFC6C8218817}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{52516F50-0635-4B6F-8E8E-BCD27A5574C7}] => (Allow) LPort=8029
FirewallRules: [{FCBBCCB5-F4D5-4C2A-8355-3D39258ED5CB}] => (Allow) LPort=8028
FirewallRules: [{4BA591FA-15B3-4509-A28D-ECD6EB98C83C}] => (Allow) LPort=8029
FirewallRules: [{491E83B3-9616-42C0-B14A-AD9C53305EA6}] => (Allow) LPort=8028
FirewallRules: [{6283DE8B-CA84-43E4-AD1D-5CA0BA9EA8CC}] => (Allow) LPort=8029
FirewallRules: [UDP Query User{94DADEBE-5F45-4EC8-99E9-592DCCBE4AFF}C:\users\paula\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\paula\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{A21F04E7-96B0-40BB-BDFF-30DE23D969FD}C:\users\paula\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\paula\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{75220D26-C1D5-4C27-98DE-A1A2525AE91F}] => (Allow) LPort=8029
FirewallRules: [{1689A9C3-7701-4E8E-A86E-FFD169D086C0}] => (Allow) LPort=8028
FirewallRules: [{0B2191D9-13E2-40A9-9D9C-DC5C80FD10A2}] => (Allow) LPort=8029
FirewallRules: [{CDD95E45-18D9-4720-9439-64079D3953C5}] => (Allow) LPort=8028
FirewallRules: [{7329CACE-5776-449F-AAFC-4BC91A628BCA}] => (Allow) LPort=8029
FirewallRules: [{CBC3B772-E136-45A5-984D-DA997338E79D}] => (Allow) LPort=8028
FirewallRules: [{A84D2FAF-70A9-4B71-A80D-A67A2BCEBF24}] => (Allow) LPort=8029
FirewallRules: [{D69743FC-6B13-4968-B55D-F43A6D385D84}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{EABF3089-FEEE-47D1-9D6C-8BC134527A00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{355D7BDE-38CC-4BD1-8FDF-48C588A4A67D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{3032F570-FEFE-4156-A3B8-BDBAA32D5C6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{670AFC02-503B-472C-B4DC-3F5697F555C9}] => (Allow) LPort=8028
FirewallRules: [{C2826694-18BC-46BD-9B01-0B1F445EAA85}] => (Allow) LPort=8028
FirewallRules: [{DC22C111-BD99-446E-91F1-7FFFFDD5A974}] => (Allow) LPort=8028
FirewallRules: [{C1C91D73-23E7-40E0-923D-A24076AB7D76}] => (Allow) LPort=8028
FirewallRules: [{52E456CB-7F46-4AAB-B82D-8762504246EB}] => (Allow) LPort=8028
FirewallRules: [{826E024D-F4D9-4DF8-8F30-46A5316091B6}] => (Allow) LPort=8028
FirewallRules: [{EA75AA0D-AC44-4B03-B638-42E6ADF10CBB}] => (Allow) LPort=8028
FirewallRules: [{A9C63FBB-47A4-4234-9FF1-076686AC158A}] => (Allow) LPort=8028
FirewallRules: [{73D38897-F5BB-42CF-9B28-FD5BEFE3F7D3}] => (Allow) LPort=8028
FirewallRules: [{C84CCC1F-C821-4D43-BBF9-1F0D1F017A1C}] => (Allow) LPort=8028
FirewallRules: [{8854A686-E5F8-4F43-A75C-E0550188F950}] => (Allow) LPort=8028
FirewallRules: [{F1B2366B-BECA-4043-93B8-FD0484BB0BB2}] => (Allow) LPort=8028
FirewallRules: [{342B2D56-DB1E-4191-A63D-130737AB54C1}] => (Allow) LPort=8028
FirewallRules: [{3A672249-9464-476C-911E-70F974F3B36C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B158A431-A046-4A49-B0BD-FB28CA4EA9FC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B534465-564C-4528-8030-EF662D615D76}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DD5CF970-22C5-4576-8EC7-A36A135B7537}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F203363D-D837-4FEA-8404-45D75FF62A13}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1642767B-46B3-4F28-BC22-D9D502AEA508}] => (Allow) LPort=8028
FirewallRules: [UDP Query User{54958A3F-FA8A-41B2-B7E3-2FD40C9DC876}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8F70A2AB-6003-4033-8D08-FF7F21206665}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{524F941A-7B2E-4BE7-8F99-E8E97C100465}] => (Allow) LPort=1900
FirewallRules: [{7BECDAE4-816A-4809-8BA9-FA975D323A2C}] => (Allow) LPort=2869
FirewallRules: [{53610D1C-2B76-45FF-ADAF-AF2642F80B3D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1E0FD9A-631F-4C29-831D-CED476342744}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56D4CBC8-7CC3-443E-BCC4-362F41788715}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65778158-76AA-4BD9-B9AC-443003138367}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{17468B6B-16AB-4FC5-B405-3297023E0054}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6408FC02-6D4B-456C-8065-0565D490DE4B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A9D0D59-BD02-453D-97D7-39AC63F3B40B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D7578CF-F5D8-44D7-82F4-403768239F0D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BF9B836E-4188-4546-A28E-23FB5C6B6984}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F53A1B56-850A-4BF5-AE17-2346E95866DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FBAECCB-D554-4F76-9423-6EE6142067C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{98F55B1A-7715-433C-829D-94DFE7C073E7}C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe] => (Block) C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{28C9112A-D577-4A2E-AD14-C9FAF09256E9}C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe] => (Block) C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [{1FF4B7D0-F584-4EF4-A6A1-C5C866105BEC}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => Keine Datei
FirewallRules: [{9BB70B16-2C37-47BD-837C-6625D6ECA060}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{2E52DBEF-EE12-4BB8-A15C-DC2DD57E0295}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{91B66A60-1ADB-42B0-AB9D-6FB9115C29DE}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{0FE54DE3-A74A-474B-9A81-4C8F45FE1D20}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe => Keine Datei
FirewallRules: [{039EFECD-05FD-4514-923B-9ABC063E9142}] => (Allow) LPort=8028
FirewallRules: [{C3DD4A07-C387-4C7C-B97F-80FCB4FFBFD9}] => (Allow) LPort=8028
FirewallRules: [{14E96F8F-CBCC-498A-93DF-6EBA1DC01651}] => (Allow) LPort=8028
FirewallRules: [{65016AF4-770C-4F5E-A4E2-7B4A140C29D8}] => (Allow) LPort=8028
FirewallRules: [{84C34DD9-0662-4AB7-9FB6-B47293F20204}] => (Allow) LPort=8028
FirewallRules: [{BD3FBC0E-7395-4BB8-A40C-560AF9C7F8B7}] => (Allow) LPort=8028
FirewallRules: [{A28339F2-B44C-40ED-ADFE-B389EB2DE175}] => (Allow) LPort=8028
FirewallRules: [{573BA75D-28C5-4CC1-8CFE-347AC81A9B7D}] => (Allow) LPort=8028
FirewallRules: [{BE11A616-578A-47CD-9849-1DA9CC997CF7}] => (Allow) LPort=8028
FirewallRules: [{4893EFF6-A346-4873-AF47-5CB03D72F082}] => (Allow) LPort=8028
FirewallRules: [{2461FF8E-7358-47A5-9DCD-0E3DEE05AC00}] => (Allow) LPort=8028
FirewallRules: [{7A4CC3CB-CE62-4EF2-BBCA-2C41EF228B71}] => (Allow) LPort=8028
FirewallRules: [{B0D369BD-3342-4851-974A-66E7176C340D}] => (Allow) LPort=8028
FirewallRules: [{AAE6FC1F-44AC-4669-A3A4-9026B8737D26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{42FBD029-F8CA-45A2-AE74-1B053C04E95D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{9ED08D70-5A0A-4355-904C-45675214A0AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{9B6FEF10-8AF7-4E27-987A-590D40985645}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [TCP Query User{42BDC57F-9138-4853-94CE-CED7E3F93D44}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{21FD1B2E-3651-407F-B88C-44828E1F3E31}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Datei ist nicht signiert]
FirewallRules: [{38429A01-60C5-4247-94C2-3230DEA0AFBB}] => (Allow) LPort=8028
FirewallRules: [{E1A5704D-976A-46EC-B477-63C8E6EAD14C}] => (Allow) LPort=8028
FirewallRules: [{A22549F3-D7F8-4802-BC2A-0FDFB46AE6F5}] => (Allow) LPort=8028
FirewallRules: [{895867F6-F12E-4138-AA6C-85A9658931A7}] => (Allow) LPort=8028
FirewallRules: [{26DF2890-2328-4E8E-8579-0CEF74CFDAB7}] => (Allow) LPort=8028
FirewallRules: [{632E99A8-3AC7-47A1-ABFE-425CDD113668}] => (Allow) LPort=8028
FirewallRules: [{1D17DD2C-E29B-4256-860C-ABFA173D635D}] => (Allow) LPort=8028
FirewallRules: [{4E388E4C-9B5C-41D9-B8B9-9D1C732D274D}] => (Allow) LPort=8028
FirewallRules: [{D6EC2E7D-2285-4C7D-84B3-74B604630218}] => (Allow) LPort=8028
FirewallRules: [{E3BAAF39-5480-4AE0-99E4-0EDB34908818}] => (Allow) LPort=8029
FirewallRules: [{7C6897F0-B60F-4442-B290-00F00B2C64EF}] => (Allow) LPort=8028
FirewallRules: [{BCEE1F26-401B-40CE-949A-BA8788B613D7}] => (Allow) LPort=8029
FirewallRules: [{35D49B48-788D-4010-8039-B54DB6B65B39}] => (Allow) LPort=8028
FirewallRules: [{5A752116-D25F-4F56-824C-F3759E596C17}] => (Allow) LPort=8029
FirewallRules: [{BCF42D1D-DAA8-409B-B3D7-5E1232F62228}] => (Allow) LPort=8028
FirewallRules: [{E998642D-CF74-4F67-A9D7-4236B7133034}] => (Allow) LPort=8029
FirewallRules: [{388560F6-C31D-41BB-AD26-C11C9A7A89D5}] => (Allow) LPort=8029
FirewallRules: [{91584BFB-A6EB-457A-A6E7-1023B6061844}] => (Allow) LPort=8028
FirewallRules: [{69E296DC-89A9-41BD-93DB-D12E19C4BF06}] => (Allow) LPort=8028
FirewallRules: [{5E69D41E-7F51-4574-AAB5-EEFD6C85D9BC}] => (Allow) LPort=8029
FirewallRules: [{38EEF388-56E8-4E50-A79A-6738D2D02941}] => (Allow) LPort=8028
FirewallRules: [{699C3A47-02DB-4B21-9661-068BB6ECF5F6}] => (Allow) LPort=8029
FirewallRules: [{6231B5EB-FD21-44BD-A368-0BEFBFFDFE1E}] => (Allow) LPort=8028
FirewallRules: [{840D8F0A-6335-4B10-8E4C-C190E27F5668}] => (Allow) LPort=8029
FirewallRules: [{25B61B85-2B63-464A-A3EB-47392F27602E}] => (Allow) LPort=8028
FirewallRules: [{A892AF11-3488-4803-9A3D-AEA167393C6C}] => (Allow) LPort=8029
FirewallRules: [{CE53AE1D-4A0E-4161-AFA6-3A61993B1544}] => (Allow) LPort=8028
FirewallRules: [{AD677376-51FC-4AB6-B15B-2F0F01E001ED}] => (Allow) LPort=8029
FirewallRules: [{C79CD10F-92D1-4085-823E-DA49E0CCD6F4}] => (Allow) LPort=8029
FirewallRules: [{AEC95247-9FDF-4FD2-8257-0A87B5906D7F}] => (Allow) LPort=8028
FirewallRules: [{4B58AE6D-DEC6-4DD0-B33D-903CAA282B3A}] => (Allow) LPort=8029
FirewallRules: [{F24737DB-8B65-427C-9594-DC2C05FD3819}] => (Allow) LPort=8028
FirewallRules: [{FE8F73D8-B3CE-497E-8E94-7581DD273416}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{986BD2F6-8AA0-4B58-92B8-D4EA60E73D24}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C0FA445-403F-421C-BD9F-0A6DB424C3AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9F78297C-55A8-4224-B593-A4CA942EB6F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21165843-16C0-41B5-8688-50DC4A419B57}] => (Allow) LPort=8029
FirewallRules: [{651DC043-47C6-457D-A102-0A95611AB8AD}] => (Allow) LPort=8028
FirewallRules: [{F0A65FF9-F3EC-42B0-AAF2-613D2C5D81FD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F142352D-A696-42DF-96C4-14C195C0227E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{51590CAC-DAC4-4221-AAE9-30C5AEAE52FE}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{23A670FE-C59B-4FEA-A669-6ACC1552C043}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EAA24A79-CEDB-4E37-9AA8-982598D97B0E}] => (Allow) LPort=8028
FirewallRules: [{61899AD4-FEE6-4E85-8D08-E3A01D48ED9D}] => (Allow) LPort=8029
FirewallRules: [{CF6C8F5D-2E59-4EF8-A230-426F5DF9344D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6EADCF7-CC15-4E9E-A266-F989DF015ED5}] => (Allow) LPort=8029
FirewallRules: [{3CD0711F-54CA-4970-B9B2-DD89387ABA55}] => (Allow) LPort=8028

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:475.69 GB) (Free:236.94 GB) (50%)
Überprüfen Sie den "VSS" Dienst


==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (02/05/2023 08:39:41 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-TOVUM2BS)
Description: Name der fehlerhaften Anwendung: OpenWith.exe, Version: 10.0.22621.675, Zeitstempel: 0x6f466602
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x3c7c
Startzeit der fehlerhaften Anwendung: 0x0x1d93999975e42ca
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\OpenWith.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\ucrtbase.dll
Berichtskennung: df6604db-0544-4dc7-86aa-de9831440a89
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/05/2023 08:39:32 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-TOVUM2BS)
Description: Name der fehlerhaften Anwendung: OpenWith.exe, Version: 10.0.22621.675, Zeitstempel: 0x6f466602
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x1af4
Startzeit der fehlerhaften Anwendung: 0x0x1d93999920943db
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\OpenWith.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\ucrtbase.dll
Berichtskennung: 708887a7-2deb-4e79-9334-a8eba24d5ea7
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/05/2023 08:39:24 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-TOVUM2BS)
Description: Name der fehlerhaften Anwendung: OpenWith.exe, Version: 10.0.22621.675, Zeitstempel: 0x6f466602
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.900, Zeitstempel: 0xa97a9ed6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000008eadf
ID des fehlerhaften Prozesses: 0x0x48cc
Startzeit der fehlerhaften Anwendung: 0x0x1d939998d093be7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\OpenWith.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 6709b793-c193-4f26-99c6-293dbd3b3435
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/05/2023 07:01:55 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm dllhost.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (02/05/2023 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsort "F:\" nicht abgeschlossen. Fehler: Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006).

Error: (02/05/2023 06:51:37 PM) (Source: Firefox Default Browser Agent) (EventID: 1155) (User: )
Description: Event-ID 1155

Error: (02/03/2023 12:19:34 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (02/03/2023 12:19:34 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0


Systemfehler:
=============
Error: (02/05/2023 09:41:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "System Interface Foundation Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (02/05/2023 09:41:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "System Interface Foundation Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (02/05/2023 09:40:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "System Interface Foundation Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (02/05/2023 08:48:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/05/2023 08:48:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (02/05/2023 08:48:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/05/2023 08:48:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/05/2023 08:48:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Macrium Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===============
Date: 2023-02-05 18:52:40
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: LENOVO DMCN32WW 07/14/2020
Hauptplatine: LENOVO ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Prozessor: AMD Ryzen 7 4700U with Radeon Graphics 
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 15725.3 MB
Verfügbarer physikalischer RAM: 10349.05 MB
Summe virtueller Speicher: 16749.3 MB
Verfügbarer virtueller Speicher: 9234.91 MB

==================== Laufwerke ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:236.94 GB) (Model: WDC PC SN730 SDBPNTY-512G-1101) NTFS
Drive z: () (Network) (Total:0 GB) (Free:0 GB) (Model: WDC PC SN730 SDBPNTY-512G-1101) 

\\?\Volume{daea3309-93bd-442e-b19d-32d69c29a808}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.4 GB) NTFS
\\?\Volume{505278d4-8887-4d1c-a4b4-3c0d40af36d0}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partitionstabelle ====================

==================== Ende von Addition.txt =======================
         

Alt 06.02.2023, 19:24   #11
M-K-D-B
/// TB-Ausbilder
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost







Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen.





Ich übernehme ab hier für cosinus.



Zitat:
durchgeführt von paula (ACHTUNG: der Benutzer ist kein Administrator) auf LAPTOP-TOVUM2BS (LENOVO 82A2) (05-02-2023 21:41:22)
Wir benötigen ein Konto mit Adminrechten, sonst klappt das nicht.

Die nächsten beiden Schritte bitte wieder vom richtigen Konto mit Adminrechten starten.









Schritt 1
Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 2
  • Starte FRST erneut und klicke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei von MBAM
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Geändert von M-K-D-B (06.02.2023 um 19:29 Uhr)

Alt 06.02.2023, 21:09   #12
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Hallo Matthias,
Danke für Deine Unterstützung.
Der Download von FRST wurde von smartcreen immer abgelehnt, daher hat es etwas gedauert.
Hier die MBAM.txt
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 06.02.23
Scan-Zeit: 20:57
Protokolldatei: 8616c7d0-a658-11ed-8ab6-000000000000.json

-Softwaredaten-
Version: 4.5.21.231
Komponentenversion: 1.0.1890
Version des Aktualisierungspakets: 1.0.65378
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 11 (Build 22621.1105)
CPU: x64
Dateisystem: NTFS
Benutzer: LAPTOP-TOVUM2BS\User

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 404596
Erkannte Bedrohungen: 2
In die Quarantäne verschobene Bedrohungen: 2
Abgelaufene Zeit: 3 Min., 29 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 2
PUP.Optional.MindSpark.Generic, C:\USERS\PAULA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PX9AWHDL.DEFAULT-RELEASE\EXTENSIONS\_jaMembersttab03_@www.testonlinespeed.com.xpi, In Quarantäne, 1743, 782571, 1.0.65378, , ame, , E70D337B863B5ED8A912B8856EA09495, EC74D6D17017C38B26ED44D7F52A57F3F4C87622B35AEADDFAD30034951DC00A
PUP.Optional.ChipDe, C:\USERS\PAULA\DOWNLOADS\FREEPLANE - INSTALLER _FJEA.EXE, In Quarantäne, 585, 562568, 1.0.65378, , ame, , D9C1B5D20B6869F17928B9CE3E9F13A8, A4253F0353BE8BE6FF6DA8BB5CD285132498493A3D1750932BBC5CCD368490A0

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         
und FRST.TXT

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2023
durchgeführt von User (Administrator) auf LAPTOP-TOVUM2BS (LENOVO 82A2) (06-02-2023 21:03:13)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User & paula
Plattform: Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe <13>
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\sldworks_fs.exe
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Opera Norway AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(sihost.exe ->) (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(svchost.exe ->) (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084192 2020-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [357944 2022-02-08] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3216784 2022-09-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9923856 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3916232 2022-12-20] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Uninstall 20.134.0705.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\20.134.0705.0008\amd64" (Keine Datei)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Uninstall 20.134.0705.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\20.134.0705.0008" (Keine Datei)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\paula\AppData\Local\Microsoft\Teams\Update.exe [2587416 2023-01-09] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [MicrosoftEdgeAutoLaunch_F77C53ECB7B48E59FF4F92F15CDCE50B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\MountPoints2: {e74f27b5-09cd-11ec-aabe-f8a2d6e80c66} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2023-02-05]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Keine Datei)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2020 Fast Start.lnk [2021-08-23]
ShortcutTarget: SOLIDWORKS 2020 Fast Start.lnk -> C:\Windows\Installer\{3F4681F3-B30B-4531-ADB2-3661B531F926}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2021 Fast Start.lnk [2022-03-22]
ShortcutTarget: SOLIDWORKS 2021 Fast Start.lnk -> C:\Windows\Installer\{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [Datei ist nicht signiert]
Startup: C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-12-28]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03933E32-E682-4E55-A74B-9C44C9BE4E88} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {0537EDE7-55E0-4BC7-8B2C-98409E68FF61} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {05923319-A80B-4BE4-ACD7-32005B4BFB30} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {0652DF37-E549-45F3-AA26-19093AB2C6F6} - System32\Tasks\SOLIDWORKS Electrical Archiver => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe [275912 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)
Task: {06A91B9B-9780-4A93-A467-A9618F8CB78D} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {0F4EDE93-0408-4281-9305-60F7B9795690} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [661408 2023-02-01] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {193B012A-CE38-4800-8C29-C58DC1A1CF1A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {1DB6AB68-B9C9-4735-B9DA-5E523B547903} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {223993BB-5B5D-4D86-8118-7B1A515AAEEC} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {229AA8CC-B7CE-4DCF-8FA1-B68E1287BB4A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {23A71281-F51B-43D5-A157-3656A052672B} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Keine Datei)
Task: {28B20591-8D63-4D76-B0C9-D0BD1BF80001} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {295377EC-45F9-4584-9EA7-FBD4B824988B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D33D57F-E734-4F57-988B-07B1309A1B64} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {321F6758-1FA0-4ED2-8F1C-60AE4F561A00} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {32E96B56-C417-4AD2-BF06-772D8C7AA6AA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {371D4512-1086-43B2-B347-638020514BFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {3871551E-8055-4FBE-857C-62A004ED49AD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {3BE74C7C-737F-43F8-AD2C-2D907E0D175C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {468A3CD7-D8EB-4F80-9563-BE1A1FE128F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A031822-F4ED-4A4C-B5B4-0F1B454009CB} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {58949759-2280-47CD-AF35-AEAC31293DEF} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [63960 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {5AC2C119-CC36-44B4-B36B-2BCF88E3AA9D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Wsc Startup event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {659055C8-970E-4BE0-AFE0-DBD0B98900A0} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {6BD7A99C-13E7-46AD-94BF-5F8653B722E1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (Keine Datei)
Task: {787FFE05-3762-4308-9578-4108900C790D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [466944 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {7F598745-086E-4C77-B6D1-69750909CAAF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1003496 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7FDF1513-830B-4265-9A8D-9F1290D7E205} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Keine Datei <==== ACHTUNG
Task: {82BEE1B1-5140-4523-9D4C-1C9B8EFEF0E4} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Keine Datei <==== ACHTUNG
Task: {85201293-2A6F-45C4-A554-78EF8F3DC16C} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {88AD7BEE-D899-4565-92FF-1CF07A87C172} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [47104 2021-08-24] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {8B0FEADA-E5A7-41CA-A9B9-F67D17A46C77} - System32\Tasks\Opera scheduled assistant Autoupdate 1629315681 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [42724048 2021-09-13] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {971ACE7C-4A56-446F-9814-A5524C7383C8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Keine Datei)
Task: {A0061D87-A25F-41AB-A3A5-B6FDEAEFC7C3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Keine Datei <==== ACHTUNG
Task: {A34B6C59-0108-4BC1-81ED-9ADA4F223F3D} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {AAF59C3C-8DD6-4C9F-8836-7ED8D8DEB8EE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [269272 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {ACF81A8D-7561-4C5F-B30C-5A724CF0AC9B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4741dbea-e430-48fa-ad85-35bc69e4764d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {AE093EDC-AEF5-4FD2-A74F-D271BC291B7F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B2B73314-6D70-4B2C-8C37-7EE8EFD16E16} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {C55F7C42-E560-4B96-856A-235782D8EC5F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5a489720-870a-4a2a-ad6d-1f38322040f8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {C669CFDF-6F85-4EB3-BB52-A62F6C42290F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2e1afe22-60d6-4e23-860c-2aaa19978e01 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {C83ABACA-75A1-4A7C-8455-F95067B7A9F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
Task: {CCF7E1CE-A3F6-47D1-893D-26110A8B4870} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CED89B4F-4E02-46DC-A0DA-E6A5A9B39564} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {CF73B423-0B02-43FA-B1A3-381ED7698B6C} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {D3127099-22F3-47F8-AF40-B91E34045678} - System32\Tasks\Opera scheduled Autoupdate 1629315665 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [42724048 2021-09-13] (Opera Software AS -> Opera Software)
Task: {DA3BF6C0-9525-4EBB-B170-74D94F8490A8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {DA6EEDCD-5DDD-4389-87C9-22F0457C6DF5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
Task: {E5816F5D-05C9-4EA5-AC72-ED8A3DBA9748} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f8d01ac3-4d05-45fa-9be1-f19a62cb84ad => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {EB295AF2-508F-4061-B391-6F4CDEA18B4C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED0BA2CF-8D0E-4D83-B722-5654BEC4F084} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {F22F0B6A-D0D1-4F8D-8AAB-8787C09804FB} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [466944 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {F2FF319C-020D-4911-A8A4-3BD0A6F1AD24} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {F5F01F63-9905-4B2E-813F-07B06E027ACA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {FC2E46B1-F974-4FDB-9A0A-C07822FFFB53} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Keine Datei)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\SOLIDWORKS Electrical Archiver.job => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{2c73278c-8bfc-40c2-b9c5-851cd9df4d71}: [DhcpNameServer] 192.168.179.1

Edge: 
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-06]
Edge Extension: (Avira Password Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2023-02-06]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [Datei ist nicht signiert]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\x86\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [Datei ist nicht signiert]
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> \\devsilo1\builds\sw2021_sp03\sw\Release\x64\d210326.009.BGS.final\composer\Bin\npcomposerplayerwebplugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js [2021-08-18] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files\mozilla firefox\zlonrrylmi4.cfg [2021-08-18] <==== ACHTUNG

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-08-17]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR HKLM\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2022-02-25] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
S3 CoordinatorServiceHost; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe [79520 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)
S2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe [2283600 2021-04-27] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [185288 2021-03-27] (Dassault Systemes SolidWorks Corp. -> )
S2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [364928 2020-06-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
S3 impi_hydra; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\hydra_service.exe [924472 2021-03-27] (Intel(R) Software Development Products -> Intel Corporation)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
S2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1808728 2020-05-27] (Lenovo -> Lenovo(beijing) Limited)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [11072008 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8966256 2023-02-06] (Malwarebytes Inc. -> Malwarebytes)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [366520 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [98624 2020-07-22] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-07-22] (ProtonVPN AG -> )
S2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe [252936 2021-03-27] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SmartSense; C:\WINDOWS\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe [155848 2020-08-30] (Lenovo -> Lenovo Group Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2021-08-23] (SolidWorks) [Datei ist nicht signiert]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [607160 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
S2 SWVisualize2020.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [30208 2020-05-08] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
S2 SWVisualize2021.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize (2)\SWVisualize.Queue.Server.exe [30368 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2023-02-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2023-02-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137552 2022-12-15] (Microsoft Windows -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_b2ecd28976c27717\amdacpafd.sys [348056 2021-08-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41536 2021-07-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\amdkmdag.sys [80540576 2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181072 2019-07-22] (GENESYS LOGIC, INC. -> Genesys Logic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-02-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198088 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [76216 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181816 2023-02-06] (Malwarebytes Inc. -> Malwarebytes)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S4 RsFx0321; C:\WINDOWS\System32\DRIVERS\RsFx0321.sys [258720 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_23312dee5c4e1993\rtu53cx22x64.sys [1008864 2022-10-05] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2022-10-16] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [127512 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
R3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [28680 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2023-02-05] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473376 2023-02-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2023-02-05] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-15] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-02-06 21:02 - 2023-02-06 21:02 - 000001934 _____ C:\Users\User\Desktop\MBAM.TXT
2023-02-06 20:54 - 2023-02-06 20:54 - 000181816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-02-06 20:54 - 2023-02-06 20:54 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-02-06 20:54 - 2023-02-06 20:54 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-02-06 20:54 - 2023-02-06 20:54 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2023-02-06 20:53 - 2023-02-06 20:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-02-06 20:53 - 2023-02-06 20:53 - 000000000 ____D C:\Program Files\Malwarebytes
2023-02-06 20:52 - 2023-02-06 21:03 - 000039035 _____ C:\Users\User\Desktop\FRST.txt
2023-02-06 20:51 - 2023-02-06 20:51 - 000001347 _____ C:\Users\User\Desktop\malwarebyte.txt
2023-02-06 20:48 - 2023-02-06 20:50 - 002376704 _____ (Farbar) C:\Users\User\Desktop\FRST64 (2).exe
2023-02-06 20:47 - 2023-02-06 20:47 - 000000000 ____D C:\Users\User\AppData\Local\cache
2023-02-06 20:45 - 2023-02-06 20:45 - 002552184 _____ (Malwarebytes) C:\Users\User\Desktop\MBSetup.exe
2023-02-06 20:43 - 2023-02-06 20:43 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2775161839-3573256424-1513776773-1001
2023-02-05 20:36 - 2023-02-05 20:39 - 000000000 ____D C:\AdwCleaner
2023-02-05 20:35 - 2023-02-05 20:35 - 008791352 _____ (Malwarebytes) C:\Users\paula\Downloads\adwcleaner.exe
2023-02-05 20:10 - 2023-02-05 20:10 - 000000000 ____D C:\Program Files\Samsung
2023-02-05 20:08 - 2023-02-05 20:08 - 004951360 _____ (Samsung Electronics Co., Ltd) C:\Users\paula\Downloads\Samsung_NVM_Express_Driver_3.3.exe
2023-02-05 19:07 - 2023-02-05 19:07 - 000722202 _____ C:\WINDOWS\system32\perfh007.dat
2023-02-05 19:07 - 2023-02-05 19:07 - 000149258 _____ C:\WINDOWS\system32\perfc007.dat
2023-02-05 19:00 - 2023-02-05 19:00 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-02-05 18:57 - 2023-02-05 19:00 - 000000000 ____D C:\ProgramData\McInstTemp0066001675619843
2023-02-04 17:09 - 2023-02-06 21:03 - 000000000 ____D C:\FRST
2023-02-04 17:08 - 2023-02-04 17:11 - 000000000 ____D C:\Users\paula\Downloads\Papa
2023-02-03 12:29 - 2023-02-03 12:29 - 000000000 ____D C:\Users\paula\Documents\Benutzerdefinierte Office-Vorlagen
2023-02-01 21:34 - 2023-02-04 16:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-26 16:24 - 2023-01-26 16:24 - 000000020 ___SH C:\Users\User\ntuser.ini
2023-01-26 15:45 - 2023-01-26 16:13 - 000000000 ___RD C:\Users\paula\Documents\Wichtiges
2023-01-24 14:05 - 2023-01-24 14:05 - 001049564 _____ C:\Users\paula\Downloads\Was ist Rechtsterrorismus.pdf
2023-01-14 20:08 - 2023-01-14 20:08 - 000000000 ___HD C:\$WinREAgent
2023-01-07 13:21 - 2023-01-08 20:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-02-06 21:01 - 2020-08-12 18:31 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2023-02-06 21:00 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-06 21:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-06 20:59 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-02-06 20:58 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-06 20:54 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-06 20:54 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-06 20:54 - 2020-08-12 18:31 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2023-02-06 20:48 - 2022-11-21 23:49 - 000004224 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1629315665
2023-02-06 20:48 - 2021-08-18 20:41 - 000001417 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2023-02-06 20:47 - 2022-11-21 23:49 - 000004454 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1629315681
2023-02-06 20:47 - 2022-03-22 17:33 - 000000000 ____D C:\Users\User\AppData\Local\AMD
2023-02-06 20:43 - 2022-11-21 23:49 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2775161839-3573256424-1513776773-1001
2023-02-06 20:43 - 2020-11-10 17:18 - 000002407 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-06 20:43 - 2020-08-17 17:16 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2023-02-06 20:43 - 2020-08-12 18:33 - 000000000 ___RD C:\Users\User\OneDrive
2023-02-06 20:42 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-06 20:42 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files\CCleaner
2023-02-06 20:42 - 2020-08-12 18:34 - 000000000 ____D C:\Users\User\AppData\Local\Lenovo
2023-02-06 20:42 - 2019-10-17 05:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-02-06 20:40 - 2020-08-17 18:08 - 000000000 ____D C:\Users\paula\AppData\LocalLow\Mozilla
2023-02-06 20:18 - 2022-11-21 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2023-02-06 20:15 - 2022-11-21 22:48 - 000000000 ____D C:\WINDOWS\Lenovo
2023-02-06 20:15 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-06 20:15 - 2020-08-12 18:23 - 000000000 ____D C:\ProgramData\Lenovo
2023-02-06 20:10 - 2022-11-21 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-06 19:32 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\D3DSCache
2023-02-06 18:23 - 2021-08-29 12:45 - 000000000 ___RD C:\Users\paula\Berufskolleg Opladen
2023-02-06 18:23 - 2021-08-29 12:00 - 000000000 ___RD C:\Users\paula\OneDrive - Berufskolleg Opladen
2023-02-06 18:21 - 2022-02-14 20:04 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-05 21:45 - 2020-08-17 18:00 - 000000000 ____D C:\Users\paula\AppData\Local\Lenovo
2023-02-05 20:39 - 2021-08-29 11:46 - 000000000 ____D C:\Users\paula\AppData\Local\CrashDumps
2023-02-05 20:33 - 2020-09-07 13:46 - 000000000 ____D C:\Users\paula\AppData\Roaming\WTablet
2023-02-05 19:11 - 2019-10-17 05:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-05 19:10 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-02-05 19:07 - 2022-11-21 23:45 - 001809546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-05 19:03 - 2020-08-12 15:04 - 000000000 ____D C:\ProgramData\McAfee
2023-02-05 19:01 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\Packages
2023-02-05 19:01 - 2020-08-12 10:11 - 000000000 ____D C:\ProgramData\Packages
2023-02-05 19:00 - 2022-11-21 23:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-05 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-05 19:00 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-02-05 19:00 - 2021-01-15 19:19 - 000000000 ____D C:\Program Files\McAfee
2023-02-05 19:00 - 2020-11-10 18:16 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-05 18:58 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-02-05 18:58 - 2020-10-17 19:32 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-02-05 18:55 - 2020-08-17 20:47 - 000000000 ____D C:\Users\User\AppData\Roaming\IrfanView
2023-02-05 18:55 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-05 18:51 - 2022-07-18 16:09 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-02-04 16:25 - 2020-08-17 18:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-04 13:28 - 2020-08-12 14:57 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-04 13:26 - 2022-11-21 23:49 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2775161839-3573256424-1513776773-1002
2023-02-04 13:26 - 2022-11-21 23:49 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2775161839-3573256424-1513776773-1002
2023-02-04 13:26 - 2020-11-10 17:18 - 000002410 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-03 22:39 - 2022-11-21 23:49 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-03 22:39 - 2022-11-21 23:49 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-03 13:20 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Roaming\WhatsApp
2023-02-03 13:19 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Local\WhatsApp
2023-02-03 13:18 - 2020-08-17 18:35 - 000000000 ____D C:\Users\paula\AppData\Local\SquirrelTemp
2023-02-03 13:13 - 2022-11-21 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-03 13:12 - 2020-08-17 18:05 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-01-30 11:19 - 2020-10-03 19:29 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-26 20:03 - 2021-08-29 13:54 - 000000000 ___RD C:\Users\paula\Documents\TAHR 12 & 13
2023-01-26 19:13 - 2021-08-29 13:52 - 000000000 ____D C:\Users\paula\Documents\Gemeinde
2023-01-26 16:14 - 2022-01-15 17:54 - 000000000 ____D C:\Users\paula\AppData\Roaming\KeePass
2023-01-26 16:12 - 2021-08-29 13:50 - 000000000 ____D C:\Users\paula\Documents\Bewerbungen
2023-01-26 16:09 - 2021-08-29 13:53 - 000000000 ___RD C:\Users\paula\Documents\TAHR 11
2023-01-15 17:02 - 2022-11-21 23:45 - 001755128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-14 20:43 - 2020-08-17 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-14 20:41 - 2020-08-17 22:19 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-01-14 20:11 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-14 20:09 - 2022-11-21 23:45 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-14 15:59 - 2021-09-14 13:50 - 000000000 ____D C:\Users\paula\AppData\Local\AMD_Common
2023-01-09 21:32 - 2022-11-21 23:00 - 000000000 ____D C:\Users\paula
2023-01-09 11:46 - 2022-02-08 12:00 - 000002413 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-01-09 11:46 - 2022-02-08 12:00 - 000002405 _____ C:\Users\paula\Desktop\Microsoft Teams (work or school).lnk
2023-01-07 13:25 - 2020-08-17 18:08 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2022-01-17 22:35 - 2022-01-17 22:35 - 018809915 _____ (Dr. J. Rathlev                                              ) C:\Users\paula\pb-setup-x64-6.2.1000.exe
2020-08-12 10:11 - 2020-08-12 10:11 - 000003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         
--- --- ---

Alt 06.02.2023, 21:10   #13
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



und ADDITION.TXT
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-02-2023
durchgeführt von User (06-02-2023 21:04:24)
Gestartet von C:\Users\User\Desktop
Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) (2022-11-21 22:49:44)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-2775161839-3573256424-1513776773-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2775161839-3573256424-1513776773-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2775161839-3573256424-1513776773-1000 - Limited - Disabled)
Gast (S-1-5-21-2775161839-3573256424-1513776773-501 - Limited - Disabled)
paula (S-1-5-21-2775161839-3573256424-1513776773-1002 - Limited - Enabled) => C:\Users\paula
User (S-1-5-21-2775161839-3573256424-1513776773-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2775161839-3573256424-1513776773-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

3DEXPERIENCE Marketplace for SOLIDWORKS (HKLM\...\{0060450C-5B44-424B-BD42-559F2A5D820A}) (Version: 6.29.641 - Dassault Systemes SolidWorks Corp)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.118 - Advanced Micro Devices, Inc.) Hidden
AMD MicroPEP Driver (HKLM-x32\...\{C36029EB-19FF-4462-A283-03B41BE9EFA4}) (Version: 1.0.29.0 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.17.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.9 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD SFH Driver (HKLM-x32\...\{A52D862F-3082-46E6-B1A2-7473F111FA1F}) (Version: 1.0.0.316 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.8.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{491043b2-acc5-4890-a5f2-1f5e3cc4427a}) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{82C2A7D9-6BFC-4BED-9EF9-C49780F02C3E}) (Version: 15.5.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Backuptrans Android WhatsApp to iPhone Transfer (x64) 3.2.175 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Backuptrans Android WhatsApp to iPhone Transfer (x64)) (Version: 3.2.175 - Backuptrans)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeCAD 0.18.4 (Installiert für den aktuellen Benutzer) (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\FreeCAD0184) (Version: 0.18.4 - FreeCAD Team)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.9.7 - Open source)
GDR 6164 für SQL Server*2014 (KB4583463) (64-bit) (HKLM\...\KB4583463) (Version: 12.3.6164.21 - Microsoft Corporation)
GDR 6169 für SQL Server*2014 (KB5014165) (64-bit) (HKLM\...\KB5014165) (Version: 12.3.6169.19 - Microsoft Corporation)
iMyFone iTransor for WhatsApp 4.6.2.3 (HKLM-x32\...\{BFC593FB-4E14-452E-94C2-75F382A89294}_is1) (Version: 4.6.2.3 - Shenzhen iMyFone Technology Co., Ltd.)
iTunes (HKLM\...\{B71B64F9-B245-4E4B-802E-DB6AB834EA13}) (Version: 12.12.3.5 - Apple Inc.)
KeePass Password Safe 2.52 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.52 - Dominik Reichl)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
Macrium Reflect Free (HKLM\...\{5664B4BB-6EA2-4981-A1C1-D08B5A088867}) (Version: 8.0.6979 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free (HKLM\...\MacriumReflect) (Version: v8.0.6979 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.5.21.231 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.21.231 - Malwarebytes)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{E22449E8-E716-41AA-B449-E7CF16F5EAF1}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\OneDriveSetup.exe) (Version: 23.011.0115.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\OneDriveSetup.exe) (Version: 23.020.0125.0002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 RsFx Driver (HKLM\...\{C11487CA-E3B7-4D8E-9D6F-5C3DC6C81200}) (Version: 12.3.6169.19 - Microsoft Corporation) Hidden
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{5F0DFD0B-0027-4E9A-AA13-4CEA6A9C020D}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{F40FD7AB-C262-4655-8A5C-74781F2BEC06}) (Version: 12.3.6169.19 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Teams) (Version: 1.5.00.33362 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{07C0BFE1-3291-409C-B96A-797340719C8F}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{826216B1-0F04-409B-A33E-C6A004AA1097}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (HKLM\...\{3577C582-28BF-47CF-A134-0F4E2C3A6148}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 (HKLM-x32\...\{DD6BC8D7-4582-4677-BAAC-4AB933E6C315}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 (HKLM-x32\...\{7B77DE7F-5219-435E-9CE1-FC77F1D4CCAD}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913 (HKLM\...\{620A7633-7A09-42A8-8580-076A4483C4B0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913 (HKLM\...\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Finalizer (HKLM-x32\...\{F93E37BD-4053-37CA-A7BB-A5B74508006C}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x64 Hosting Support (HKLM\...\{A8C30947-7C1B-3A31-8FD8-CEC6D3357D34}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x86 Hosting Support (HKLM-x32\...\{11A9EF3E-6616-31B1-82BC-1080366FA34D}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.3.6024.0 - Microsoft Corporation)
Movavi Video Editor Plus 2020 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Movavi Video Editor Plus 2020) (Version: 20.4.0 - Movavi)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 109.0.1 (x64 de)) (Version: 109.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.1.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.6.1 (x86 de)) (Version: 102.6.1 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Opera Stable 79.0.4143.22 (HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Opera 79.0.4143.22) (Version: 79.0.4143.22 - Opera Software)
Personal Backup 6.2.16.0 (64-bit) (HKLM\...\Personal Backup 6_is1) (Version: 6.2.16.0 - Dr. J. Rathlev)
Photo Common (HKLM-x32\...\{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ProtonVPN (HKLM-x32\...\{2E5B3FB1-FDCC-4BC8-AA99-E0EE5343CAF8}) (Version: 1.16.3 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.3) (Version: 1.16.3 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
PyCharm 2020.2.2 (HKLM-x32\...\PyCharm 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)
PyCharm Community Edition 2020.2.2 (HKLM-x32\...\PyCharm Community Edition 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)
RyzenMasterSDK (HKLM\...\{17BE94CF-FF53-4C12-81F5-E10EB6844849}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit) (HKLM\...\KB4022619) (Version: 12.3.6024.0 - Microsoft Corporation)
Smart View (HKLM-x32\...\{C7B50A89-F1D6-41C1-9375-0AF0C4CFE66F}) (Version: 1.0.0.0 - Samsung )
SOLIDWORKS 2020 German Resources (HKLM\...\{B7698A2D-ACFD-4DAE-B9A1-41F67EB9F770}) (Version: 28.130.0086 - Ihr Firmenname) Hidden
SOLIDWORKS 2020 graphics support (HKLM-x32\...\{1CB88B4C-EAEF-466E-A3FD-E612127EBAC4}) (Version: 1.0.1 - Dassault Systemes)
SOLIDWORKS 2020 SP03 (HKLM\...\{3F4681F3-B30B-4531-ADB2-3661B531F926}) (Version: 28.130.0086 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2020 SP03 (HKLM-x32\...\SolidWorks Installation Manager 20200-40300-1100-100) (Version: 28.3.0.86 - SolidWorks Corporation)
SOLIDWORKS 2021 German Resources (HKLM\...\{A8E011F9-AB58-4C9C-AB8C-7435C7E04FEB}) (Version: 29.130.0059 - Ihr Firmenname) Hidden
SOLIDWORKS 2021 SP03 (HKLM\...\{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}) (Version: 29.130.0059 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2021 SP03 (HKLM-x32\...\SolidWorks Installation Manager 20210-40300-1100-100) (Version: 29.3.0.59 - SolidWorks Corporation)
SOLIDWORKS CAM 2020 SP03 (HKLM\...\{4DFF26A7-85C6-4495-ADE0-54FDF9AB6F31}) (Version: 28.30.0086 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS CAM 2021 SP03 (HKLM\...\{EFF51C01-6447-44F1-B1C6-567BA8E08A3C}) (Version: 29.30.0059 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2020 SP03 (HKLM\...\{85C65312-5967-431C-817F-6A5DF2B5FCAB}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Composer 2021 SP03 (HKLM\...\{670D74D1-A07B-4C70-8E11-18FC4B0BAF7E}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS eDrawings 2020 SP03 (HKLM\...\{B21DE16A-42B5-46A8-A905-59579C7E70C4}) (Version: 28.30.0025 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2021 SP03 (HKLM\...\{C7289F2C-60FD-4FBB-A862-18DB7AC0D2C1}) (Version: 29.30.0026 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2021 SP03 (HKLM\...\{C8E61D1C-BE08-4220-9009-053BD2AF1F73}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS Flow Simulation 2020 SP03  (HKLM\...\{5C774D0E-6ED5-41E6-BF46-5E97C5D3EBF2}) (Version: 28.30.0087 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2021 SP03  (HKLM\...\{BC6FEA11-71C2-4D72-A909-2A94B1179DA3}) (Version: 29.30.0060 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2020 SP03 (HKLM\...\{DB735F3C-98A6-4F88-B7FC-F2609F18150E}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Plastics 2021 SP03 (HKLM\...\{CE4CA359-906F-4F01-AF89-EB0F83B122F5}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SOLIDWORKS Visualize 2020 SP03 (HKLM\...\{9963E472-2AFC-46A4-B128-D9926F267B80}) (Version: 28.30.0086 - Ihr Firmenname) Hidden
SOLIDWORKS Visualize 2021 SP03 (HKLM\...\{C493AED2-A596-43E9-9F47-446B35978A42}) (Version: 29.30.0059 - Ihr Firmenname) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.3.6024.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.13565 - Microsoft Corporation)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.41-1 - Wacom Technology Corp.)
WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{546D15D7-D6AF-422B-B4E5-05AF20BA8573}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{17194DA0-755B-4BAA-A8C9-EC5549F7D596}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{6422f3d1-f66a-42ab-9726-67fca9d3964b}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.)
WhatsApp (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\WhatsApp) (Version: 2.2304.7 - WhatsApp)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66233218-CA57-4AB2-BA43-A97AA4635960}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{FC071B45-4A5F-408F-92F8-4D9D693E866F}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/06/2021 4.8.0.0) (HKLM\...\A24A5DD571B1BD4FED5E3558FDDBD8579A5EE14C) (Version: 01/06/2021 4.8.0.0 - Google, Inc.)
Windows-Treiberpaket - HS Incorporated (massfilter_hs) USB  (10/20/2010 2.0.0.8) (HKLM\...\80E97631DA49E8B2E4C5B606C9597BC75EE612F5) (Version: 10/20/2010 2.0.0.8 - HS Incorporated)
Windows-Treiberpaket - HTC, Corporation (HTCAND64) USB  (07/30/2015 2.0.0007.00030) (HKLM\...\C45A70BDABC1DAE5CCD49C4E701E67757AB039E6) (Version: 07/30/2015 2.0.0007.00030 - HTC, Corporation)
Windows-Treiberpaket - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (usbbus) USB  (02/17/2016 5.3.0.0) (HKLM\...\6188905E45DED139E292A4F6A3CA637A65162F4D) (Version: 02/17/2016 5.3.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics, Inc. (AndnetBus) USB  (01/06/2021 4.8.0.0) (HKLM\...\4F72F5ED592B4C4B69E07DA9895BAE687A32F8AA) (Version: 01/06/2021 4.8.0.0 - LG Electronics, Inc.)
Windows-Treiberpaket - Motorola (motccgp) USB  (03/01/2013 3.4.0.0) (HKLM\...\73BEF56236CE0FD380A1692BBA70B9C6B533518B) (Version: 03/01/2013 3.4.0.0 - Motorola)
Windows-Treiberpaket - PANTECH Co., Ltd.  (PSKTBUS) USB  (06/20/2012 4.0.21.0) (HKLM\...\31F11A15A3058696191A3708600383CAA429752E) (Version: 06/20/2012 4.0.21.0 - PANTECH Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (06/10/2014 2.11.10.0) (HKLM\...\7C7D77F30DA293C8D56A9D5FB8C3E70F4E17DA7F) (Version: 06/10/2014 2.11.10.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SHARP (shu0bus) USB  (08/11/2011 5.28.4.0) (HKLM\...\8A1FC0FFE8E99DF8171E25D8C5AFF587290A67EF) (Version: 08/11/2011 5.28.4.0 - SHARP)
Wondershare Filmora9(Build 9.5.1) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Zoom (HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.10044.0_x64__0a9344xs7nr4m [2023-02-06] (Advanced Micro Devices Inc.) [Startup Task]
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-02-06] (Microsoft Corp.)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.1.5965.0_x64__rz1tebttyb220 [2023-02-06] (Dolby Laboratories)
Glance by Mirametrix -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_9.26.3905.0_x64__17mer8kcn3j54 [2023-02-06] (Mirametrix Inc.) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-02-06] (HP Inc.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4 [2023-02-06] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [2023-02-06] (LENOVO INC.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-02-06] (Microsoft Corp.)
ms-resource://MicrosoftCorporationII.QuickAssist/resources/APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.16.0_x64__8wekyb3d8bbwe [2023-02-06] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2023-02-06] (Microsoft Corporation)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-02-06] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2023-02-06] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [2023-02-06] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-06] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0 [2020-08-17] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-15] (Microsoft Windows)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2023-02-06] (New Work SE)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{04271989-C4D2-45E0-850A-8F3B68BDA890} -> [OneDrive - Berufskolleg Opladen] => C:\Users\paula\OneDrive - Berufskolleg Opladen [2021-08-29 12:00]
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{04271989-C4D2-9B3B-C51F-53A6054170F7} -> [Berufskolleg Opladen] => C:\Users\paula\Berufskolleg Opladen [2021-08-29 12:45]
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\paula\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\paula\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [Datei ist nicht signiert]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-06] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-06] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\User\Desktop\facebook.lnk -> C:\Users\User\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2020-08-17 20:17 - 2016-07-21 09:54 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-08-17 20:17 - 2017-09-12 09:34 - 001506304 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ () [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 003567616 _____ () [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-07-07 05:37 - 2021-07-07 05:37 - 000562688 _____ (Advanced Micro Devices) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Device.dll
2021-07-07 05:37 - 2021-07-07 05:37 - 000058880 _____ (Advanced Micro Devices) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Platform.dll
2021-08-24 17:38 - 2021-08-24 17:38 - 001704960 _____ (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-05-08 20:57 - 2020-05-08 20:57 - 000205312 _____ (Dassault Systèmes SolidWorks Corporation) [Datei ist nicht signiert] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swccu.dll
2020-05-08 18:53 - 2020-05-08 18:53 - 000210432 _____ (Dassault Systèmes SolidWorks Corporation) [Datei ist nicht signiert] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\SWLoginClientCLR.dll
2020-05-08 18:52 - 2020-05-08 18:52 - 000019968 _____ (Dassault Systèmes SolidWorks Corporation) [Datei ist nicht signiert] C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\win7helperbaseu.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000031744 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000039424 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000031744 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000414720 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000025088 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000024576 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000023552 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000532992 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001441792 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001189888 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000134656 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 006184448 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 006867456 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000735232 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000120832 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001104896 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000325120 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 003668480 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000517120 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000051712 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 004228608 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000171008 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 001085440 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000480256 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000205824 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000329728 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000127488 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000390656 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 095598080 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 005587968 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000462848 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000188928 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 002878464 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000055808 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000059392 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000262144 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000284160 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000333824 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000136704 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000090112 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000313856 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000017920 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-09 18:47 - 2021-03-09 18:47 - 000091648 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2020-08-17 20:17 - 2017-09-12 09:36 - 000708608 _____ (Wondershare) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-04] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\sharepoint.com -> hxxps://bkopladen-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-03-19 05:49 - 2023-02-04 16:19 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\paula\Pictures\Camera Roll\a8964664-854d-40de-ab47-34cfc10ceb0a.jpg
DNS Servers: 192.168.179.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{FD1BC0C8-91C3-4021-86D5-174D19736838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{64AFD36B-BA53-4A47-B9DD-90FD5AF23AD1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{F6D890D0-550A-4D60-AC75-09E5D86DB23C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{8EBD307C-E4D1-42C1-B05F-F0F97EEE9943}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{ED767DE2-7891-44D2-8AD5-918F01A12332}] => (Allow) LPort=8029
FirewallRules: [{213D925F-F2ED-4170-AE12-979251518EBB}] => (Allow) LPort=8028
FirewallRules: [{185F632A-3543-4160-99ED-38856D11F21D}] => (Allow) LPort=8028
FirewallRules: [{D1CF6247-F015-41F9-8253-80D9C188E671}] => (Allow) LPort=8029
FirewallRules: [{0534F0CA-27B8-400C-8C7D-1AF73286773E}] => (Allow) LPort=8029
FirewallRules: [{38B1BCB5-39F5-4DB3-AB7E-D918965439D0}] => (Allow) LPort=8028
FirewallRules: [{AD090B38-7758-4B1E-9AAE-E5D34AFD1080}] => (Allow) LPort=8028
FirewallRules: [{267A457B-F647-4B09-87D7-80F31EC7F1B6}] => (Allow) LPort=8029
FirewallRules: [{C7F719AF-45D4-4CAE-AC70-1B1C9EDE50F0}] => (Allow) LPort=8028
FirewallRules: [{5FE44928-696D-4C8A-A400-22EE06B642C0}] => (Allow) LPort=8029
FirewallRules: [{32C58891-618A-4B4E-9813-C069FD392F49}] => (Allow) LPort=8029
FirewallRules: [{6992CB83-74BE-4EEF-B867-24A893B16FA0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C4A27734-864F-4C8F-8545-00FC40E02A6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{CF1D2948-713E-4277-A179-6DE40873CE01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{23AFB29A-F57F-438A-89BD-358717A44ED9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{87079EB2-E7B3-46F6-90A1-D5582DE48481}] => (Allow) LPort=8029
FirewallRules: [{3FFB9A0A-6BD1-4200-A73B-016AE654B1C5}] => (Allow) LPort=8028
FirewallRules: [{78890D42-9377-491E-9EB8-9C53A0C55221}] => (Allow) LPort=8028
FirewallRules: [{BC8FB9DA-75E2-42C8-B8F4-8C58CC38705C}] => (Allow) LPort=8029
FirewallRules: [{896330A1-6B17-4AE1-B223-A05F5AB77483}] => (Allow) LPort=8028
FirewallRules: [{77077CD5-2B54-4222-9234-5B032718010C}] => (Allow) LPort=8029
FirewallRules: [{E653B26F-9F03-4B0B-8F8A-0D38FF713561}] => (Allow) LPort=8028
FirewallRules: [{478C76F3-154C-4D17-BBFE-127082523252}] => (Allow) LPort=8029
FirewallRules: [{9373CDB6-F060-4FBB-BCFF-18B91FE85320}] => (Allow) LPort=8028
FirewallRules: [{D40F29E1-1728-4189-8BBA-E00B416C57B8}] => (Allow) LPort=8029
FirewallRules: [{2B2892EE-44DA-4702-99C8-11AE53179CFB}] => (Allow) LPort=8029
FirewallRules: [{99BA49AE-632B-4305-9164-CA284399D8F7}] => (Allow) LPort=8028
FirewallRules: [{5A91EFA5-B227-41A8-8979-7EDB29A06CC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{3C0B1813-C0C3-4322-A895-D686D155FEA1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{144205B8-1750-4D41-95E6-37DD76C00FA7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{33EA2062-7AF2-4788-8F58-64C7329049EF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{0EA1214E-A948-4870-A386-6AB48A4F5EF3}] => (Allow) LPort=8029
FirewallRules: [{94F40235-129A-4F22-8E2C-9626DBF6CCCA}] => (Allow) LPort=8028
FirewallRules: [{F43BD7BA-DF3A-48F2-A650-3A7B00F6472D}] => (Allow) LPort=8028
FirewallRules: [{75ACDF4F-7709-4541-B85F-0EB05E9144F6}] => (Allow) LPort=8029
FirewallRules: [{1D2EED2F-2EFA-4789-9243-84A6AE6BA24E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{133F1289-BE2D-4D7C-9D5F-18E2490A2034}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{57A05E3C-FA01-4A77-A583-D52F0F89B7C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{8CB8B1F9-8901-45E1-9D97-460E9403D692}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{0FD95F41-26FC-44FD-BD77-10525388C7C0}] => (Allow) LPort=8029
FirewallRules: [{779BADD4-0C9E-4B4B-AFD1-38FA81A73F8B}] => (Allow) LPort=8028
FirewallRules: [{E6768030-818B-4631-8B40-1B0F09FE865D}] => (Allow) LPort=8028
FirewallRules: [{4D0C3460-B98A-40F5-98BE-F55ABFA24450}] => (Allow) LPort=8029
FirewallRules: [{5E5709B9-AEF6-4CD9-B7B3-284586D218E0}] => (Allow) LPort=8028
FirewallRules: [{19DF264F-B89D-4754-AF73-B0DDB084BCE9}] => (Allow) LPort=8029
FirewallRules: [{1C5690B7-A685-4C41-957F-91AD6D49FECA}] => (Allow) LPort=8029
FirewallRules: [{713E4B34-2FA6-4707-843D-F9DE41720E9D}] => (Allow) LPort=8028
FirewallRules: [{6FE84046-CE40-4781-82E1-8500320C29BD}] => (Allow) LPort=8029
FirewallRules: [{C524E5B0-BC26-4783-8E52-256A6C3F89E8}] => (Allow) LPort=8028
FirewallRules: [{539BCFA3-D9BC-451D-86AD-44EAF1573337}] => (Allow) LPort=8028
FirewallRules: [{674341BD-1411-4486-B396-970765358165}] => (Allow) LPort=8029
FirewallRules: [{BA469BA1-8858-4275-B9CF-F803F3A5B3FE}] => (Allow) LPort=8028
FirewallRules: [{D126FEFE-5F86-4E2E-97A2-F27E0340798F}] => (Allow) LPort=8029
FirewallRules: [{3C97A1D4-5CB1-47ED-9EE4-34957984022C}] => (Allow) LPort=8028
FirewallRules: [{5EA7D479-43B8-4F80-B5D5-758EADDD5DAD}] => (Allow) LPort=8029
FirewallRules: [{7B033BD7-3B7F-4E3A-9254-2D994036BB19}] => (Allow) LPort=8028
FirewallRules: [{4562C2DC-47BA-41F4-9DCD-11625C91732F}] => (Allow) LPort=8029
FirewallRules: [{508D85C2-892A-4378-94A1-5DD84A745297}] => (Allow) LPort=8029
FirewallRules: [{B3B13FDA-6134-4E38-A769-80E7692E90B1}] => (Allow) LPort=8028
FirewallRules: [{F8C58831-78C6-46B9-A5DD-33380242C254}] => (Allow) LPort=8028
FirewallRules: [{828587BB-504C-47F4-99DA-D005404A34F9}] => (Allow) LPort=8029
FirewallRules: [{CDD25159-396E-457D-B576-6C0B3E789AC3}] => (Allow) LPort=8029
FirewallRules: [{EEA7CE45-2DAE-43AF-9077-59CBAFC0E1A5}] => (Allow) LPort=8028
FirewallRules: [{57EC6750-691F-4772-9F0C-FD3BE26A02F2}] => (Allow) LPort=8029
FirewallRules: [{2C8F8E58-1514-42CB-88B0-368E920EFE3D}] => (Allow) LPort=8028
FirewallRules: [{682B566D-A1E5-4BC0-8DDB-3C14096EDEED}] => (Allow) LPort=8028
FirewallRules: [{E6A766A0-BBC2-4346-8EEA-7619560C8436}] => (Allow) LPort=8029
FirewallRules: [{04864A6F-485C-441A-97A8-D90F73ECF947}] => (Allow) LPort=8029
FirewallRules: [{FA9D3F46-70A6-440A-AF57-0C840B6F534E}] => (Allow) LPort=8028
FirewallRules: [{332DF50F-6649-4B9A-AC0F-35452CE24D96}] => (Allow) LPort=8029
FirewallRules: [{C76F7CC7-44F1-4FC2-A73F-8BCC2E33C56E}] => (Allow) LPort=8028
FirewallRules: [{A6DE493C-B244-43C5-9DB2-34FF718B732A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3426B30C-9FFB-41C9-9CCA-BD94114DB376}] => (Allow) LPort=8028
FirewallRules: [{AC768BEF-9E5C-4027-A115-3517EA9C6C9E}] => (Allow) LPort=8029
FirewallRules: [{8D396862-19C4-48F2-B720-89BDD2A28B18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D938054D-D794-41CE-998F-3E51C975D62C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{142B110D-F9FF-409A-A844-595CB212D950}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6D59D116-4388-4C7F-8CAD-1A15BAF4DA89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{793F5AE0-D2E0-4A4F-8567-8C0E6D9675B1}] => (Allow) LPort=8029
FirewallRules: [{04DAFDB2-AA16-4E72-AAE7-4B8352C6F4B0}] => (Allow) LPort=8028
FirewallRules: [{4DFD0EFE-C1E0-47AC-9A84-D0C667B82E37}] => (Allow) LPort=8028
FirewallRules: [{231CE089-CE04-4376-B2E0-5BE61755FA4F}] => (Allow) LPort=8029
FirewallRules: [{BDA887BA-BF36-461B-9ABB-C27EF1835FB6}] => (Allow) LPort=8028
FirewallRules: [{8F0FC990-234B-4E4C-86B0-932B03D4E7BD}] => (Allow) LPort=8029
FirewallRules: [{56CA56BB-C4F9-48F6-8C91-FD2EC854DCA8}] => (Allow) LPort=8029
FirewallRules: [{F64FF321-D4E7-4784-A677-7FFC218320B5}] => (Allow) LPort=8028
FirewallRules: [{1B116F75-132E-425B-841A-BC1FB29218AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{43B5CD09-087D-4707-85BE-F565EEFA8F96}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{1EB88B63-9799-4BD1-B9D5-0FBF2EBF481A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{23E0C755-41DE-4994-B212-BFC6C8218817}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{52516F50-0635-4B6F-8E8E-BCD27A5574C7}] => (Allow) LPort=8029
FirewallRules: [{FCBBCCB5-F4D5-4C2A-8355-3D39258ED5CB}] => (Allow) LPort=8028
FirewallRules: [{4BA591FA-15B3-4509-A28D-ECD6EB98C83C}] => (Allow) LPort=8029
FirewallRules: [{491E83B3-9616-42C0-B14A-AD9C53305EA6}] => (Allow) LPort=8028
FirewallRules: [{6283DE8B-CA84-43E4-AD1D-5CA0BA9EA8CC}] => (Allow) LPort=8029
FirewallRules: [UDP Query User{94DADEBE-5F45-4EC8-99E9-592DCCBE4AFF}C:\users\paula\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\paula\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{A21F04E7-96B0-40BB-BDFF-30DE23D969FD}C:\users\paula\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\paula\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{75220D26-C1D5-4C27-98DE-A1A2525AE91F}] => (Allow) LPort=8029
FirewallRules: [{1689A9C3-7701-4E8E-A86E-FFD169D086C0}] => (Allow) LPort=8028
FirewallRules: [{0B2191D9-13E2-40A9-9D9C-DC5C80FD10A2}] => (Allow) LPort=8029
FirewallRules: [{CDD95E45-18D9-4720-9439-64079D3953C5}] => (Allow) LPort=8028
FirewallRules: [{7329CACE-5776-449F-AAFC-4BC91A628BCA}] => (Allow) LPort=8029
FirewallRules: [{CBC3B772-E136-45A5-984D-DA997338E79D}] => (Allow) LPort=8028
FirewallRules: [{A84D2FAF-70A9-4B71-A80D-A67A2BCEBF24}] => (Allow) LPort=8029
FirewallRules: [{D69743FC-6B13-4968-B55D-F43A6D385D84}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{EABF3089-FEEE-47D1-9D6C-8BC134527A00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{355D7BDE-38CC-4BD1-8FDF-48C588A4A67D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{3032F570-FEFE-4156-A3B8-BDBAA32D5C6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{670AFC02-503B-472C-B4DC-3F5697F555C9}] => (Allow) LPort=8028
FirewallRules: [{C2826694-18BC-46BD-9B01-0B1F445EAA85}] => (Allow) LPort=8028
FirewallRules: [{DC22C111-BD99-446E-91F1-7FFFFDD5A974}] => (Allow) LPort=8028
FirewallRules: [{C1C91D73-23E7-40E0-923D-A24076AB7D76}] => (Allow) LPort=8028
FirewallRules: [{52E456CB-7F46-4AAB-B82D-8762504246EB}] => (Allow) LPort=8028
FirewallRules: [{826E024D-F4D9-4DF8-8F30-46A5316091B6}] => (Allow) LPort=8028
FirewallRules: [{EA75AA0D-AC44-4B03-B638-42E6ADF10CBB}] => (Allow) LPort=8028
FirewallRules: [{A9C63FBB-47A4-4234-9FF1-076686AC158A}] => (Allow) LPort=8028
FirewallRules: [{73D38897-F5BB-42CF-9B28-FD5BEFE3F7D3}] => (Allow) LPort=8028
FirewallRules: [{C84CCC1F-C821-4D43-BBF9-1F0D1F017A1C}] => (Allow) LPort=8028
FirewallRules: [{8854A686-E5F8-4F43-A75C-E0550188F950}] => (Allow) LPort=8028
FirewallRules: [{F1B2366B-BECA-4043-93B8-FD0484BB0BB2}] => (Allow) LPort=8028
FirewallRules: [{342B2D56-DB1E-4191-A63D-130737AB54C1}] => (Allow) LPort=8028
FirewallRules: [{3A672249-9464-476C-911E-70F974F3B36C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B158A431-A046-4A49-B0BD-FB28CA4EA9FC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B534465-564C-4528-8030-EF662D615D76}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DD5CF970-22C5-4576-8EC7-A36A135B7537}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F203363D-D837-4FEA-8404-45D75FF62A13}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1642767B-46B3-4F28-BC22-D9D502AEA508}] => (Allow) LPort=8028
FirewallRules: [UDP Query User{54958A3F-FA8A-41B2-B7E3-2FD40C9DC876}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8F70A2AB-6003-4033-8D08-FF7F21206665}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{524F941A-7B2E-4BE7-8F99-E8E97C100465}] => (Allow) LPort=1900
FirewallRules: [{7BECDAE4-816A-4809-8BA9-FA975D323A2C}] => (Allow) LPort=2869
FirewallRules: [{53610D1C-2B76-45FF-ADAF-AF2642F80B3D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1E0FD9A-631F-4C29-831D-CED476342744}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56D4CBC8-7CC3-443E-BCC4-362F41788715}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65778158-76AA-4BD9-B9AC-443003138367}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{17468B6B-16AB-4FC5-B405-3297023E0054}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6408FC02-6D4B-456C-8065-0565D490DE4B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A9D0D59-BD02-453D-97D7-39AC63F3B40B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D7578CF-F5D8-44D7-82F4-403768239F0D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BF9B836E-4188-4546-A28E-23FB5C6B6984}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F53A1B56-850A-4BF5-AE17-2346E95866DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FBAECCB-D554-4F76-9423-6EE6142067C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.139.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{98F55B1A-7715-433C-829D-94DFE7C073E7}C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe] => (Block) C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{28C9112A-D577-4A2E-AD14-C9FAF09256E9}C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe] => (Block) C:\users\user\documents\pycharm community edition 2020.2.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [{1FF4B7D0-F584-4EF4-A6A1-C5C866105BEC}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => Keine Datei
FirewallRules: [{9BB70B16-2C37-47BD-837C-6625D6ECA060}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{2E52DBEF-EE12-4BB8-A15C-DC2DD57E0295}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{91B66A60-1ADB-42B0-AB9D-6FB9115C29DE}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{0FE54DE3-A74A-474B-9A81-4C8F45FE1D20}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{039EFECD-05FD-4514-923B-9ABC063E9142}] => (Allow) LPort=8028
FirewallRules: [{C3DD4A07-C387-4C7C-B97F-80FCB4FFBFD9}] => (Allow) LPort=8028
FirewallRules: [{14E96F8F-CBCC-498A-93DF-6EBA1DC01651}] => (Allow) LPort=8028
FirewallRules: [{65016AF4-770C-4F5E-A4E2-7B4A140C29D8}] => (Allow) LPort=8028
FirewallRules: [{84C34DD9-0662-4AB7-9FB6-B47293F20204}] => (Allow) LPort=8028
FirewallRules: [{BD3FBC0E-7395-4BB8-A40C-560AF9C7F8B7}] => (Allow) LPort=8028
FirewallRules: [{A28339F2-B44C-40ED-ADFE-B389EB2DE175}] => (Allow) LPort=8028
FirewallRules: [{573BA75D-28C5-4CC1-8CFE-347AC81A9B7D}] => (Allow) LPort=8028
FirewallRules: [{BE11A616-578A-47CD-9849-1DA9CC997CF7}] => (Allow) LPort=8028
FirewallRules: [{4893EFF6-A346-4873-AF47-5CB03D72F082}] => (Allow) LPort=8028
FirewallRules: [{2461FF8E-7358-47A5-9DCD-0E3DEE05AC00}] => (Allow) LPort=8028
FirewallRules: [{7A4CC3CB-CE62-4EF2-BBCA-2C41EF228B71}] => (Allow) LPort=8028
FirewallRules: [{B0D369BD-3342-4851-974A-66E7176C340D}] => (Allow) LPort=8028
FirewallRules: [{AAE6FC1F-44AC-4669-A3A4-9026B8737D26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{42FBD029-F8CA-45A2-AE74-1B053C04E95D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{9ED08D70-5A0A-4355-904C-45675214A0AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{9B6FEF10-8AF7-4E27-987A-590D40985645}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [TCP Query User{42BDC57F-9138-4853-94CE-CED7E3F93D44}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{21FD1B2E-3651-407F-B88C-44828E1F3E31}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Datei ist nicht signiert]
FirewallRules: [{38429A01-60C5-4247-94C2-3230DEA0AFBB}] => (Allow) LPort=8028
FirewallRules: [{E1A5704D-976A-46EC-B477-63C8E6EAD14C}] => (Allow) LPort=8028
FirewallRules: [{A22549F3-D7F8-4802-BC2A-0FDFB46AE6F5}] => (Allow) LPort=8028
FirewallRules: [{895867F6-F12E-4138-AA6C-85A9658931A7}] => (Allow) LPort=8028
FirewallRules: [{26DF2890-2328-4E8E-8579-0CEF74CFDAB7}] => (Allow) LPort=8028
FirewallRules: [{632E99A8-3AC7-47A1-ABFE-425CDD113668}] => (Allow) LPort=8028
FirewallRules: [{1D17DD2C-E29B-4256-860C-ABFA173D635D}] => (Allow) LPort=8028
FirewallRules: [{4E388E4C-9B5C-41D9-B8B9-9D1C732D274D}] => (Allow) LPort=8028
FirewallRules: [{D6EC2E7D-2285-4C7D-84B3-74B604630218}] => (Allow) LPort=8028
FirewallRules: [{E3BAAF39-5480-4AE0-99E4-0EDB34908818}] => (Allow) LPort=8029
FirewallRules: [{7C6897F0-B60F-4442-B290-00F00B2C64EF}] => (Allow) LPort=8028
FirewallRules: [{BCEE1F26-401B-40CE-949A-BA8788B613D7}] => (Allow) LPort=8029
FirewallRules: [{35D49B48-788D-4010-8039-B54DB6B65B39}] => (Allow) LPort=8028
FirewallRules: [{5A752116-D25F-4F56-824C-F3759E596C17}] => (Allow) LPort=8029
FirewallRules: [{BCF42D1D-DAA8-409B-B3D7-5E1232F62228}] => (Allow) LPort=8028
FirewallRules: [{E998642D-CF74-4F67-A9D7-4236B7133034}] => (Allow) LPort=8029
FirewallRules: [{388560F6-C31D-41BB-AD26-C11C9A7A89D5}] => (Allow) LPort=8029
FirewallRules: [{91584BFB-A6EB-457A-A6E7-1023B6061844}] => (Allow) LPort=8028
FirewallRules: [{69E296DC-89A9-41BD-93DB-D12E19C4BF06}] => (Allow) LPort=8028
FirewallRules: [{5E69D41E-7F51-4574-AAB5-EEFD6C85D9BC}] => (Allow) LPort=8029
FirewallRules: [{38EEF388-56E8-4E50-A79A-6738D2D02941}] => (Allow) LPort=8028
FirewallRules: [{699C3A47-02DB-4B21-9661-068BB6ECF5F6}] => (Allow) LPort=8029
FirewallRules: [{6231B5EB-FD21-44BD-A368-0BEFBFFDFE1E}] => (Allow) LPort=8028
FirewallRules: [{840D8F0A-6335-4B10-8E4C-C190E27F5668}] => (Allow) LPort=8029
FirewallRules: [{25B61B85-2B63-464A-A3EB-47392F27602E}] => (Allow) LPort=8028
FirewallRules: [{A892AF11-3488-4803-9A3D-AEA167393C6C}] => (Allow) LPort=8029
FirewallRules: [{CE53AE1D-4A0E-4161-AFA6-3A61993B1544}] => (Allow) LPort=8028
FirewallRules: [{AD677376-51FC-4AB6-B15B-2F0F01E001ED}] => (Allow) LPort=8029
FirewallRules: [{C79CD10F-92D1-4085-823E-DA49E0CCD6F4}] => (Allow) LPort=8029
FirewallRules: [{AEC95247-9FDF-4FD2-8257-0A87B5906D7F}] => (Allow) LPort=8028
FirewallRules: [{4B58AE6D-DEC6-4DD0-B33D-903CAA282B3A}] => (Allow) LPort=8029
FirewallRules: [{F24737DB-8B65-427C-9594-DC2C05FD3819}] => (Allow) LPort=8028
FirewallRules: [{21165843-16C0-41B5-8688-50DC4A419B57}] => (Allow) LPort=8029
FirewallRules: [{651DC043-47C6-457D-A102-0A95611AB8AD}] => (Allow) LPort=8028
FirewallRules: [{F0A65FF9-F3EC-42B0-AAF2-613D2C5D81FD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F142352D-A696-42DF-96C4-14C195C0227E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{51590CAC-DAC4-4221-AAE9-30C5AEAE52FE}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{23A670FE-C59B-4FEA-A669-6ACC1552C043}C:\users\paula\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\paula\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EAA24A79-CEDB-4E37-9AA8-982598D97B0E}] => (Allow) LPort=8028
FirewallRules: [{61899AD4-FEE6-4E85-8D08-E3A01D48ED9D}] => (Allow) LPort=8029
FirewallRules: [{CF6C8F5D-2E59-4EF8-A230-426F5DF9344D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6EADCF7-CC15-4E9E-A266-F989DF015ED5}] => (Allow) LPort=8029
FirewallRules: [{3CD0711F-54CA-4970-B9B2-DD89387ABA55}] => (Allow) LPort=8028
FirewallRules: [{F8DA0D41-DD35-4DFD-AB50-9D77B0575200}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{192FCDEC-CD51-4D4B-A707-57557B3DAD7E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1F95418-EFE7-45FE-B97F-7D2481C40011}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4F96959D-65A4-4BF6-BB3E-0A546595F9AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{823ED9A6-25FC-45CB-AC5C-A59C81C79502}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\79.0.4143.22\opera.exe (Opera Software AS -> Opera Software)

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:475.69 GB) (Free:234.48 GB) (49%)

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (02/06/2023 06:26:39 PM) (Source: Firefox Default Browser Agent) (EventID: 1155) (User: )
Description: Event-ID 1155

Error: (02/05/2023 08:39:41 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-TOVUM2BS)
Description: Name der fehlerhaften Anwendung: OpenWith.exe, Version: 10.0.22621.675, Zeitstempel: 0x6f466602
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x3c7c
Startzeit der fehlerhaften Anwendung: 0x0x1d93999975e42ca
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\OpenWith.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\ucrtbase.dll
Berichtskennung: df6604db-0544-4dc7-86aa-de9831440a89
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/05/2023 08:39:32 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-TOVUM2BS)
Description: Name der fehlerhaften Anwendung: OpenWith.exe, Version: 10.0.22621.675, Zeitstempel: 0x6f466602
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x1af4
Startzeit der fehlerhaften Anwendung: 0x0x1d93999920943db
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\OpenWith.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\ucrtbase.dll
Berichtskennung: 708887a7-2deb-4e79-9334-a8eba24d5ea7
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/05/2023 08:39:24 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-TOVUM2BS)
Description: Name der fehlerhaften Anwendung: OpenWith.exe, Version: 10.0.22621.675, Zeitstempel: 0x6f466602
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.900, Zeitstempel: 0xa97a9ed6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000008eadf
ID des fehlerhaften Prozesses: 0x0x48cc
Startzeit der fehlerhaften Anwendung: 0x0x1d939998d093be7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\OpenWith.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 6709b793-c193-4f26-99c6-293dbd3b3435
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/05/2023 07:01:55 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm dllhost.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (02/05/2023 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsort "F:\" nicht abgeschlossen. Fehler: Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006).

Error: (02/05/2023 06:51:37 PM) (Source: Firefox Default Browser Agent) (EventID: 1155) (User: )
Description: Event-ID 1155

Error: (02/03/2023 12:19:34 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


Systemfehler:
=============
Error: (02/06/2023 07:45:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows-Kamera-Frame-Server-Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (02/06/2023 07:45:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Kamera-Frame-Server-Monitor erreicht.

Error: (02/06/2023 07:38:00 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-TOVUM2BS)
Description: Der Server "{5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/06/2023 06:35:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "System Interface Foundation Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (02/06/2023 06:34:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop

Error: (02/06/2023 06:28:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP

Error: (02/06/2023 06:23:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9WZDNCRFHWLH-AD2F1837.HPPRINTERCONTROL

Error: (02/06/2023 06:21:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "System Interface Foundation Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.


CodeIntegrity:
===============
Date: 2023-02-05 18:52:40
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: LENOVO DMCN32WW 07/14/2020
Hauptplatine: LENOVO ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Prozessor: AMD Ryzen 7 4700U with Radeon Graphics 
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 15725.3 MB
Verfügbarer physikalischer RAM: 10552.02 MB
Summe virtueller Speicher: 16749.3 MB
Verfügbarer virtueller Speicher: 9933.45 MB

==================== Laufwerke ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:234.48 GB) (Model: WDC PC SN730 SDBPNTY-512G-1101) NTFS

\\?\Volume{daea3309-93bd-442e-b19d-32d69c29a808}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.4 GB) NTFS
\\?\Volume{505278d4-8887-4d1c-a4b4-3c0d40af36d0}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3DEA6EA5)

Partition: GPT.

==================== Ende von Addition.txt =======================
         

Alt 06.02.2023, 21:25   #14
M-K-D-B
/// TB-Ausbilder
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



Bitte als Nächstes den folgenden Fix mit FRST ausführen.
Anschließend Kontrolle mit ESET bitte.





Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    SystemRestore: On 
    CreateRestorePoint:
    CloseProcesses:
    2020-08-12 10:11 - 2020-08-12 10:11 - 000003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
    HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Uninstall 20.134.0705.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\20.134.0705.0008\amd64" (Keine Datei)
    HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Uninstall 20.134.0705.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\20.134.0705.0008" (Keine Datei)
    HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Keine Datei)
    HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Keine Datei)
    HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2023-02-05]
    Task: {6BD7A99C-13E7-46AD-94BF-5F8653B722E1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (Keine Datei)
    Task: {7FDF1513-830B-4265-9A8D-9F1290D7E205} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Keine Datei <==== ACHTUNG
    Task: {82BEE1B1-5140-4523-9D4C-1C9B8EFEF0E4} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Keine Datei <==== ACHTUNG
    Task: {971ACE7C-4A56-446F-9814-A5524C7383C8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Keine Datei)
    Task: {A0061D87-A25F-41AB-A3A5-B6FDEAEFC7C3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Keine Datei <==== ACHTUNG
    Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
    Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
    Task: {FC2E46B1-F974-4FDB-9A0A-C07822FFFB53} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Keine Datei)
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
    Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
    Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
    Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
    Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
    S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
    C:\Users\AllUserName\AppData\Local\Google\Chrome
    DeleteKey: HKLM\SOFTWARE\Google\Chrome
    DeleteKey: HKLM\SOFTWARE\WOW6432Node\Google\Chrome
    DeleteKey: HKCU\SOFTWARE\Google\Chrome
    CMD: type "C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js"
    CMD: type "C:\Program Files\mozilla firefox\zlonrrylmi4.cfg"
    VirusTotal: C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js
    VirusTotal: C:\Program Files\mozilla firefox\zlonrrylmi4.cfg 
    C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js
    C:\Program Files\mozilla firefox\zlonrrylmi4.cfg 
    startpowershell:
    Function Remove-all-windefend-excludes {
    $Paths=(Get-MpPreference).ExclusionPath
    $Extensions=(Get-MpPreference).ExclusionExtension
    $Processes=(Get-MpPreference).ExclusionProcess
    foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
    foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
    foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
    }
    Set-MpPreference -DisableAutoExclusions $true -Force
    Remove-all-windefend-excludes
    endpowershell:
    CMD: netsh winsock reset
    CMD: netsh int ip reset
    CMD: ipconfig /flushdns
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winhttp reset proxy
    CMD: Bitsadmin /Reset /Allusers
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    Hosts:
    RemoveProxy:
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke direkt auf den Button Reparieren.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!

  • Wichtig:
    • Bitte gedulde dich, sobald du die Reparatur gestartet hast. Je nach Art und Umfang der notwendigen Reparaturen kann dies einige Minuten dauern.
      Eventuell erhältst du während der Reparatur auch die Information "keine Rückmeldung" von FRST. Das ist normal, du musst nichts weiter tun, nur warten.
    • Mit diesem Fix werden alle temporären Dateien/Browserdaten sowie der Papierkorb gelöscht.

  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Führe ESET Online Scanner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei des FRST-Fix (fixlog.txt)
  • die Logdatei von ESET

Alt 06.02.2023, 23:17   #15
Hans-Juergen
 
Verdacht auf Malware in Zusammenhang mit conhost - Standard

Verdacht auf Malware in Zusammenhang mit conhost



hier die Fixlog.txt

Code:
ATTFilter
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-02-2023
durchgeführt von User (06-02-2023 21:50:20) Run:1
Gestartet von C:\Users\User\Desktop
Geladene Profile: User & paula
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
SystemRestore: On 
CreateRestorePoint:
CloseProcesses:
2020-08-12 10:11 - 2020-08-12 10:11 - 000003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Uninstall 20.134.0705.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\20.134.0705.0008\amd64" (Keine Datei)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Uninstall 20.134.0705.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\20.134.0705.0008" (Keine Datei)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\User\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Keine Datei)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2023-02-05]
Task: {6BD7A99C-13E7-46AD-94BF-5F8653B722E1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (Keine Datei)
Task: {7FDF1513-830B-4265-9A8D-9F1290D7E205} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Keine Datei <==== ACHTUNG
Task: {82BEE1B1-5140-4523-9D4C-1C9B8EFEF0E4} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Keine Datei <==== ACHTUNG
Task: {971ACE7C-4A56-446F-9814-A5524C7383C8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Keine Datei)
Task: {A0061D87-A25F-41AB-A3A5-B6FDEAEFC7C3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Keine Datei <==== ACHTUNG
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
Task: {FC2E46B1-F974-4FDB-9A0A-C07822FFFB53} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Keine Datei)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
C:\Users\AllUserName\AppData\Local\Google\Chrome
DeleteKey: HKLM\SOFTWARE\Google\Chrome
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Google\Chrome
DeleteKey: HKCU\SOFTWARE\Google\Chrome
CMD: type "C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js"
CMD: type "C:\Program Files\mozilla firefox\zlonrrylmi4.cfg"
VirusTotal: C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js
VirusTotal: C:\Program Files\mozilla firefox\zlonrrylmi4.cfg 
C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js
C:\Program Files\mozilla firefox\zlonrrylmi4.cfg 
startpowershell:
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
endpowershell:
CMD: netsh winsock reset
CMD: netsh int ip reset
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************

SystemRestore: On => abgeschlossen
Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
C:\Users\User\AppData\Local\file__0.localstorage => erfolgreich verschoben
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 20.134.0705.0008\amd64" => nicht gefunden
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 20.134.0705.0008" => nicht gefunden
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => nicht gefunden
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => nicht gefunden
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => erfolgreich entfernt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BD7A99C-13E7-46AD-94BF-5F8653B722E1}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD7A99C-13E7-46AD-94BF-5F8653B722E1}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FDF1513-830B-4265-9A8D-9F1290D7E205}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDF1513-830B-4265-9A8D-9F1290D7E205}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82BEE1B1-5140-4523-9D4C-1C9B8EFEF0E4}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82BEE1B1-5140-4523-9D4C-1C9B8EFEF0E4}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{971ACE7C-4A56-446F-9814-A5524C7383C8}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{971ACE7C-4A56-446F-9814-A5524C7383C8}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0061D87-A25F-41AB-A3A5-B6FDEAEFC7C3}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0061D87-A25F-41AB-A3A5-B6FDEAEFC7C3}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC2E46B1-F974-4FDB-9A0A-C07822FFFB53}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC2E46B1-F974-4FDB-9A0A-C07822FFFB53}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\WinSetupMon => erfolgreich entfernt
WinSetupMon => Dienst erfolgreich entfernt
"C:\Users\ProgramData\AppData\Local\Google\Chrome" => nicht gefunden
"C:\Users\Default\AppData\Local\Google\Chrome" => nicht gefunden
"C:\Users\defaultuser100000\AppData\Local\Google\Chrome" => nicht gefunden
C:\Users\paula\AppData\Local\Google\Chrome => erfolgreich verschoben
"C:\Users\Public\AppData\Local\Google\Chrome" => nicht gefunden
C:\Users\User\AppData\Local\Google\Chrome => erfolgreich verschoben
"HKLM\SOFTWARE\Google\Chrome" => erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Google\Chrome => erfolgreich entfernt
"HKCU\SOFTWARE\Google\Chrome" => erfolgreich entfernt

========= type "C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js" =========

// The first line of this and the config file will always be ignored. Set default search for adaware users after consent
pref("general.config.filename", "zlonrrylmi4.cfg");
pref("general.config.obscure_value", 0);

========= Ende von CMD: =========


========= type "C:\Program Files\mozilla firefox\zlonrrylmi4.cfg" =========

// This line is ignored. adaware cfg file.
// Import the XPCOM component
var Cu = Components.utils;
Cu.import("resource://gre/modules/Services.jsm");

function addSearch() {
	// Check if we have already added our search engine, as we don't want to keep adding it
	if (Services.search.getEngines().indexOf(Services.search.getEngineByName("My Firefox Search Search Engine")) === -1) {
		// let iconURI = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABGklEQVQoz2NgGB6AnZ1dUlJSXl4eSDIyMhLW4Ovr%2B%2Fr168uXL69Zs4YoG%2BLi4i5dusTExMTGxsbNzd3f37937976%2BnpmZmagbHR09J49e5YvX66kpATVEBYW9ubNm2nTphkbG7e2tp44cQLIuHfvXm5urpaWFlDKysqqu7v73LlzECMYIiIiHj58mJCQoKKicvXq1bS0NKBgW1vbjh074uPjgeqAXE1NzSdPnvDz84M0AEUvXLgAsW379u1z5swBen3jxo2zZ892cHB4%2BvQp0KlAfwI1cHJyghQFBwfv2rULokFXV%2FfixYu7d%2B8GGqGgoMDKyrpu3br9%2B%2FcDuXl5eVA%2FAEWBfoWHAdAYoNuAYQ0XAeoUERFhGDYAAPoUaT2dfWJuAAAAAElFTkSuQmCC";
		
		// Manually define the search, otherwise setting the search won't work as it hasn't downloaded yet.
		//Services.search.addEngineWithDetails("My Firefox Search Search Engine", "hxxp://www.myfiresearch.com/favicon.ico", "", "", "GET", "https://myfiresearch.com?q={searchTerms}&pId=CH210629&iDate=2021-08-18 07:40:49&bitmask=9997&bName=&sp=1");
		
		Services.search.addEngineWithDetails("My Firefox Search Search Engine", { iconURL: "hxxp://www.myfiresearch.com/favicon.ico", template: "https://myfiresearch.com?q={searchTerms}&pId=CH210629&iDate=2021-08-18 07:40:49&bitmask=9997&bName=&sp=1", suggestURL: "hxxp://api.bing.com/osjson.aspx?q={searchTerms}", });

		// Name of search we're looking for in the search plugin array
		let engine = Services.search.getEngineByName("My Firefox Search Search Engine");
		
		// If the search isn't set, set it
		if (Services.search.currentEngine.name != "My Firefox Search Search Engine") {
			Services.search.currentEngine = engine;
		}
	}
}
// Asynchronously initialize the function, as synchronous initialization will be deprecated eventually.
Services.search.init(() => {
	addSearch();
});
========= Ende von CMD: =========

VirusTotal: C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js => https://www.virustotal.com/gui/file/7597078aa5a89b8f3a9f78473824d665620283746b7b742a04de88bfc3c07d0e/detection/f-7597078aa5a89b8f3a9f78473824d665620283746b7b742a04de88bfc3c07d0e-1675716634
VirusTotal: C:\Program Files\mozilla firefox\zlonrrylmi4.cfg => https://www.virustotal.com/gui/file/f7ce3561659e4db936f7e74151d5ec756af7ee99eee953664950be77c7550fbe/detection/f-f7ce3561659e4db936f7e74151d5ec756af7ee99eee953664950be77c7550fbe-1675716635
C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js => erfolgreich verschoben
C:\Program Files\mozilla firefox\zlonrrylmi4.cfg => erfolgreich verschoben

========= Powershell: =========

Set-MpPreference : Fehler beim Vorgang: 0x800106ba. Vorgang: Set-MpPreference. Ziel: DisableAutoExclusions.
In C:\FRST\tmp000.ps1:9 Zeichen:1
+ Set-MpPreference -DisableAutoExclusions $true -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 

========= Ende von Powershell: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


========= netsh int ip reset =========

Depotweiterleitung wird zurckgesetzt... OK
Depot wird zurckgesetzt... OK
Steuerungsprotokoll wird zurckgesetzt... OK
Echosequenzanforderung wird zurckgesetzt... OK
Global wird zurckgesetzt... OK
Schnittstelle wird zurckgesetzt... OK
Anycastadresse wird zurckgesetzt... OK
Multicastadresse wird zurckgesetzt... OK
Unicastadresse wird zurckgesetzt... OK
Nachbar wird zurckgesetzt... OK
Pfad wird zurckgesetzt... OK
Potentiell wird zurckgesetzt... OK
Pr„fixrichtlinie wird zurckgesetzt... OK
Proxynachbar wird zurckgesetzt... OK
Route wird zurckgesetzt... OK
Standordpr„fix wird zurckgesetzt... OK
Unterschnittstelle wird zurckgesetzt... OK
Reaktivierungsmuster wird zurckgesetzt... OK
Nachbar aufl”sen wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... Fehler
Zugriff verweigert

 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.


========= Ende von CMD: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh advfirewall reset =========

OK.


========= Ende von CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= Ende von CMD: =========


========= netsh winhttp reset proxy =========


Aktuelle WinHTTP-Proxyeinstellungen:

    DirectAccess (kein Proxyserver).


========= Ende von CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {99CEE25F-8DD4-423B-9CAC-04B5D7AF9800}.
{38BAFE7F-D00F-4595-BD30-FB6A712F359B} canceled.
{114445BC-0341-433C-AFEC-E8093073940B} canceled.
{F0A1F037-9932-465C-81D7-470E1010D772} canceled.
3 out of 4 jobs canceled.

========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10522877 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1121243404 B
Edge => 103103 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 813080 B
systemprofile32 => 813080 B
LocalService => 881338 B
NetworkService => 889686 B
User => 441373891 B
paula => 717479251 B
defaultuser100000 => 717479251 B

RecycleBin => 4400914 B
EmptyTemp: => 2.8 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:51:01 ====
         
und die ESET LOG Datei
Code:
ATTFilter
06.02.2023 23:03:59
Geprüfte Dateien: 571869
Erkannte Dateien: 1
Gesäuberte Dateien: 1
Prüfdauer gesamt 01:05:15
Prüfstatus: Abgeschlossen
C:\Users\User\Desktop\facebook.lnk	LNK/MetaOpera.A potenziell unerwünschte Anwendung	durch Löschen gesäubert
         

Thema geschlossen

Themen zu Verdacht auf Malware in Zusammenhang mit conhost
.dll, administrator, adobe, alert, bonjour, browser, conhost.exe infiziert, defender, firefox, google, home, internet, malware, mozilla, performance, prozesse, realtek, registry, scan, server, services.exe, svchost.exe, temp, updates, webadvisor, windows, windows updates



Ähnliche Themen: Verdacht auf Malware in Zusammenhang mit conhost


  1. Malware Verdacht
    Plagegeister aller Art und deren Bekämpfung - 18.01.2023 (16)
  2. Verdacht dass ich mir ein Probleme mit nicht entfernbaren Bedrohungen / Verdacht auf Viren oder Malware
    Plagegeister aller Art und deren Bekämpfung - 30.03.2021 (7)
  3. Verdacht auf Malware
    Log-Analyse und Auswertung - 11.03.2019 (6)
  4. Malware Verdacht
    Plagegeister aller Art und deren Bekämpfung - 13.04.2018 (3)
  5. Verdacht auf Malware
    Log-Analyse und Auswertung - 03.10.2017 (17)
  6. Prozesse conhost.exe svchost.exe reg.exe mehrmals vorhanden. Verdacht auf Infektion
    Log-Analyse und Auswertung - 08.11.2015 (4)
  7. PC langsam-Verdacht auf Malware
    Log-Analyse und Auswertung - 16.01.2015 (15)
  8. Mac Verdacht auf Malware: SamsungAiOBonjourAgent.app
    Alles rund um Mac OSX & Linux - 16.11.2014 (8)
  9. [3x Conhost?] Ständig laufen 3 Conhost.exe -Anwendungen
    Log-Analyse und Auswertung - 17.06.2014 (7)
  10. Verdacht auf Malware
    Log-Analyse und Auswertung - 08.01.2014 (140)
  11. Computergeschwindigkeit stark eingeschränkt.Zusammenhang mit Malware möglich.
    Log-Analyse und Auswertung - 02.12.2013 (9)
  12. Verdacht auf Malware
    Log-Analyse und Auswertung - 08.08.2011 (1)
  13. Verdacht auf Malware
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (19)
  14. Conhost.exe und erhöhtes Aufkommen vonentdeckten/r Viren/Malware
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (19)
  15. Verdacht auf Malware etc. !
    Log-Analyse und Auswertung - 11.09.2009 (1)
  16. Malware-Verdacht !
    Log-Analyse und Auswertung - 18.06.2009 (2)
  17. spy/malware verdacht. evt. mehr
    Plagegeister aller Art und deren Bekämpfung - 17.07.2008 (3)

Zum Thema Verdacht auf Malware in Zusammenhang mit conhost - Hallo seit einiger Zeit habe ich den Verdacht, dass unsere Rechner mit Schadsoftware infiziert sind. Beispielweise öffnen und schließen sich unmotiviert consolenfenster und entsprechende Prozesse sind in der Registry gelistet. - Verdacht auf Malware in Zusammenhang mit conhost...
Archiv
Du betrachtest: Verdacht auf Malware in Zusammenhang mit conhost auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.