Hans-Juergen | 04.02.2023 17:27 | Verdacht auf Malware in Zusammenhang mit conhost Hallo
seit einiger Zeit habe ich den Verdacht, dass unsere Rechner mit Schadsoftware infiziert sind.
Beispielweise öffnen und schließen sich unmotiviert consolenfenster und entsprechende Prozesse sind in der Registry gelistet.
Daher wollte ich mit dem Schulrechner unserer Tochter mal anfangen und den genauer analysieren. Den in der Checkliste aufgeführten Scan habe ich ausgeführt und angehangen.
Als Virensoftware wird McAfee Total Protection eingesetzt und regelmäßig aktuallisiert, ebenso werden Windows updates regelmäßig eingespielt. Die Virensoftware hat bislang aber keine Ergebnisse gefunden.
Danke & viele Grüße
Hans-Jürgen Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2023
Ran by User (administrator) on LAPTOP-TOVUM2BS (LENOVO 82A2) (04-02-2023 17:10:07)
Running from C:\Users\paula\Downloads\Papa
Loaded Profiles: User & paula
Platform: Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (MUSARUBRA US LLC -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\dispatcher.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\msedgewebview2.exe <12>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\UserSSCtrl.exe
(DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atieclxx.exe
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\sldworks_fs.exe
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\paula\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <23>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize (2)\SWVisualize.Queue.Server.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\5.4.105.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_22_7\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(services.exe ->) (Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(sihost.exe ->) 0 C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.28.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(sihost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe <6>
(sihost.exe ->) 0 C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2252.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.21146.0_x64__8wekyb3d8bbwe\onenoteim.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_422.33900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084192 2020-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [357944 2022-02-08] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3216784 2022-09-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9923856 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\Installer\setup.exe [4022216 2023-01-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\RunOnce: [ccleaner_update_helper] => C:\Program Files\CCleaner\ccleaner_update_helper.exe [710992 2023-01-30] (PIRIFORM SOFTWARE LIMITED -> Piriform)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-08-18] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1001\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4095184 2021-08-11] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\paula\AppData\Local\Microsoft\Teams\Update.exe [2587416 2023-01-09] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\Run: [Opera Browser Assistant] => C:\Users\paula\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3916232 2022-12-20] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2775161839-3573256424-1513776773-1002\...\MountPoints2: {e74f27b5-09cd-11ec-aabe-f8a2d6e80c66} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-30] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2020 Fast Start.lnk [2021-08-23]
ShortcutTarget: SOLIDWORKS 2020 Fast Start.lnk -> C:\Windows\Installer\{3F4681F3-B30B-4531-ADB2-3661B531F926}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2021 Fast Start.lnk [2022-03-22]
ShortcutTarget: SOLIDWORKS 2021 Fast Start.lnk -> C:\Windows\Installer\{9C0A2571-4AAE-4FEE-B673-038B38B85EFC}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [File not signed]
Startup: C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-12-28]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03933E32-E682-4E55-A74B-9C44C9BE4E88} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {0537EDE7-55E0-4BC7-8B2C-98409E68FF61} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {0652DF37-E549-45F3-AA26-19093AB2C6F6} - System32\Tasks\SOLIDWORKS Electrical Archiver => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe [275912 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)
Task: {06A91B9B-9780-4A93-A467-A9618F8CB78D} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {0F4EDE93-0408-4281-9305-60F7B9795690} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [661408 2023-02-01] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {12E9E526-1A20-49FC-8271-F449F40D79BD} - System32\Tasks\Opera scheduled Autoupdate 1629315665 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [41906896 2021-08-11] (Opera Software AS -> Opera Software)
Task: {193B012A-CE38-4800-8C29-C58DC1A1CF1A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {1DB6AB68-B9C9-4735-B9DA-5E523B547903} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {216EDC6A-6E9A-4AF1-9F55-60A069CEB36A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4dbfac73-560c-46f4-a3b4-8d2ad6664efd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {223993BB-5B5D-4D86-8118-7B1A515AAEEC} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {229AA8CC-B7CE-4DCF-8FA1-B68E1287BB4A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {23A71281-F51B-43D5-A157-3656A052672B} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {28B20591-8D63-4D76-B0C9-D0BD1BF80001} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {295377EC-45F9-4584-9EA7-FBD4B824988B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D33D57F-E734-4F57-988B-07B1309A1B64} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {321F6758-1FA0-4ED2-8F1C-60AE4F561A00} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {32E96B56-C417-4AD2-BF06-772D8C7AA6AA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {355B11B0-D02A-42F8-900A-1B60956C7E3F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\36546c7c-5db5-4d39-b8ab-a2ebd1918d36 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {371D4512-1086-43B2-B347-638020514BFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {3871551E-8055-4FBE-857C-62A004ED49AD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {3BE74C7C-737F-43F8-AD2C-2D907E0D175C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {468A3CD7-D8EB-4F80-9563-BE1A1FE128F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A031822-F4ED-4A4C-B5B4-0F1B454009CB} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {4E5C5973-9117-4898-A198-9C8668AC9EBB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24584376 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {58949759-2280-47CD-AF35-AEAC31293DEF} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [63960 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {5AC2C119-CC36-44B4-B36B-2BCF88E3AA9D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Wsc Startup event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {659055C8-970E-4BE0-AFE0-DBD0B98900A0} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {695391D1-573B-4CEF-87FF-EAD15ADF41B0} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4092968 2022-09-08] (McAfee, LLC -> McAfee, LLC)
Task: {6BD7A99C-13E7-46AD-94BF-5F8653B722E1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {787FFE05-3762-4308-9578-4108900C790D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [466944 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {7F598745-086E-4C77-B6D1-69750909CAAF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1003496 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7FDF1513-830B-4265-9A8D-9F1290D7E205} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {82BEE1B1-5140-4523-9D4C-1C9B8EFEF0E4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {85201293-2A6F-45C4-A554-78EF8F3DC16C} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {88AD7BEE-D899-4565-92FF-1CF07A87C172} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [47104 2021-08-24] (Advanced Micro Devices, Inc.) [File not signed]
Task: {89C59246-80EA-442A-9CAF-26EA2B46273E} - System32\Tasks\Opera scheduled assistant Autoupdate 1629315681 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [41906896 2021-08-11] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {8A59DDC2-FB4D-47F1-857D-AEA42104F26E} - System32\Tasks\Opera scheduled assistant Autoupdate 1612209386 => C:\Users\paula\AppData\Local\Programs\Opera\launcher.exe [2607560 2023-01-19] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\paula\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {971ACE7C-4A56-446F-9814-A5524C7383C8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (No File)
Task: {A0061D87-A25F-41AB-A3A5-B6FDEAEFC7C3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A16539EE-2645-4E0E-9BCD-DF8A88ACD50C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [768288 2022-03-24] (McAfee, LLC -> McAfee, LLC)
Task: {A34B6C59-0108-4BC1-81ED-9ADA4F223F3D} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {AAF59C3C-8DD6-4C9F-8836-7ED8D8DEB8EE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [269272 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {ADCA7BDA-0A7D-49C4-B079-B313143887C3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\297ca788-2a8d-45d3-ab10-6554caf55dbc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {AE093EDC-AEF5-4FD2-A74F-D271BC291B7F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B2B73314-6D70-4B2C-8C37-7EE8EFD16E16} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {B35271B8-2242-4C16-B283-94747B6C1279} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a102a663-2a89-40db-b661-8075fa7a706e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {B706F2B8-E302-42E9-81CB-CFAFB9194EAC} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [932376 2022-10-13] (McAfee, LLC -> McAfee, LLC)
Task: {BB2E0810-81F5-4D82-91D6-C73150BF847B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-08-17] (Google Inc -> Google LLC)
Task: {C83ABACA-75A1-4A7C-8455-F95067B7A9F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {CCF7E1CE-A3F6-47D1-893D-26110A8B4870} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CED89B4F-4E02-46DC-A0DA-E6A5A9B39564} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {CF73B423-0B02-43FA-B1A3-381ED7698B6C} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {D94EF845-A9E6-4DE9-81AB-FB29D602E816} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DA3BF6C0-9525-4EBB-B170-74D94F8490A8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {DA6EEDCD-5DDD-4389-87C9-22F0457C6DF5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {DAB1AD04-6207-412D-BC78-DD008EB3B1ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {DB014619-BBC0-4C48-A1A6-26A20B54CD74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-08-17] (Google Inc -> Google LLC)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {EB295AF2-508F-4061-B391-6F4CDEA18B4C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED0BA2CF-8D0E-4D83-B722-5654BEC4F084} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {F1F28710-FC17-4752-B5E5-91F281549DA7} - System32\Tasks\Opera scheduled Autoupdate 1612209381 => C:\Users\paula\AppData\Local\Programs\Opera\launcher.exe [2607560 2023-01-19] (Opera Norway AS -> Opera Software)
Task: {F22F0B6A-D0D1-4F8D-8AAB-8787C09804FB} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [466944 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {F2FF319C-020D-4911-A8A4-3BD0A6F1AD24} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {F5F01F63-9905-4B2E-813F-07B06E027ACA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8867F90B-F2D8-4898-AF0E-1BAD726CC2B7\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {F6BE1AAC-FF44-4B82-AC2D-AD90472F1FC7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [932376 2022-10-13] (McAfee, LLC -> McAfee, LLC)
Task: {FC2E46B1-F974-4FDB-9A0A-C07822FFFB53} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\SOLIDWORKS Electrical Archiver.job => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{2c73278c-8bfc-40c2-b9c5-851cd9df4d71}: [DhcpNameServer] 192.168.179.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-17]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FireFox:
========
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [File not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2023-01-11] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SO46F1~1\Bin\x86\NPCOMP~1.DLL [2021-03-27] (DASSAULT SYSTEMES SE -> Dassault Systemes) [File not signed]
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> \\devsilo1\builds\sw2021_sp03\sw\Release\x64\d210326.009.BGS.final\composer\Bin\npcomposerplayerwebplugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-08-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-08-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2023-01-10] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\zlonrrylmi4.js [2021-08-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\zlonrrylmi4.cfg [2021-08-18] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-08-17]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR HKLM\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2022-02-25] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-04] (Microsoft Corporation -> Microsoft Corporation)
S3 CoordinatorServiceHost; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe [79520 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe [2283600 2021-04-27] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [185288 2021-03-27] (Dassault Systemes SolidWorks Corp. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [364928 2020-06-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
S3 impi_hydra; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\hydra_service.exe [924472 2021-03-27] (Intel(R) Software Development Products -> Intel Corporation)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1808728 2020-05-27] (Lenovo -> Lenovo(beijing) Limited)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [11072008 2022-09-07] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [856472 2023-02-03] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_22_7\McApExe.exe [816696 2022-10-17] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\5.4.105.0\\McCSPServiceHost.exe [3379584 ] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1571608 2022-10-09] (McAfee, LLC -> McAfee, LLC)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [366520 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4248712 2022-10-14] (McAfee, LLC -> McAfee, LLC)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [98624 2020-07-22] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-07-22] (ProtonVPN AG -> )
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe [252936 2021-03-27] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SmartSense; C:\WINDOWS\System32\DriverStore\FileRepository\lnvsst.inf_amd64_4e633fced20b4d0e\SmartSense.exe [155848 2020-08-30] (Lenovo -> Lenovo Group Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2021-08-23] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [607160 2022-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 SWVisualize2020.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [30208 2020-05-08] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
R2 SWVisualize2021.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize (2)\SWVisualize.Queue.Server.exe [30368 2021-03-27] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-08-18] (LAVASOFT SOFTWARE CANADA INC -> )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137552 2022-12-15] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_b2ecd28976c27717\amdacpafd.sys [348056 2021-08-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41536 2021-07-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\amdkmdag.sys [80540576 2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77888 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181072 2019-07-22] (GENESYS LOGIC, INC. -> Genesys Logic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476224 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349760 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84440 2022-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Trellix US LLC.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [445504 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [920128 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [665424 2022-07-07] (Musarubra US LLC -> Trellix US LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [119632 2022-07-07] (Musarubra US LLC -> Trellix US LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [112712 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [234584 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S4 RsFx0321; C:\WINDOWS\System32\DRIVERS\RsFx0321.sys [258720 2018-07-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_23312dee5c4e1993\rtu53cx22x64.sys [1008864 2022-10-05] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2022-10-16] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [127512 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
R3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [28680 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-15] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-04 17:09 - 2023-02-04 17:10 - 000000000 ____D C:\FRST
2023-02-04 17:08 - 2023-02-04 17:10 - 000000000 ____D C:\Users\paula\Downloads\Papa
2023-02-04 16:31 - 2023-02-04 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2023-02-04 16:30 - 2023-02-04 16:30 - 000722202 _____ C:\WINDOWS\system32\perfh007.dat
2023-02-04 16:30 - 2023-02-04 16:30 - 000149258 _____ C:\WINDOWS\system32\perfc007.dat
2023-02-03 12:29 - 2023-02-03 12:29 - 000000000 ____D C:\Users\paula\Documents\Benutzerdefinierte Office-Vorlagen
2023-02-01 21:34 - 2023-02-04 16:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-30 07:55 - 2023-02-04 16:25 - 000000000 ____D C:\ProgramData\McInstTemp0190101675061719
2023-01-26 16:24 - 2023-01-26 16:24 - 000000020 ___SH C:\Users\User\ntuser.ini
2023-01-26 15:45 - 2023-01-26 16:13 - 000000000 ___RD C:\Users\paula\Documents\Wichtiges
2023-01-24 14:05 - 2023-01-24 14:05 - 001049564 _____ C:\Users\paula\Downloads\Was ist Rechtsterrorismus.pdf
2023-01-14 20:08 - 2023-01-14 20:08 - 000000000 ___HD C:\$WinREAgent
2023-01-07 13:21 - 2023-01-08 20:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-04 17:08 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-04 17:03 - 2022-11-21 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-04 17:03 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-04 16:41 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-04 16:31 - 2022-11-21 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2023-02-04 16:30 - 2022-11-21 23:45 - 001809546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-04 16:30 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-04 16:29 - 2022-02-14 20:04 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-04 16:28 - 2020-08-17 18:08 - 000000000 ____D C:\Users\paula\AppData\LocalLow\Mozilla
2023-02-04 16:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-04 16:26 - 2021-08-29 12:45 - 000000000 ___RD C:\Users\paula\Berufskolleg Opladen
2023-02-04 16:26 - 2021-08-29 12:00 - 000000000 ___RD C:\Users\paula\OneDrive - Berufskolleg Opladen
2023-02-04 16:26 - 2020-09-07 13:46 - 000000000 ____D C:\Users\paula\AppData\Roaming\WTablet
2023-02-04 16:25 - 2022-11-21 23:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-04 16:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-04 16:25 - 2020-11-10 18:16 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-04 16:25 - 2020-08-17 18:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-04 13:28 - 2020-08-12 14:57 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-04 13:26 - 2022-11-21 23:49 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2775161839-3573256424-1513776773-1002
2023-02-04 13:26 - 2022-11-21 23:49 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2775161839-3573256424-1513776773-1002
2023-02-04 13:26 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-04 13:26 - 2020-11-10 17:18 - 000002410 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-04 13:26 - 2020-08-17 17:26 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-03 22:39 - 2022-11-21 23:49 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-03 22:39 - 2022-11-21 23:49 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-03 13:20 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Roaming\WhatsApp
2023-02-03 13:19 - 2020-08-18 15:03 - 000000000 ____D C:\Users\paula\AppData\Local\WhatsApp
2023-02-03 13:18 - 2020-08-17 18:35 - 000000000 ____D C:\Users\paula\AppData\Local\SquirrelTemp
2023-02-03 13:13 - 2022-11-21 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-03 13:12 - 2020-08-17 18:05 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-03 12:14 - 2022-11-21 23:49 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-01-31 17:15 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\D3DSCache
2023-01-30 11:19 - 2020-10-03 19:29 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-30 10:41 - 2022-11-21 23:49 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-01-30 10:41 - 2022-10-16 10:32 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-30 10:41 - 2022-10-16 10:32 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-30 07:55 - 2022-11-21 23:49 - 000003346 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2023-01-30 07:55 - 2022-05-07 06:17 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2023-01-30 07:55 - 2021-01-15 19:19 - 000000000 ____D C:\Program Files (x86)\McAfee
2023-01-30 07:54 - 2020-08-17 20:44 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-30 07:54 - 2020-08-17 20:44 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-01-30 07:53 - 2020-08-17 20:44 - 000000000 ____D C:\Program Files\CCleaner
2023-01-26 20:03 - 2021-08-29 13:54 - 000000000 ___RD C:\Users\paula\Documents\TAHR 12 & 13
2023-01-26 19:13 - 2021-08-29 13:52 - 000000000 ____D C:\Users\paula\Documents\Gemeinde
2023-01-26 16:14 - 2022-01-15 17:54 - 000000000 ____D C:\Users\paula\AppData\Roaming\KeePass
2023-01-26 16:12 - 2021-08-29 13:50 - 000000000 ____D C:\Users\paula\Documents\Bewerbungen
2023-01-26 16:10 - 2020-08-17 17:57 - 000000000 ____D C:\Users\paula\AppData\Local\Packages
2023-01-26 16:09 - 2021-08-29 13:53 - 000000000 ___RD C:\Users\paula\Documents\TAHR 11
2023-01-24 14:53 - 2021-08-29 11:46 - 000000000 ____D C:\Users\paula\AppData\Local\CrashDumps
2023-01-23 22:47 - 2022-11-21 23:49 - 000004228 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1612209381
2023-01-23 22:47 - 2021-02-01 20:56 - 000001420 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2023-01-15 17:02 - 2022-11-21 23:45 - 001755128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-15 17:02 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-15 17:02 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-01-14 20:43 - 2020-08-17 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-14 20:41 - 2020-08-17 22:19 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-01-14 20:11 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-14 20:09 - 2022-11-21 23:45 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-14 15:59 - 2021-09-14 13:50 - 000000000 ____D C:\Users\paula\AppData\Local\AMD_Common
2023-01-09 21:32 - 2022-11-21 23:00 - 000000000 ____D C:\Users\paula
2023-01-09 11:46 - 2022-02-08 12:00 - 000002413 _____ C:\Users\paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-01-09 11:46 - 2022-02-08 12:00 - 000002405 _____ C:\Users\paula\Desktop\Microsoft Teams (work or school).lnk
2023-01-07 13:25 - 2020-08-17 18:08 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
==================== Files in the root of some directories ========
2022-01-17 22:35 - 2022-01-17 22:35 - 018809915 _____ (Dr. J. Rathlev ) C:\Users\paula\pb-setup-x64-6.2.1000.exe
2020-08-12 10:11 - 2020-08-12 10:11 - 000003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ======================== |