Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 10 ist plötzlich total langsam (https://www.trojaner-board.de/201791-windows-10-ploetzlich-total-langsam.html)

Sweeny 13.05.2021 17:15
Windows 10 ist plötzlich total langsam
 
Hallo,

seit 2-3 Tagen ist Windows 10 total langsam. Ein Klick auf ein Menüpunkt beim Chrome, Outlook oder bei den Windows-Einstellungen wird total verzögert verarbeitet (1-2 Sekunden). Start klappt so schnell wie üblich.

Ich habe ein Windows Defender-Scan gemacht; nichts gefunden. Den Defender hatte ich irgendwie verdächtigt; darum habe ich auf Malwarebytes umgestellt - aber es wird nicht besser. Statt mit Chrome bin ich dann mit dem Firefox ins Internet gegangen; aber auch das hat es nicht verbessert.

Farbar-Scan-Ergebnis liegt bei.

Im Taskmanager sieht man eine hohe Arbeitsspeicher-Belastung (insg. über 50%, manchmal über 60% - 1 GByte etwa Chrome, 1/4 GByte Malarebytes; danach alles kleiner).

Ich würde mich sehr freuen, wenn Ihr mir helfen könntet. Hier die Farbar-Scans.

Viele Grüße
Sweeny

EDIT: Ich sehe gerade, dass ich vermutlich im falschen Unterforum bin; sorry.

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021
Ran by Daniela (administrator) on PC (13-05-2021 18:05:28)
Running from C:\Users\Alexander\Downloads
Loaded Profiles: Daniela & Alexander
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

((c)2016 Datacolor) [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Gira Giersiepen GmbH & Co. KG) [File not signed] C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <39>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\MobileBrServ\mbbService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\jbServices.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncCheck.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\net.exe
(Notepad++ -> Don HO don.h@free.fr) E:\Program Files (x86)\Notepad++\notepad++.exe
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
0 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.215.0_x64__8wekyb3d8bbwe\YourPhone.exe
0 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21021.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-08-29] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [MD5 File Hasher] => C:\Program Files (x86)\MD5 File Hasher\MD5FileHasher -s
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33031648 2021-05-06] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-30] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [PureSync] => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncTray.exe [1433888 2021-01-12] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [8030280 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [3F39F816CD7BDDEEE521D84DB3B9E481A1B62B66._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [Amazon Music] => C:\Users\Daniela_2\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2746184 2016-08-22] (Link64 GmbH -> Link64 GmbH)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [PTOneClick] => C:\Users\Daniela_2\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe [7780040 2021-01-08] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\Daniela_2\AppData\Local\WebEx\ciscowebexstart.exe [3712216 2021-05-09] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [110264 2013-04-09] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Winlogon\GPExtensions: [{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}] -> %SystemRoot%\System32\RdpGroupPolicyExtension.dll
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-13]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-11-30]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) [File not signed]
Startup: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-13]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04291AB8-1BFF-482D-A354-0DAA63096B83} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [880 2020-09-25] () [File not signed]
Task: {04620E3E-9FF6-47C3-A01D-3391D0960B5E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {157F03BB-812E-48C2-978F-EB0066E01444} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe
Task: {1962D670-73A2-4161-9A19-96A76222E178} - System32\Tasks\JumpingBytes\PureSyncElvDaniela => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncHelper.exe [168304 2020-12-29] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
Task: {1B78249E-0F85-4595-AD1B-CCAB4B056072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D915986-CA90-4D97-B368-5FDEF41966A6} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {1E639B88-7427-4D46-BDE4-EED2D5F7C033} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe
Task: {24F345DF-CDEF-4C26-AD31-EAF482740CED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2D8ADC5D-837C-4828-AA64-3FC4C3079E99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2EBB0D39-C126-4B26-8B72-90B964C712B3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-04-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {37892A5E-D1D4-452D-ADFE-6422BB2D4776} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {3B3F30A3-9CD8-4F03-B0DF-8C8B6A87E0C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {4426CA6A-6D63-4546-9887-23745332C150} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Alexander\Downloads\adwcleaner_8.0.8.exe [8447152 2021-01-04] (Malwarebytes Inc -> Malwarebytes)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {49F6C337-FA53-4D3B-843D-BED1B91BE776} - System32\Tasks\{54BA2233-CCFA-4261-A274-CCA9C78F9057} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.13.0.101/de/abandoninstall?page=tsProgressBar
Task: {5A9BE10E-CDC1-4CB2-B604-82B206E024CF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5DF044AA-F71D-465A-A02D-9661F829562B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} - System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {730AC712-A578-4E65-9B1C-81CDB7383A0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D264AAA-6A33-4C26-BBF6-E2793D0725E8} - System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {817196E8-49EA-44B0-9801-06263B2B7759} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {83B0D73A-F964-44E7-8F91-623ED70F52B5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8B0BA113-9347-4E90-ABA6-4E0044A54B3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {982191EA-C967-4C55-89E1-98A29DCF2D7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A1A1065C-53BB-44A2-AB31-FF1A14B21F33} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-30] (Garmin International, Inc. -> )
Task: {A22B84F6-6C73-4A07-B406-F3E8401D1215} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A571E058-5154-4DEF-A1FD-35E525B5A7D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A698037E-D4C5-48F7-9873-E12612DF4122} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B94B5459-13C5-4CFC-AEFB-0D44C00DDBBA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D73272D8-6B30-42B4-9F86-9D193D236005} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DA7D7AEF-5F67-4FE5-A4B2-A48329BB6822} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {DC1F9E36-2BB2-4476-9905-DC43F652CE24} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {DFB52FB2-5D05-488A-A154-428C6E6F1FC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E44C1574-A4D3-44BD-B903-47238C91A761} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E61B52C4-BD2A-4CEF-99C4-F3F3234E3778} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {FCCFE89B-E986-4F5E-872C-78311469263D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5480B2BA-F1B7-4A2B-8A15-1DF39A453731}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{60341516-228f-4571-b28b-6a54ea39e1de}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{6f5fd123-17cc-41ab-880d-ba370803e490}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{819399cc-6cbd-46fa-85c8-6453fe863580}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{da847a6d-8b87-488d-8d74-945bab7d8180}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{eaaf18ef-cd74-4176-90b9-86a9fc005615}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ef76afab-0760-4a1b-b70f-36c9844b65b6}: [DhcpNameServer] 192.168.178.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default [2021-05-13]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.heise.de/newsticker/"
CHR Extension: (Dictanote) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2019-04-22]
CHR Extension: (Google Drive) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-15]
CHR Extension: (YouTube) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-25]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2015-11-20]
CHR Extension: (Google-Suche) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
CHR Extension: (KeePassHttp-Connector) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafgdjggglmmknipkhngniifhplpcldb [2019-04-22]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-03-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-24]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-05-13]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2021-05-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-24]
CHR Extension: (Google Mail) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-13]
CHR HKU\S-1-5-21-565462843-2377332638-636861087-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 Cloud Station Backup VSS Service x64; C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe [287256 2018-03-01] (Synology Inc. -> ) [File not signed]
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [352280 2019-03-06] (Synology Inc. -> ) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-14] (Macrovision Europe Ltd.) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1242696 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
R2 GPAService; C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe [9216 2020-04-29] (Gira Giersiepen GmbH & Co. KG) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-10-31] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [245688 2019-11-15] (Huawei Technologies Co., Ltd. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1705088 2020-05-12] (Rockstar Games, Inc. -> Rockstar Games)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [384072 2013-10-09] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-08-08] (Synology Inc. -> ) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\NisSrv.exe [2599312 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe [128376 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-01-23] (AnchorFree Inc -> The OpenVPN Project)
S3 avmaudio; C:\WINDOWS\System32\DRIVERS\avmaudio.sys [116096 2012-07-14] (AVM Berlin) [File not signed]
S3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-08-05] (AVM Berlin) [File not signed]
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S3 fwlanusbn; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) [File not signed]
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
U4 npcap_wifi; no ImagePath
S1 UimBus; \SystemRoot\System32\drivers\uimbus.sys [X]
S1 Uim_DEVIM; \SystemRoot\System32\drivers\uimdevim.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 17:57 - 2021-05-13 17:57 - 000070863 _____ C:\Users\Alexander\Downloads\Shortcut.txt
2021-05-13 17:53 - 2021-05-13 17:53 - 002299392 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64 (1).exe
2021-05-13 14:05 - 2021-05-13 14:05 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-13 14:04 - 2021-05-13 14:04 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-13 14:04 - 2021-05-13 14:04 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-13 13:22 - 2021-05-13 13:22 - 000000000 ____D C:\Users\Alexander\AppData\Local\mbam
2021-05-13 13:21 - 2021-05-13 13:21 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-13 13:20 - 2021-05-13 13:20 - 002078632 _____ (Malwarebytes) C:\Users\Alexander\Downloads\mbsetup.exe
2021-05-13 13:18 - 2021-05-13 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\AviraSpeedup
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\Avira
2021-05-13 13:07 - 2021-05-13 13:07 - 006554200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alexander\Downloads\avira_de_asu80_1191873915-1620901252__poptws.exe
2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngineLauncher
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngine
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\NVIDIA Corporation
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\EpicGamesLauncher
2021-05-13 12:51 - 2021-05-13 12:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\sp6_log
2021-05-13 12:20 - 2021-05-13 12:20 - 031412280 _____ (Piriform Software Ltd) C:\Users\Alexander\Downloads\ccsetup579.exe
2021-05-13 09:35 - 2021-05-13 09:35 - 000048980 _____ C:\Users\Alexander\Downloads\rkma.Nodes_.WindowControllerNode-1.0.29.zip
2021-05-13 08:59 - 2021-05-13 09:00 - 022337937 _____ C:\Users\Alexander\Downloads\Pegasus_E-Bikes_Betriebsanleitung_BOSCH Intuvia _MY2021_DE.pdf
2021-05-13 08:50 - 2021-05-13 08:50 - 004316080 _____ (Dominik Reichl ) C:\Users\Alexander\Downloads\KeePass-2.48.1-Setup.exe
2021-05-12 20:55 - 2021-05-12 20:56 - 022927958 _____ C:\Users\Alexander\Downloads\XiaomiADBFastbootTools (4).jar
2021-05-12 11:47 - 2021-05-12 11:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-12 11:46 - 2021-05-12 11:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 11:46 - 2021-05-12 11:46 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 11:46 - 2021-05-12 11:46 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-12 07:34 - 2021-05-12 07:34 - 000001474 _____ C:\Users\Alexander\Downloads\URLLink (20).acsm
2021-05-10 20:05 - 2021-05-10 20:05 - 000030113 _____ C:\Users\Alexander\Downloads\Impfquotenmonitoring (4).xlsx
2021-05-06 14:40 - 2021-05-06 14:40 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (5).pdf
2021-05-06 14:39 - 2021-05-06 14:39 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (2).pdf
2021-05-06 14:17 - 2021-05-06 14:17 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (4).pdf
2021-05-06 13:39 - 2021-05-06 13:39 - 004611099 _____ C:\Users\Alexander\Downloads\indego-400-100047627-original-pdf-344873-de-de.pdf
2021-05-06 13:38 - 2021-05-06 13:38 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (1).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (3).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (2).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen.pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008372691 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (1).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 004611099 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 4,4 MB).pdf
2021-05-01 18:21 - 2021-05-01 18:21 - 014562150 _____ C:\WINDOWS\SysWOW64\a6d3737a-f1a4-40bd-ba3b-cab2eec8ba75.gproj
2021-05-01 18:07 - 2021-05-01 18:07 - 014562164 _____ C:\WINDOWS\SysWOW64\8153567d-4c64-4aca-9e59-c4eadc920168.gproj
2021-05-01 18:06 - 2021-05-01 18:06 - 014562198 _____ C:\WINDOWS\SysWOW64\ba0cf4c6-8abb-4ef3-836d-0027a2be1a15.gproj
2021-05-01 17:54 - 2021-05-01 17:54 - 014559759 _____ C:\WINDOWS\SysWOW64\716109be-b030-4168-926d-8f358e3462ce.gproj
2021-05-01 17:42 - 2021-05-01 17:42 - 014560960 _____ C:\WINDOWS\SysWOW64\206a6125-ca37-4ff1-bd34-26fa25967e3a.gproj
2021-05-01 17:30 - 2021-05-01 17:30 - 014553120 _____ C:\WINDOWS\SysWOW64\de74be2b-f678-4b01-804e-40c91755dcda.gproj
2021-05-01 17:22 - 2021-05-01 17:22 - 014547269 _____ C:\WINDOWS\SysWOW64\8f189782-fe33-4ea4-a0e4-9b1c9541efb8.gproj
2021-05-01 17:17 - 2021-05-01 17:17 - 014547335 _____ C:\WINDOWS\SysWOW64\8b5bc60a-7c14-4d40-aaf4-5a8ca818ff66.gproj
2021-05-01 17:15 - 2021-05-01 17:15 - 014547369 _____ C:\WINDOWS\SysWOW64\891c0700-7ff2-4bfb-9d77-14a9740a5e3f.gproj
2021-05-01 17:08 - 2021-05-01 17:08 - 014547263 _____ C:\WINDOWS\SysWOW64\6a86d4bc-d366-4ce9-b851-4e16ae88ed96.gproj
2021-05-01 17:05 - 2021-05-01 17:05 - 014545033 _____ C:\WINDOWS\SysWOW64\300e5685-c2e8-4534-a90c-0d99c7ee4f62.gproj
2021-05-01 15:49 - 2021-05-01 15:49 - 000141876 _____ C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba.zip
2021-05-01 15:49 - 2021-05-01 15:49 - 000000000 ____D C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba
2021-05-01 15:20 - 2021-05-01 15:20 - 014714494 _____ C:\WINDOWS\SysWOW64\923d93eb-517b-40e4-b539-e5242aaf63d0.gproj
2021-05-01 15:20 - 2021-05-01 15:20 - 014389004 _____ C:\WINDOWS\SysWOW64\f63315e3-5003-4437-a614-06f6f43086f7.gproj
2021-05-01 12:38 - 2021-05-01 12:38 - 000614448 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin
2021-05-01 12:37 - 2021-05-01 12:37 - 000438957 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin.gz
2021-05-01 11:22 - 2021-05-01 11:22 - 014389503 _____ C:\WINDOWS\SysWOW64\0f085712-de48-4617-ae9a-5c7980ad6bf5.gproj
2021-05-01 11:13 - 2021-05-01 11:13 - 019694741 _____ C:\Users\Alexander\Downloads\2021_05_01_Zimmerhofer.knxproj
2021-04-28 20:50 - 2021-04-28 20:50 - 000394029 ____C C:\Users\Alexander\Desktop\zeitaufgaben_volle_stunde_1.pdf
2021-04-28 20:38 - 2021-04-28 20:38 - 001387849 _____ C:\Users\Alexander\Desktop\Zirkus_Abschreibkartei_Druck.pdf
2021-04-28 20:37 - 2021-04-28 20:37 - 001238257 _____ C:\Users\Alexander\Desktop\Dominos_Uhrzeiten.pdf
2021-04-28 20:35 - 2021-04-28 20:35 - 000935475 _____ C:\Users\Alexander\Desktop\AB_Tag_24 Stunden.pdf
2021-04-25 14:54 - 2021-04-25 15:03 - 004228506 ____C C:\Users\Alexander\Desktop\IMG_6715.mp4
2021-04-24 19:41 - 2021-04-24 19:41 - 014362110 _____ C:\WINDOWS\SysWOW64\c853b3f9-927f-4f9d-bfe5-bbb2449a0134.gproj
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ___DC C:\Users\Alexander\Documents\PDFsam Enhanced Files
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\spellings
2021-04-24 08:49 - 2021-04-24 08:49 - 000000000 ____D C:\ProgramData\PDFsam Basic
2021-04-24 08:48 - 2021-04-24 08:49 - 020694304 _____ (Andrea Vacondio) C:\Users\Alexander\Downloads\PDFsam_Basic_4_Installer (1).exe
2021-04-23 20:08 - 2021-04-23 20:08 - 000339381 _____ C:\Users\Alexander\Downloads\7002011317.pdf
2021-04-23 20:06 - 2021-04-23 20:06 - 000087229 _____ C:\Users\Alexander\Downloads\7002011311.pdf
2021-04-23 14:12 - 2021-04-23 14:12 - 000096265 _____ C:\Users\Alexander\Downloads\Label-9699617009.pdf
2021-04-23 13:11 - 2021-04-23 13:11 - 000252893 ____C C:\Users\Alexander\Documents\9699617009.pdf
2021-04-20 14:13 - 2021-04-20 14:13 - 000182225 _____ C:\Users\Daniela_2\Downloads\sormas Notgruppe 4.xlsx
2021-04-20 09:23 - 2021-04-20 09:23 - 000871637 _____ C:\Users\Alexander\Downloads\Impfdokumentation (3).pdf
2021-04-19 22:51 - 2021-04-19 22:51 - 000044017 ____C C:\Users\Alexander\Desktop\Impfzentrum Bonn.pdf
2021-04-19 12:42 - 2021-04-19 12:42 - 000019628 _____ C:\Users\Alexander\Downloads\germany_vaccinations_timeseries_v2.tsv
2021-04-19 12:41 - 2021-04-19 12:41 - 000018588 _____ C:\Users\Alexander\Downloads\germany_deliveries_timeseries_v2.tsv
2021-04-19 10:21 - 2021-04-19 10:21 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-19 10:03 - 2021-04-19 10:03 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-04-19 07:56 - 2021-04-19 07:56 - 000842910 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2)_Ute.pdf
2021-04-19 07:38 - 2021-04-19 07:38 - 000870299 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2).pdf
2021-04-19 07:37 - 2021-04-19 07:37 - 000835570 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1)_Carlo.pdf
2021-04-19 07:36 - 2021-04-19 07:36 - 000862959 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1).pdf
2021-04-18 16:36 - 2021-04-18 16:36 - 007505263 _____ C:\Users\Alexander\Downloads\20693710.pdf
2021-04-18 16:27 - 2021-04-18 16:27 - 014362447 _____ C:\WINDOWS\SysWOW64\e24cf558-316e-4022-9189-974973802dac.gproj
2021-04-18 15:33 - 2021-04-18 15:33 - 000039424 ____C C:\Users\Daniela_2\Desktop\Notgruppe4.xls
2021-04-18 09:54 - 2021-04-18 09:54 - 001871048 _____ C:\Users\Alexander\Desktop\MDT_THB_SCN_02_Bewegungsmelder_Automatik_Schalter_55_63.pdf
2021-04-18 09:53 - 2021-04-18 09:53 - 000416540 _____ C:\Users\Alexander\Desktop\MDT_AOI_Motion_Detector_Automatic_Switch_55_02.pdf
2021-04-17 18:47 - 2021-04-19 20:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-17 18:47 - 2021-04-17 18:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-17 18:37 - 2021-04-17 18:37 - 103052437 _____ C:\Users\Alexander\Downloads\tks-ip-gateway_05.04.00.08 (1).zip
2021-04-17 15:46 - 2021-04-17 15:46 - 014362389 _____ C:\WINDOWS\SysWOW64\0d9754c3-2270-4de6-8638-187a4d6ecda7.gproj
2021-04-17 14:53 - 2021-04-17 14:53 - 000001603 _____ C:\Users\Daniela_2\Downloads\URLLink (24).acsm
2021-04-17 14:48 - 2021-04-17 14:48 - 000001620 _____ C:\Users\Daniela_2\Downloads\URLLink (23).acsm
2021-04-17 11:45 - 2021-04-17 11:45 - 000017432 _____ C:\Users\Alexander\Downloads\Download.CSV
2021-04-17 11:10 - 2021-04-17 11:10 - 000001561 _____ C:\Users\Daniela_2\Downloads\URLLink (22).acsm
2021-04-17 10:03 - 2021-04-17 10:03 - 000144775 ____C C:\Users\Alexander\Desktop\formular_kontaktpersonen_pflegende_angehoerige_und_schwangere_beschreibbar.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 18:06 - 2021-01-04 12:14 - 000033389 _____ C:\Users\Alexander\Downloads\FRST.txt
2021-05-13 18:06 - 2015-04-05 09:49 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CrashDumps
2021-05-13 18:05 - 2021-01-04 12:14 - 000000000 ____D C:\FRST
2021-05-13 18:05 - 2012-08-13 19:59 - 000000000 ___DC C:\Users\Alexander\Documents\Outlook-Dateien
2021-05-13 17:58 - 2021-01-04 12:17 - 000077055 _____ C:\Users\Alexander\Downloads\Addition.txt
2021-05-13 17:47 - 2020-01-04 19:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-13 17:47 - 2016-12-27 15:40 - 000000000 ___DC C:\Users\Alexander\AppData\LocalLow\Mozilla
2021-05-13 17:45 - 2020-11-12 23:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-13 17:45 - 2019-01-27 12:27 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\KeePass
2021-05-13 15:42 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-13 15:33 - 2013-12-06 17:22 - 000000000 ___RD C:\Users\Alexander\Gemeinsame Cloudstation
2021-05-13 15:33 - 2013-04-11 21:58 - 000000000 ___RD C:\Users\Alexander\CloudStation
2021-05-13 15:33 - 2013-04-11 21:57 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CloudStation
2021-05-13 15:32 - 2016-06-17 21:17 - 000000000 __SHD C:\Users\Alexander\IntelGraphicsProfiles
2021-05-13 14:11 - 2020-11-12 23:37 - 001916338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-13 14:11 - 2019-12-07 16:51 - 000820626 _____ C:\WINDOWS\system32\perfh007.dat
2021-05-13 14:11 - 2019-12-07 16:51 - 000177158 _____ C:\WINDOWS\system32\perfc007.dat
2021-05-13 14:11 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-13 14:07 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-13 14:04 - 2020-11-12 23:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-13 14:04 - 2020-11-12 23:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-13 14:04 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-05-13 14:04 - 2013-01-06 14:27 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-13 14:01 - 2014-11-24 20:24 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-13 13:51 - 2020-11-12 23:26 - 002806440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-13 13:21 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-13 13:02 - 2019-02-17 17:49 - 000000000 ____D C:\Program Files (x86)\iMobie
2021-05-13 13:01 - 2013-12-06 17:44 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\CloudStation
2021-05-13 12:58 - 2019-06-09 08:21 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-05-13 12:58 - 2017-01-10 22:18 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2021-05-13 12:57 - 2020-03-30 19:23 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\WebEx
2021-05-13 12:57 - 2018-11-25 20:12 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\D3DSCache
2021-05-13 12:52 - 2012-08-17 20:07 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-13 12:51 - 2016-09-22 03:30 - 000000000 ____D C:\Program Files\Common Files\logishrd
2021-05-13 12:51 - 2016-03-26 13:57 - 000000000 ____D C:\ProgramData\Logishrd
2021-05-13 12:46 - 2019-08-07 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-13 12:45 - 2020-03-25 21:52 - 000000000 ____D C:\Program Files (x86)\AntiTwin
2021-05-13 12:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-13 12:44 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Packages
2021-05-13 12:23 - 2019-06-09 09:57 - 000000000 ____D C:\temp
2021-05-13 12:16 - 2016-02-21 17:48 - 000000000 ____D C:\ProgramData\Apple Computer
2021-05-13 12:14 - 2016-06-17 21:19 - 000000000 ___RD C:\Users\Alexander\OneDrive
2021-05-13 08:52 - 2019-01-27 12:26 - 000001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2021-05-13 08:52 - 2019-01-27 12:26 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2021-05-13 08:44 - 2016-06-18 06:44 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-13 08:33 - 2012-08-07 10:00 - 000000000 ___DC C:\Users\Daniela_2\Documents\Outlook-Dateien
2021-05-13 08:32 - 2013-12-06 17:46 - 000000000 ___RD C:\Users\Daniela_2\Gemeinsame CloudStation
2021-05-13 08:32 - 2013-12-06 17:45 - 000000000 ___RD C:\Users\Daniela_2\CloudStation
2021-05-13 08:31 - 2016-06-18 06:55 - 000000000 __SHD C:\Users\Daniela_2\IntelGraphicsProfiles
2021-05-12 13:11 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-12 12:15 - 2020-08-14 17:10 - 000000000 ___DC C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-12 12:15 - 2019-08-07 21:42 - 000000000 ____D C:\Program Files (x86)\Gira
2021-05-12 12:11 - 2021-04-02 11:28 - 000000000 ____D C:\Program Files\GrafanaLabs
2021-05-12 12:07 - 2014-07-12 17:09 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Skype
2021-05-12 12:07 - 2012-07-14 10:37 - 000000000 ____D C:\ProgramData\Skype
2021-05-12 11:55 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-12 11:49 - 2019-12-07 16:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 11:49 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-12 11:49 - 2019-12-07 16:52 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 11:49 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 11:36 - 2020-11-11 20:48 - 000000000 ___HD C:\$WinREAgent
2021-05-12 11:34 - 2013-07-21 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 11:24 - 2012-07-14 10:20 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 07:33 - 2012-07-15 21:11 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-11 07:32 - 2020-11-12 23:38 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-565462843-2377332638-636861087-1002
2021-05-11 07:32 - 2020-11-12 23:28 - 000002427 ____C C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-11 07:32 - 2016-06-18 06:56 - 000000000 ___RD C:\Users\Daniela_2\OneDrive
2021-05-10 20:24 - 2019-04-20 21:56 - 000000000 ____D C:\Users\Daniela_2\AppData\Roaming\KeePass
2021-05-10 14:03 - 2018-05-30 22:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-09 22:57 - 2020-06-25 15:37 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-09 22:57 - 2020-06-25 15:37 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-09 22:57 - 2020-06-25 15:37 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-09 22:55 - 2020-03-30 19:23 - 000000000 ___DC C:\Users\Daniela_2\AppData\LocalLow\WebEx
2021-05-02 20:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Daniela_2
2021-05-02 09:33 - 2013-04-11 22:17 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\vlc
2021-05-01 22:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Alexander
2021-05-01 12:52 - 2021-03-04 20:41 - 000000000 ____D C:\Program Files\PDFsam Basic
2021-04-30 10:22 - 2020-10-01 15:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-30 09:13 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\Packages
2021-04-28 20:53 - 2017-05-31 22:04 - 000000348 _____ C:\WINDOWS\BRRBCOM.INI
2021-04-26 07:44 - 2020-11-28 10:08 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b93b6516950a
2021-04-26 07:44 - 2020-11-12 23:38 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-24 09:02 - 2012-07-15 21:14 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\Adobe
2021-04-23 19:36 - 2015-09-01 05:57 - 000000000 ___RD C:\Users\Daniela_2\Dropbox
2021-04-22 14:54 - 2020-11-12 23:38 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-22 14:54 - 2020-11-12 23:38 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 20:29 - 2020-01-04 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-19 10:21 - 2020-11-12 23:27 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-19 10:03 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-18 15:33 - 2021-02-22 17:21 - 000039424 _____ C:\Users\Daniela_2\Downloads\Notgruppe Wechselunterricht 4.xls
2021-04-17 18:47 - 2020-01-04 19:04 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-17 14:53 - 2012-07-31 09:01 - 000000000 ___DC C:\Users\Daniela_2\Documents\My Digital Editions

==================== Files in the root of some directories ========

2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ () C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2016-12-11 21:15 - 2016-12-11 21:15 - 000000000 ____C () C:\Users\Daniela\AppData\Local\{E34785DD-D791-45FC-BB3D-4F10309E5D2D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---

--- --- ---

--- --- ---

Sweeny 13.05.2021 17:16
Code:
Users shortcut scan result (x64) Version: 13-05-2021
Ran by Daniela (13-05-2021 18:08:52)
Running from C:\Users\Alexander\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Support-Forum.lnk -> hxxp://forum.audiograbber.de


Shortcut: C:\Users\Alexander\Links\CloudStation.lnk -> C:\Users\Alexander\CloudStation ()
Shortcut: C:\Users\Alexander\Links\Desktop.lnk -> C:\Users\Alexander\Desktop ()
Shortcut: C:\Users\Alexander\Links\Downloads.lnk -> C:\Users\Alexander\Downloads ()
Shortcut: C:\Users\Alexander\Links\Gemeinsame Cloudstation.lnk -> C:\Users\Alexander\Gemeinsame Cloudstation ()
Shortcut: C:\Users\Alexander\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Alexander\Favorites\CloudStation.lnk -> C:\Users\Alexander\CloudStation ()
Shortcut: C:\Users\Alexander\Desktop\CopyTrans Control Center.lnk -> C:\Users\Alexander\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe (WindSolutions)
Shortcut: C:\Users\Alexander\Desktop\Total Commander 64 bit.lnk -> C:\totalcmd\TOTALCMD64.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\Alexander\Desktop\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive (1).lnk -> C:\Users\Alexander\AppData\Local\Microsoft\OneDrive\OneDrive.exe (No File)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe (No File)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\windirstat.lnk -> C:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\Alexander\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (1).lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86) (1).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander 64 bit Entfernen oder Reparieren.lnk -> C:\totalcmd\TCUNIN64.EXE ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander 64 bit.lnk -> C:\totalcmd\TOTALCMD64.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Hilfe.lnk -> C:\totalcmd\TOTALCMD.CHM ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer (1).lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel (1).lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer (1).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run (1).lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung\Data Migration\Data Migration.lnk -> C:\Users\Alexander\AppData\Roaming\Samsung\Samsung Data Migration\Data Migration.exe ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git\Git GUI.lnk -> C:\Users\Alexander\AppData\Local\Programs\Git\cmd\git-gui.exe (The Git Development Community)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git\Git Release Notes.lnk -> C:\Users\Alexander\AppData\Local\Programs\Git\ReleaseNotes.html ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center\CopyTrans Control Center.lnk -> C:\Users\Alexander\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe (WindSolutions)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\SendTo\PDFsam Basic.lnk -> C:\Program Files\PDFsam Basic\pdfsam.exe (No File)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Network Shortcuts\05_Backup (DISKSTATION)\target.lnk -> \\DISKSTATION\05_Backup
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Network Shortcuts\01_Gemeinsame_Dateien (DISKSTATION)\target.lnk -> \\DISKSTATION\01_Gemeinsame_Dateien
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FileZilla.lnk -> C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GeoSetter.lnk -> D:\Program Files (x86)\GeoSetter\GeoSetter.exe (Friedemann Schmidt)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d6cbaa4595a72e36\ETS5™.lnk -> C:\Program Files (x86)\ETS5\ETS5.exe (KNX Association cvba)
Shortcut: C:\Users\Alexander\AppData\Roaming\Adobe\Workflow\working.lnk -> C:\Users\Alexander\Documents\Version Cue (No File)
Shortcut: C:\Users\Alexander\AppData\Roaming\Adobe\Workflow\workinghidden.lnk -> C:\Users\Alexander\Documents\Version Cue\myprojectshidden (No File)
Shortcut: C:\Users\Alexander\AppData\Local\TomTom\HOME3\Updates\Installer.lnk -> C:\Users\Alexander\AppData\Local\TomTom\HOME3\Updates\InstallTomTomMyDriveConnect_4_2_2_3561.exe (TomTom International B.V.)
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\{13492B25-638E-4F9F-9E44-5E22A45B3301}\setup_sv.net-comfort_20.1.0.lnk -> [C:\Users\Public\Desktop\sv.net comfort.lnk|X78|C:\Program Files\sv.net comfort\svnet.exe]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{A3985C05-7386-411F-A4BF-32A73F37EB44}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\Blend.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk -> C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk -> E:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk -> C:\Program Files (x86)\SaalDesignSoftware\SaalDesignSoftware.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk -> C:\Program Files\Shotcut\shotcut.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\Uninstall XMedia Recode.lnk -> C:\Program Files (x86)\XMedia Recode\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\XMedia Recode.lnk -> C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe (XMedia Recode)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\Benutzerhandbuch.lnk -> C:\Program Files\WinMerge\Docs\WinMerge.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\LIESMICH-Datei.lnk -> C:\Program Files\WinMerge\Docs\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge entfernen.lnk -> C:\Program Files\WinMerge\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge.lnk -> C:\Program Files\WinMerge\WinMergeU.exe (hxxp://winmerge.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Windows System Image Manager.lnk -> C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\WSIM\imgmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unterrichtsmanager\Unterrichtsmanager.lnk -> C:\Program Files (x86)\Cornelsen Schulverlage\Unterrichtsmanager\Unterrichtsmanager.exe (Cornelsen Schulverlage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free\TreeSize Free (Administrator).lnk -> C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe (JAM Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free\TreeSize Free Hilfe.lnk -> C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamviewer\TeamViewer 10.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Synology Assistant.lnk -> C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Synology Cloud Station Backup.lnk -> C:\Program Files (x86)\Synology\CloudStationBackup\bin\launcher.exe (Synology Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Synology Data Replicator 3.lnk -> C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe (Synology Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Uninstall Synology Assistant.lnk -> C:\Program Files (x86)\Synology\Assistant\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Uninstall Synology Cloud Station Backup.lnk -> C:\Program Files (x86)\Synology\CloudStationBackup\bin\uninstall.exe (Synology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Uninstall Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\uninstall.exe (Synology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sv.net comfort\Deinstalliere sv.net comfort .lnk -> C:\ProgramData\{13492B25-638E-4F9F-9E44-5E22A45B3301}\setup_sv.net-comfort_20.1.0.exe (ITSG                                                                                                                                                                                                                                                                                                        )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sv.net comfort\sv.net comfort.lnk -> C:\Program Files\sv.net comfort\svnet.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Samsung Magician entfernen.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co. Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Data Migration\Data Migration.lnk -> C:\Program Files (x86)\Samsung\Samsung Data Migration\Data Migration.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync\PureSync.lnk -> C:\Program Files (x86)\Jumping Bytes\PureSync\PureSync.exe (Jumping Bytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Historie.lnk -> C:\Program Files (x86)\PDFCreator\History.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Hilfe.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator_german.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator im Internet.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge  GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Translation Tool.lnk -> C:\Program Files (x86)\PDFCreator\languages\TransTool.exe (pdfforge  hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Unterstütze PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\Unterstütze PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk -> C:\Program Files (x86)\PDFCreator\FairPlay License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk -> C:\Program Files (x86)\PDFCreator\GNU License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk -> C:\Program Files (x86)\PDFCreator\Images2PDF\Images2PDF.exe (pdfforge GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer\MyPhoneExplorer.lnk -> C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer\Uninstall.lnk -> C:\Program Files (x86)\MyPhoneExplorer\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCommander\MultiCommander (x64).lnk -> C:\Program Files\MultiCommander (x64)\MultiCommander.exe (Mathias Svensson)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCommander\Uninstall MultiCommander.lnk -> C:\Program Files\MultiCommander (x64)\Uninstall MultiCommander.exe (Mathias Svensson)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCommander\Update MultiCommander.lnk -> C:\Program Files\MultiCommander (x64)\MultiUpdate.exe (Multi Commander)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot\Minimal ADB and Fastboot.lnk -> C:\Program Files (x86)\Minimal ADB and Fastboot\py_cmd.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot\Uninstall Minimal ADB and Fastboot.lnk -> C:\Program Files (x86)\Minimal ADB and Fastboot\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Digitales Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010-Spracheinstellungen.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher\MD5 File Hasher deinstallieren.lnk -> C:\Program Files (x86)\MD5 File Hasher\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher\MD5 File Hasher Hilfe.lnk -> C:\Program Files (x86)\MD5 File Hasher\help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher\MD5 File Hasher im Internet.lnk -> C:\Program Files (x86)\MD5 File Hasher\Digital-Tronic.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher\MD5 File Hasher.lnk -> C:\Program Files (x86)\MD5 File Hasher\MD5FileHasher.exe (Digital-Tronic)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion [GOG.com]\Uninstall Maniac Mansion.lnk -> C:\Program Files (x86)\GOG Galaxy\Games\Maniac Mansion\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion [GOG.com]\Documents\Manual.lnk -> C:\Program Files (x86)\GOG Galaxy\Games\Maniac Mansion\Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion [GOG.com]\Documents\Quick Reference Card.lnk -> C:\Program Files (x86)\GOG Galaxy\Games\Maniac Mansion\RefCard.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNX\ETS5 Diagnostics.lnk -> C:\Windows\Installer\{D0FDBD87-FB2C-4A94-ABC2-50A8CD772C0A}\Ets5Icons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNX\ETS5.lnk -> C:\Windows\Installer\{D0FDBD87-FB2C-4A94-ABC2-50A8CD772C0A}\Ets5Icons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Uninstall Win32DiskImager.lnk -> C:\Program Files (x86)\ImageWriter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager.lnk -> C:\Program Files (x86)\ImageWriter\Win32DiskImager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud-Fotos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite\HiSuite.lnk -> C:\Program Files (x86)\HiSuite\HiSuite.exe (Huawei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite\Uninstall.lnk -> C:\Program Files (x86)\HiSuite\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk -> C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG Galaxy\GOG Galaxy.lnk -> C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (GOG.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gira\Gira Projekt Assistent 4.5\Gira Projekt Assistent 4.5.lnk -> C:\Windows\Installer\{959A0D30-B65F-48EB-BA91-479E0D7A6B05}\GiraIconGpa.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk -> C:\Program Files (x86)\Garmin\Express\express.exe (Garmin Ltd. or its subsidiaries)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe (Tim Kosse)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D\Sweet Home 3D entfernen.lnk -> C:\Program Files (x86)\Sweet Home 3D\unins000.exe (eTeks                                                      )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D\Sweet Home 3D.lnk -> C:\Program Files (x86)\Sweet Home 3D\SweetHome3D.exe (eTeks)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt\CEWE Fotoimporter.lnk -> C:\Program Files\dm\dm-Fotowelt\CEWE Fotoimporter.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt\CEWE Fotoschau.lnk -> C:\Program Files\dm\dm-Fotowelt\CEWE Fotoschau.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt\dm-Fotowelt deinstallieren.lnk -> C:\Program Files\dm\dm-Fotowelt\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt\dm-Fotowelt.lnk -> C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digitale Schulbücher\Digitale Schulbücher.lnk -> C:\Program Files (x86)\Digitale Schulbücher\data\Digitale Schulbuecher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diercke Globus Online\Diercke Globus Online.lnk -> C:\Program Files (x86)\Diercke Globus Online\DierckeGlobusOnline.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diercke Globus Online\Uninstaller.lnk -> C:\Windows\Diercke Globus Online Uninstaller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacolor\ProfileChooser.lnk -> C:\Program Files (x86)\Datacolor\ProfileChooser\ProfileChooser.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacolor\Spyder4Pro 4.5.9.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Spyder4Pro.exe ((c)2016 Datacolor)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacolor\Lesen Sie Mich\Spyder4Pro Lesen Sie Mich.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Read Me.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen\Encuentros 1 Edición 3000.lnk -> C:\Program Files (x86)\Cornelsen\Encuentros 1 Edición 3000\SMART\SmartMain.exe (Cornelsen Verlag Berlin)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cewe-fotoservice.de\CEWE FOTOIMPORTER.lnk -> C:\Program Files\cewe-fotoservice\cewe-fotoservice.de\CEWE FOTOIMPORTER.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cewe-fotoservice.de\CEWE FOTOSCHAU.lnk -> C:\Program Files\cewe-fotoservice\cewe-fotoservice.de\CEWE FOTOSCHAU.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cewe-fotoservice.de\cewe-fotoservice.de deinstallieren.lnk -> C:\Program Files\cewe-fotoservice\cewe-fotoservice.de\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cewe-fotoservice.de\cewe-fotoservice.de.lnk -> C:\Program Files\cewe-fotoservice\cewe-fotoservice.de\cewe-fotoservice.de.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 210\Liesmich.lnk -> C:\Program Files\CanonBJ\IJScan\CNQ4809\readme_German.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\MP Navigator EX 4.0.lnk -> C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\MP Navigator EX Liesmich.lnk -> C:\Program Files (x86)\Canon\MP Navigator EX 4.0\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Audiograbber.lnk -> C:\Program Files (x86)\Audiograbber\audiograbber.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Deinstallieren.lnk -> C:\Program Files (x86)\Audiograbber\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Erste Schritte.lnk -> C:\Program Files (x86)\Audiograbber\Erste_Schritte.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Hilfe.lnk -> C:\Program Files (x86)\Audiograbber\German.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Line In Aufnahme.lnk -> C:\Program Files (x86)\Audiograbber\Line-In.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe ExtendScript Toolkit 2.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Photoshop Lightroom 5.7 64-Bit.lnk -> C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\lightroom.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Photoshop\Adobe Bridge CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Bridge CS3\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Photoshop\Adobe Device Central CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Device Central CS3\DeviceCentral.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Photoshop\Adobe ExtendScript Toolkit 2.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Photoshop\Adobe Photoshop CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Photoshop\Adobe Stock Photos CS3.lnk -> C:\Program Files (x86)\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Adobe Digital Editions 4.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Home Page.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Uninstall.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Intel® HD-Grafik.lnk -> C:\Windows\System32\GfxUI.exe (No File)
Shortcut: C:\Users\Daniela\Links\Desktop.lnk -> C:\Users\Daniela\Desktop ()
Shortcut: C:\Users\Daniela\Links\Downloads.lnk -> C:\Users\Daniela\Downloads ()
Shortcut: C:\Users\Daniela\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Daniela\Desktop\dreamboxEDIT (x64).lnk -> C:\Program Files (x86)\dreamboxEDIT\dreamboxEDIT_x64.exe ()
Shortcut: C:\Users\Daniela\Desktop\dreamboxEDIT.lnk -> C:\Program Files (x86)\dreamboxEDIT\dreamboxEDIT.exe ()
Shortcut: C:\Users\Daniela\Desktop\Rockstar Games Launcher.lnk -> C:\Program Files\Rockstar Games\Launcher\LauncherPatcher.exe (Rockstar Games)
Shortcut: C:\Users\Daniela\Desktop\Spyder4Pro 4.5.9.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Spyder4Pro.exe ((c)2016 Datacolor)
Shortcut: C:\Users\Daniela\Desktop\Sweet Home 3D.lnk -> C:\Program Files (x86)\Sweet Home 3D\SweetHome3D.exe (eTeks)
Shortcut: C:\Users\Daniela\Desktop\WinDirStat.lnk -> C:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Users\Daniela\Desktop\Wunderlist.lnk -> C:\Users\Daniela\AppData\Local\Wunderlist\Wunderlist.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive (1).lnk -> C:\Users\Daniela\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Daniela\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSizeFree.lnk -> C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe (JAM Software)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk -> C:\Users\Daniela\AppData\Local\Wunderlist\Wunderlist.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist\Wunderlist.lnk -> C:\Users\Daniela\AppData\Local\Wunderlist\Wunderlist.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (1).lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86) (1).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Deinstalliere WinDirStat.lnk -> C:\Program Files (x86)\WinDirStat\Uninstall.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Hilfe (DEU).lnk -> C:\Program Files (x86)\WinDirStat\wdsh0407.chm ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Hilfe (ENG).lnk -> C:\Program Files (x86)\WinDirStat\windirstat.chm ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\WinDirStat.lnk -> C:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer (1).lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel (1).lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer (1).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run (1).lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Rockstar Games Launcher.lnk -> C:\Program Files\Rockstar Games\Launcher\LauncherPatcher.exe (Rockstar Games)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain Help.lnk -> C:\Program Files (x86)\MP3Gain\MP3Gain.chm ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain.lnk -> C:\Program Files (x86)\MP3Gain\MP3GainGUI.exe (Snelg Enterprises)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\Uninstall MP3Gain.lnk -> C:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT\Changelog.lnk -> C:\Program Files (x86)\dreamboxEDIT\Changelog.txt ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT\dreamboxEDIT (x64).lnk -> C:\Program Files (x86)\dreamboxEDIT\dreamboxEDIT_x64.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT\dreamboxEDIT.lnk -> C:\Program Files (x86)\dreamboxEDIT\dreamboxEDIT.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT\Uninstall.lnk -> C:\Program Files (x86)\dreamboxEDIT\Uninstall.exe ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT\Version notes.lnk -> C:\Program Files (x86)\dreamboxEDIT\Version notes.txt ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 4.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MultiCommander (x64).lnk -> C:\Program Files\MultiCommander (x64)\MultiCommander.exe (Mathias Svensson)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Daniela\AppData\Roaming\Adobe\Workflow\working.lnk -> C:\Users\Daniela\Documents\Version Cue ()
Shortcut: C:\Users\Daniela\AppData\Roaming\Adobe\Workflow\workinghidden.lnk -> C:\Users\Daniela\Documents\Version Cue\myprojectshidden ()
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\Links\CloudStation.lnk -> C:\Users\Daniela_2\CloudStation ()
Shortcut: C:\Users\Daniela_2\Links\Desktop.lnk -> C:\Users\Daniela_2\Desktop ()
Shortcut: C:\Users\Daniela_2\Links\Downloads.lnk -> C:\Users\Daniela_2\Downloads ()
Shortcut: C:\Users\Daniela_2\Links\Dropbox.lnk -> C:\Users\Daniela_2\Dropbox ()
Shortcut: C:\Users\Daniela_2\Links\Gemeinsame CloudStation.lnk -> C:\Users\Daniela_2\Gemeinsame CloudStation ()
Shortcut: C:\Users\Daniela_2\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Daniela_2\Favorites\CloudStation.lnk -> C:\Users\Daniela_2\CloudStation ()
Shortcut: C:\Users\Daniela_2\Documents\Bibliotheken - Verknüpfung.lnk -> C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\Daniela_2\Desktop\Cisco Webex Meetings.lnk -> C:\Users\Daniela_2\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\Daniela_2\Desktop\WhatsApp Unknown 2020-01-15 at 08.55.39.zip - Verknüpfung.lnk -> C:\Users\Daniela_2\Downloads\WhatsApp Unknown 2020-01-15 at 08.55.39.zip ()
Shortcut: C:\Users\Daniela_2\Desktop\WhatsApp Unknown 2020-01-15 at 08.57.40.zip - Verknüpfung.lnk -> C:\Users\Daniela_2\Downloads\WhatsApp Unknown 2020-01-15 at 08.57.40.zip ()
Shortcut: C:\Users\Daniela_2\Desktop\WhatsApp.lnk -> C:\Users\Daniela_2\AppData\Local\WhatsApp\WhatsApp.exe (WhatsApp)
Shortcut: C:\Users\Daniela_2\Desktop\DEesktop\Microsoft Edge.lnk -> Tile and icon assets
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive (1).lnk -> C:\Users\Daniela_2\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Daniela_2\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (1).lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86) (1).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp\WhatsApp.lnk -> C:\Users\Daniela_2\AppData\Local\WhatsApp\WhatsApp.exe (WhatsApp)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer (1).lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel (1).lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer (1).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run (1).lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop-App\Cisco Webex Meetings.lnk -> C:\Users\Daniela_2\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Amazon Music.lnk -> C:\Users\Daniela_2\AppData\Local\Amazon Music\Amazon Music.exe (Amazon)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\Daniela_2\AppData\Local\Amazon Music\Uninstall.exe (Amazon)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Kindle.lnk -> C:\Users\Daniela_2\AppData\Local\Amazon\Kindle\application\Kindle.exe (Amazon.com)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Uninstall Kindle.lnk -> C:\Users\Daniela_2\AppData\Local\Amazon\Kindle\application\uninstall.exe (Amazon.com)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Daniela_2\Dropbox ()
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cisco Webex Meetings Desktop App.lnk -> C:\Users\Daniela_2\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KeePass 2.lnk -> C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Tresorit\v0.8\TresoritLauncher.lnk -> C:\Users\Daniela_2\AppData\Local\Tresorit\v0.8\Tresorit.exe (No File)
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Daniela_2\AppData\Local\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\Daniela_2\AppData\Local\Amazon Music\Uninstall.exe (Amazon)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Daniela\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Daniela\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (Audacity Team)
Shortcut: C:\Users\Public\Desktop\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\Users\Public\Desktop\CEWE Fotoimporter.lnk -> C:\Program Files\dm\dm-Fotowelt\CEWE Fotoimporter.exe ()
Shortcut: C:\Users\Public\Desktop\CEWE Fotoschau.lnk -> C:\Program Files\dm\dm-Fotowelt\CEWE Fotoschau.exe ()
Shortcut: C:\Users\Public\Desktop\cewe-fotoservice.de.lnk -> C:\Program Files\cewe-fotoservice\cewe-fotoservice.de\cewe-fotoservice.de.exe ()
Shortcut: C:\Users\Public\Desktop\dm-Fotowelt.lnk -> C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe ()
Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\ETS5.lnk -> C:\Windows\Installer\{D0FDBD87-FB2C-4A94-ABC2-50A8CD772C0A}\Ets5Icons.exe ()
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Gira Projekt Assistent 4.5.lnk -> C:\Program Files (x86)\Gira\Gira Project Assistant\4.5\Gira Project Assistant.exe (Gira Giersiepen GmbH & Co. KG)
Shortcut: C:\Users\Public\Desktop\GOG Galaxy.lnk -> C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (GOG.com)
Shortcut: C:\Users\Public\Desktop\HiSuite.lnk -> C:\Program Files (x86)\HiSuite\HiSuite.exe (Huawei)
Shortcut: C:\Users\Public\Desktop\Lightroom 5.7 64-Bit.lnk -> C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\lightroom.exe (Adobe Systems)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\MultiCommander (x64).lnk -> C:\Program Files\MultiCommander (x64)\MultiCommander.exe (Mathias Svensson)
Shortcut: C:\Users\Public\Desktop\MyPhoneExplorer.lnk -> C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger)
Shortcut: C:\Users\Public\Desktop\PureSync.lnk -> C:\Program Files (x86)\Jumping Bytes\PureSync\PureSync.exe (Jumping Bytes)
Shortcut: C:\Users\Public\Desktop\SaalDesignSoftware.lnk -> C:\Program Files (x86)\SaalDesignSoftware\SaalDesignSoftware.exe ()
Shortcut: C:\Users\Public\Desktop\Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co. Ltd.)
Shortcut: C:\Users\Public\Desktop\sv.net comfort.lnk -> C:\Program Files\sv.net comfort\svnet.exe ()
Shortcut: C:\Users\Public\Desktop\Synology Assistant.lnk -> C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe ()
Shortcut: C:\Users\Public\Desktop\Unterrichtsmanager.lnk -> C:\Program Files (x86)\Cornelsen Schulverlage\Unterrichtsmanager\Unterrichtsmanager.exe (Cornelsen Schulverlage)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Deployment and Imaging Tools Environment.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\DandISetEnv.bat"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Developer-Eingabeaufforderung für VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\Tools\VsDevCmd.bat"


ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\Alexander\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git\Git Bash.lnk -> C:\Users\Alexander\AppData\Local\Programs\Git\git-bash.exe (The Git Development Community) -> --cd-to-home
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git\Git CMD.lnk -> C:\Users\Alexander\AppData\Local\Programs\Git\git-cmd.exe (The Git Development Community) -> --cd-to-home
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center\Deinstallieren.lnk -> C:\Users\Alexander\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe (WindSolutions) -> /uninstall
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Alexander\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Debuggable Package Manager.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -Command "& { Import-Module Appx; Import-Module .\AppxDebug.dll; Show-AppxDebug}"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free\TreeSize Free.lnk -> C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe (JAM Software) -> /NOADMIN
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology\Uninstall Synology Data Replicator 3.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x{8E310838-457C-4269-B177-3EFB300CBDDC}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync\Neue Synchronisation oder neues Backup.lnk -> C:\Program Files (x86)\Jumping Bytes\PureSync\PureSync.exe (Jumping Bytes) -> new
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\PDFCreator\Images2PDF\Images2PDFC.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion [GOG.com]\Maniac Mansion (original).lnk -> C:\Program Files (x86)\GOG Galaxy\Games\Maniac Mansion\scummvm\scummvm.exe (scummvm.org) -> -c "..\maniac.ini" maniaco
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion [GOG.com]\Maniac Mansion.lnk -> C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (GOG.com) -> /command=runGame /gameId=1832758895 /path="C:\Program Files (x86)\GOG Galaxy\Games\Maniac Mansion"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\E-Mails.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Erinnerungen.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iPhone suchen.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Kalender.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Keynote.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> keynote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Kontakte.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notizen.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Numbers.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> numbers
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Pages.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> pages
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk -> C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) -> --new_document
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk -> C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) -> --new_spreadsheet
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk -> C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) -> --new_presentation
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diercke Globus Online\Diercke Globus Online - Whiteboard.lnk -> C:\Program Files (x86)\Diercke Globus Online\DierckeGlobusOnline.exe () -> -whiteboard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacolor\Uninstall\Uninstall Spyder4Pro.lnk -> C:\Windows\unvise32.exe (MindVision Software) -> C:\PROGRA~2\DATACO~1\SPYDER~1\uninstal.log
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\MP Navigator EX - Deinstallation.lnk -> C:\Program Files (x86)\Canon\MP Navigator EX 4.0\Maint.exe (CANON INC.) -> /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.0\uninst.ini
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Daniela\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\ClockworkMod\Start ADB Server.lnk -> C:\Users\Daniela_2\AppData\Roaming\Microsoft\Installer\{C0E08D8D-6076-4117-B644-2AF34F35B757}\_376EF0DA1723590BE67F63.exe () -> start-server
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Daniela_2\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Maniac Mansion.lnk -> C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (GOG.com) -> /command=runGame /gameId=1832758895 /path="C:\Program Files (x86)\GOG Galaxy\Games\Maniac Mansion"
ShortcutWithArgument: C:\Users\Public\Desktop\Synology Cloud Station Backup.lnk -> C:\Program Files (x86)\Synology\CloudStationBackup\bin\launcher.exe (Synology Inc.) -> --open-folder
ShortcutWithArgument: C:\Users\Public\Desktop\Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.) -> --open-folder


InternetURL: C:\Users\Alexander\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Alexander\Favorites\Links\Vorgeschlagene Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Alexander\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Alexander\Downloads\hddscan-3.3\HDDScan-3.3\Articles on HDD Operation and Data Recovery.URL -> URL: hxxp://hddscan.com/doc/articles.html
InternetURL: C:\Users\Alexander\Downloads\hddscan-3.3\HDDScan-3.3\HDDScan Website.URL -> URL: hxxp://hddscan.com/
InternetURL: C:\Users\Alexander\Desktop\Grand Theft Auto V.url -> URL: com.epicgames.launcher://apps/9d2d0eb64d5c44529cece33fe2a46482?action=launch&silent=true
InternetURL: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git\Git FAQs (Frequently Asked Questions).url -> URL: hxxps://github.com/git-for-windows/git/wiki/FAQ
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 6.2.2\install\7E85C41\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 5.0.4\install\4AD5178\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 4.7.4\install\CFB6749\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 4.7.0\install\9D17D99\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 4.6.4\install\C3232DD\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 4.5.9\install\4067EF8\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 4.5.3\install\EF8D1BD\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 4.5.2\install\CF9EEA3\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\Users\Alexander\AppData\Roaming\Jumping Bytes\PureSync 4.5.0\install\DEEB11A\languages\How to add a language to the user interface.URL -> URL: hxxp://www.jumpingbytes.com/puresync/languages.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\XMedia Recode im Internet.url -> URL: hxxp://www.xmedia-recode.de/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012\Hilfen\WISO Steuer-Sparbuch 2012 Online-Hilfe.url -> URL: hxxp://support.buhl.de/support/search.html?productid=519
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge im Internet.url -> URL: hxxp://winmerge.org
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maniac Mansion [GOG.com]\Documents\Support.url -> URL: hxxp://www.gog.com/support/maniac_mansion
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Referenzdokumentation.url -> URL: hxxps://docs.oracle.com/javase/14/docs
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager on the Web.url -> URL: hxxp://win32diskimager.sourceforge.net
InternetURL: C:\Users\Daniela\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Daniela\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Daniela\Favorites\Windows Live\Windows Live Ideas.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Daniela\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Daniela\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Daniela\Favorites\MSN-Websites\MSN Auto.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Daniela\Favorites\MSN-Websites\MSN Fernsehen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Daniela\Favorites\MSN-Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Daniela\Favorites\MSN-Websites\MSN Nachrichten.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Daniela\Favorites\MSN-Websites\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Daniela\Favorites\MSN-Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Daniela\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Daniela\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Daniela\Favorites\Microsoft-Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Daniela\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Daniela\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Daniela\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\Daniela\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Daniela\Favorites\Links\Vorgeschlagene Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Daniela\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Daniela_2\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Daniela_2\Favorites\Links\Vorgeschlagene Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Daniela_2\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of Shortcut.txt =============================

Sweeny 13.05.2021 19:05
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by Daniela (13-05-2021 18:07:03)
Running from C:\Users\Alexander\Downloads
Windows 10 Pro Version 20H2 19042.985 (X64) (2020-11-12 21:38:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-565462843-2377332638-636861087-500 - Administrator - Disabled)
Alexander (S-1-5-21-565462843-2377332638-636861087-1001 - Limited - Enabled) => C:\Users\Alexander
Daniela (S-1-5-21-565462843-2377332638-636861087-1000 - Administrator - Enabled) => C:\Users\Daniela
Daniela_2 (S-1-5-21-565462843-2377332638-636861087-1002 - Limited - Enabled) => C:\Users\Daniela_2
DefaultAccount (S-1-5-21-565462843-2377332638-636861087-503 - Limited - Disabled)
Gast (S-1-5-21-565462843-2377332638-636861087-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-565462843-2377332638-636861087-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-565462843-2377332638-636861087-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Bridge Start Meeting (HKLM-x32\...\Adobe_e5be561960de651ccc8f21c193701df) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.9 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{368B4CD9-A459-4A34-A303-AA63BC3B172A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
cewe-fotoservice.de (HKLM-x32\...\cewe-fotoservice.de) (Version: 6.4.4 - CEWE Stiftung u Co. KGaA)
Cisco Webex Meetings (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\ActiveTouchMeetingClient) (Version: 41.5.3 - Cisco Webex LLC)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\CopyTrans Suite) (Version: 4.017 - WindSolutions)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Diercke Globus Online (HKLM-x32\...\Diercke Globus Online) (Version: 3.1.0 - Imagon GmbH)
Digitale Schulbücher (HKLM-x32\...\{DE24A5DA-8CE2-4BF8-AE5E-125FBC70BE9B}) (Version: 1.1.0.65 - VBM Service GmbH)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 7.1.2 - CEWE Stiftung u Co. KGaA)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version:  - )
Elevated Installer (HKLM-x32\...\{1D2951A7-36F2-40F6-9428-54E742F6FBBE}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries) Hidden
Encuentros 1 Edición 3000 (HKLM-x32\...\{8DC02275-4598-4163-8DCC-84FA398789E8}) (Version: 1.0.3.0 - Cornelsen Verlag)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileZilla Client 3.51.0 (HKLM-x32\...\FileZilla Client) (Version: 3.51.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{0A696C9D-D446-46AC-BEA4-8BD449909481}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{0ed393fb-f601-48bb-8b9e-e4c9ec3853bf}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Gira Project Assistant 4.5 (HKLM-x32\...\{bc6ee074-0fda-4ce0-9101-1742d780ec21}) (Version: 4.5.0.6557 - Gira Giersiepen GmbH & Co. KG)
Gira Projekt Assistent 4.5 (HKLM-x32\...\{959A0D30-B65F-48EB-BA91-479E0D7A6B05}) (Version: 4.5.0.6557 - Gira Giersiepen GmbH & Co. KG) Hidden
Git version 2.30.0 (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Git_is1) (Version: 2.30.0 - The Git Development Community)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.0.510 - )
HL-3152CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{4B691388-E031-4268-A096-95173D1E6E0F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java(TM) SE Development Kit 14.0.2 (64-bit) (HKLM\...\{6D7FE298-9878-53C8-801B-76A251D18BB2}) (Version: 14.0.2.0 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 2.48.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.48.1 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
KNX ETS5 Compatibility Components V5.5.0 (HKLM-x32\...\{070C17B5-D0DB-443A-9504-0AF04FE91F1E}) (Version: 5.5.0.0 - KNX Association cvba) Hidden
KNX ETS5 v5.7.5 (HKLM-x32\...\{88361985-6e56-44b8-b096-6b029a18b03d}) (Version: 5.7.1373.39489 - KNX Association cvba)
KNX ETS5 v5.7.5 (HKLM-x32\...\{D0FDBD87-FB2C-4A94-ABC2-50A8CD772C0A}) (Version: 5.7.1373.39489 - KNX Association cvba) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes)
Maniac Mansion (HKLM-x32\...\1832758895_is1) (Version: 1.0 - GOG.com)
MD5 File Hasher 1.4 (HKLM-x32\...\MD5 File Hasher_is1) (Version:  - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1113.826 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM\...\{598EF772-9320-43B6-9D3C-A60A1F6A804E}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM-x32\...\{2773DECE-0FE5-4CA9-96A8-621E0185388F}) (Version: 15.0.600.33 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.34.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 87.0 (x64 de) (HKLM\...\Mozilla Firefox 87.0 (x64 de)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiCommander (x64) (HKLM\...\MultiCommander x64) (Version: 9.6.1.2582 - Mathias Svensson)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.14 - F.J. Wechselberger)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.5 - )
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.00 - Nmap Project)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PureSync (HKLM-x32\...\{904CE946-09F9-4DB9-8D00-9E2E66DF4239}) (Version: 6.2.2 - Jumping Bytes)
RAPID Mode (HKLM\...\{0EBB0FA7-1DBA-4B97-9B44-BD5CC451EEF2}) (Version: 1.0.0.103 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games)
Saal Design Software (HKLM-x32\...\{26B842A7-6A09-5DCF-0805-2B8984C1EA84}) (Version: 4.0 - Saal Digital Fotoservice GmbH) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 4.0 - Saal Digital Fotoservice GmbH)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Data Migration (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.06.28 - Meltytech, LLC)
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version:  - )
sv.net comfort (HKLM-x32\...\sv.net comfort) (Version: 20.1.0 - ITSG GmbH)
Sweet Home 3D version 6.4.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.4.2 - eTeks)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.1-15163 - Synology)
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3475 - Synology, Inc.)
Synology Cloud Station (remove only) (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Synology CloudStation) (Version:  - )
Synology Cloud Station Backup (remove only) (HKLM\...\Synology Cloud Station Backup) (Version: 4.2.6.4408 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.3.0.4435 - Synology, Inc.)
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer)
Toolkit Documentation (HKLM-x32\...\{2BBA97A1-176F-DA72-96DE-0FEA66AF3EFF}) (Version: 10.1.18362.1 - Microsoft) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Unterrichtsmanager (HKLM-x32\...\{5772F79F-40DA-496F-A364-7E8AF0746F5D}) (Version: 1.0.1405.801 - Cornelsen Schulverlage)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{86A64DD6-2619-4D30-B777-75568A3EE56D}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
VideoDownloaderUltimate (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.91 - Link64)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Community 2017 (HKLM-x32\...\97af953f) (Version: 15.9.28307.1321 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\WhatsApp) (Version: 0.4.2088 - WhatsApp)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinDirStat 1.1.2 (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\WinDirStat) (Version:  - )
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{fb450356-9879-4b2e-8dc9-282709286661}) (Version: 10.1.18362.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinMerge 2.16.0.0 x64 (HKLM\...\WinMerge_is1) (Version: 2.16.0.0 - Thingamahoochie Software)
Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)
XMedia Recode Version 3.1.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.8 - XMedia Recode)
Zoom (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\ZoomUMX) (Version: 5.4.1 (58698.1027) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2021-03-21] (Microsoft Corporation) [MS Ad]
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-06-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} =>  -> No File
ShellIconOverlayIdentifiers: [  05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} =>  -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1-x32: [GeoSetterShellExt] -> {7506374C-A693-427B-8DDD-99DAFB79433D} => E:\PROGRA~1\GEOSET~1\GEOSET~1.DLL -> No File
ContextMenuHandlers1: [GeoSetterShellExt64] -> {A50BD5C6-4B18-44F3-8D6D-62DE89A969E9} => E:\PROGRA~1\GEOSET~1\GEOSET~2.DLL -> No File
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6-x32: [GeoSetterShellExt] -> {7506374C-A693-427B-8DDD-99DAFB79433D} => E:\PROGRA~1\GEOSET~1\GEOSET~1.DLL -> No File
ContextMenuHandlers6: [GeoSetterShellExt64] -> {A50BD5C6-4B18-44F3-8D6D-62DE89A969E9} => E:\PROGRA~1\GEOSET~1\GEOSET~2.DLL -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-565462843-2377332638-636861087-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} =>  -> No File
ContextMenuHandlers6_S-1-5-21-565462843-2377332638-636861087-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2016-02-10 09:19 - 2016-02-09 09:15 - 000096256 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000274432 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll
2016-02-10 10:21 - 2016-02-09 09:15 - 000013824 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Internet Encodings.dll
2016-02-10 10:21 - 2016-02-09 09:15 - 001865216 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBGUIFramework.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 005340672 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000090112 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000031744 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000293376 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 021790171 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 003506395 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 002223218 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000033280 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000043008 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000032768 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000507904 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000239104 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000430080 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000834555 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000121524 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 003331103 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 001547595 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000691712 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000124430 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 001315328 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll
2016-02-17 11:19 - 2015-04-13 07:12 - 000053248 _____ (Datacolor) [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\dccmtr.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 004620288 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Core.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 003921408 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Gui.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 001448448 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Network.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 006133760 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Widgets.dll
2019-02-17 11:27 - 2018-02-19 03:02 - 000202240 _____ (hxxp://winmerge.org) [File not signed] C:\Program Files\WinMerge\ShellExtensionX64.dll
2010-11-18 21:08 - 2010-11-18 21:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000065629 ____C (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libwinpthread-1.dll
2019-01-03 12:11 - 2019-01-03 12:11 - 000824119 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\sqlite3.DLL
2013-08-06 15:52 - 2013-08-06 15:52 - 001281536 _____ (Synology Inc.) [File not signed] C:\Program Files (x86)\Synology Data Replicator  3\vssWin764.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 002781303 ____C (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\LIBEAY32.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000809896 ____C (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\SSLEAY32.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 002822144 ____C (TODO: <Company name>) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-02-13 22:35 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\AOMEI Backupper;%SYSTEMROOT%\System32\OpenSSH\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-565462843-2377332638-636861087-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Control Panel\Desktop\\Wallpaper -> H:\Fotos\2019\Frieda_2019\Kalenderfotos_November\frieda-002.jpg
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniela_2\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Frieda-2019_01_22-003.jpeg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
LAN-Verbindung: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "launchOnStartup"
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{55CAA789-75B3-4FCA-8214-E07865B6FBDC}C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E1633AB0-97A3-41E4-A53E-915EAAA83035}C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CE788340-F605-421D-8FF3-CA3CC0EF1E24}C:\program files (x86)\gira\tks-communicator\tks-communicator.exe] => (Allow) C:\program files (x86)\gira\tks-communicator\tks-communicator.exe => No File
FirewallRules: [TCP Query User{AD2FFCE5-197F-4B35-9DC9-B492593060C9}C:\program files (x86)\gira\tks-communicator\tks-communicator.exe] => (Allow) C:\program files (x86)\gira\tks-communicator\tks-communicator.exe => No File
FirewallRules: [UDP Query User{8DEC5C2A-50D9-4ABD-A594-74FD4F5D1FDE}C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe => No File
FirewallRules: [TCP Query User{36C0A478-18FD-4300-844B-4D9C0410CA40}C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe => No File
FirewallRules: [UDP Query User{4BF21D08-AAAD-47B4-ACF2-26AD5ED62725}C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe => No File
FirewallRules: [TCP Query User{ED16257D-1ADF-4A9F-98A5-690359AC9FF6}C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe => No File
FirewallRules: [UDP Query User{9D391266-08FB-447D-892D-0EB0CECF0EAB}C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe] => (Allow) C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe => No File
FirewallRules: [TCP Query User{A4C7DD96-EFC5-4549-990D-9CE116EBC2BF}C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe] => (Allow) C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe => No File
FirewallRules: [{AAE95FEA-85CD-4028-A5A1-2EB812683457}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1E6735FE-0C08-49CE-8F7B-1DEDC13A460D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6AF40D22-915B-4FB9-976B-991984655605}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{080415CC-2ACC-4692-BE1E-E4A27E011713}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8A68AB7F-FCE8-45FB-AF87-D6F24B900EAC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EB71518-6B77-4673-877B-B907CBCCDAA6}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{CADB1434-9996-48AC-B2CC-8E09333DB45B}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{D709CCD3-7E76-430C-8992-613F422B5B0C}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{AAED9C16-950F-45F6-A039-BF15CD0F8816}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [UDP Query User{B4F4F3FC-5EA1-40C7-81E5-4A09A3A1B67A}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{D5126744-85D7-4A52-8304-A80B95D706CA}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{9EBEC148-2A01-4E33-A6AD-BC7673F3F36F}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{78F9492E-5FBB-4F72-9B9D-236C7ECDF7AE}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{AFA75C90-429F-4B39-80B8-BAC4E728C41F}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [TCP Query User{E96814A9-FC94-4DFB-B347-B496860EB61F}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{AEEC7785-7C79-4470-9AC9-C5689694093A}E:\programme\moodle\server\mysql\bin\mysqld.exe] => (Allow) E:\programme\moodle\server\mysql\bin\mysqld.exe => No File
FirewallRules: [TCP Query User{B410D241-C267-4AB6-AC7E-69CDB00977DF}E:\programme\moodle\server\mysql\bin\mysqld.exe] => (Allow) E:\programme\moodle\server\mysql\bin\mysqld.exe => No File
FirewallRules: [{86D560CE-5DE2-4DD1-AC46-B8F880DAB686}] => (Allow) C:\Users\Daniela\AppData\Local\Apps\2.0\QMZ1C5M7.CQQ\46V32XO8.QCE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{7A256D19-F0C1-4241-8DE9-4852A2EB3219}] => (Allow) C:\Users\Daniela\AppData\Local\Apps\2.0\QMZ1C5M7.CQQ\46V32XO8.QCE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{1548F67D-3F29-4BD4-B837-58906A66EF7A}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{383314EA-D4BC-4A7B-ADAF-1786BE9FD640}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{48052F57-61C7-4341-976B-48C5BC4407B3}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{0A7AB025-5395-4BAF-B0AB-E153CC2B41FB}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{E5F59835-76C4-4AEF-8DAD-E599F4A41304}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{0A547D25-F15F-4A3B-BFB7-B64CE31E3F6B}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{D83C555A-EF7A-45EE-95B4-650DB5467B5E}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{42BAB2EB-D8AB-4A4E-BCB7-9A37A76240FF}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{45ED6230-C9B8-4D09-82E3-CED1A6D9D71F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{5528DA7F-EFC0-4F42-AB5E-3E51F7D01FE9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{6F27145A-815B-427A-BEFB-27DCF71FBC47}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{AB18D25F-57D0-4708-BED5-E28744036A90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{476B8290-BB08-4DE1-A695-7DBBD373FE2A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{67DD2201-ED52-4B2E-834C-B5674007846C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{5D783FFB-A793-4BEE-8F9A-E44DE739CAEB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{C17A6886-4BAC-425F-8E24-DB6D35591C2A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{694D7876-7FA1-43B4-93D8-6403EC1D0A28}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{8B9EE56C-2ECC-4534-8671-155E3BBF441F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{98022E0D-5521-4296-8391-93AC26A3E4DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{05FB4CC1-8DE3-456B-8E87-6B8D33F98440}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{CB037463-1B6E-4DEE-ABC9-CE23FA686FC9}] => (Allow) E:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{249DC5AB-0D5E-4D2C-9925-F62D89359AB4}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe => No File
FirewallRules: [{80E5F4FC-82A7-46FD-B3BD-2D51269AE448}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe => No File
FirewallRules: [{FABF2069-DE19-47E3-949B-9587E469CD68}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe => No File
FirewallRules: [{0A302D0C-550F-41CD-9C6B-FAE7A6660111}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe => No File
FirewallRules: [TCP Query User{901687F5-E1BE-48CA-B7D3-6A977408A472}C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{C4ECB983-4AEF-4881-BB41-1FC941556C42}C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{E8AB70C8-1390-45C8-A30D-2B4EF53392A4}C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{64C2B278-B065-4DCB-8B1F-40FC111FB091}C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe => No File
FirewallRules: [TCP Query User{BB586E50-4195-4F18-97EE-72ACB75F2B9C}C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{914A8033-8C28-4EDB-85E9-4161E9905093}C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{0B04024D-306F-473A-BF3E-C9CC5B3F28D5}C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{F698BBCD-6B70-4CF3-9D8D-D5FF36BD8CB0}C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe => No File
FirewallRules: [{52AF1549-73FF-4FB8-9518-EB558253F27C}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{D725FA94-5970-43AF-98BE-6369A17405C5}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{BAD145E7-AB58-46CB-A637-711908F0AF98}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{6544ECC3-0638-427F-B75B-018692B1C83B}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [TCP Query User{03ED5189-0C44-477F-B547-C8F09E7B531C}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [UDP Query User{0D2EEB70-2C83-437B-9A14-133BBEFBBAB0}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [TCP Query User{584CA64F-9CAA-46F5-97E8-E93D2EA7D451}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [UDP Query User{DBD28CA4-5DC2-4BDC-A4CF-CA40CB40B6A1}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [TCP Query User{799AFFFA-3D23-488D-A5D7-E87D9A8ACBFD}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) [File not signed]
FirewallRules: [UDP Query User{8D8D0C25-0A95-43D5-AD32-2E9415851449}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) [File not signed]
FirewallRules: [TCP Query User{3641CD9C-6872-4DF2-9956-3C0B32C844E2}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{CFA2047C-2F6E-4B37-8E6E-012CC1F78E4F}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{C0EA3906-BCD0-4F86-8DD9-C3BE545E995B}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{CC6D968E-7E2A-4100-A8C0-4560B6F407B1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{6630C8D7-4E94-4F32-BB11-F9486F348E21}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{E6A33421-3676-43FD-9602-21B98D29B1EA}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [{38A9EF06-BB71-46C6-945D-96034E484A8C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1469B19-EF07-4960-92BD-429935153F45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{75F49C2D-E4BB-468A-98DD-5A27E06244F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40CBC498-7B3C-4525-AF4E-75958D2297F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF62BAF4-8DD9-41E4-A035-53CD03FBEBA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AC69356F-FF32-40BC-9737-3539408E50F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{61ACFAD5-C588-40D7-BC79-BE2108EE066D}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl)
FirewallRules: [UDP Query User{7AD714A4-90C2-466E-A98E-1A551ED16DB7}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl)
FirewallRules: [TCP Query User{9959DBBF-787C-4827-B15A-7DCFCAE213E8}C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe (Gira Giersiepen GmbH & Co. KG) [File not signed]
FirewallRules: [UDP Query User{8FA4E236-7B69-4E33-9F4E-08746C25D798}C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe (Gira Giersiepen GmbH & Co. KG) [File not signed]
FirewallRules: [{7C2C1C59-2294-4205-BFC5-7BC7B79F7C32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{456A0292-9FCC-411A-91B8-C3486B4F6ADD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EA4D5F54-48DE-469B-AF9E-3767A92DA5F4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A5A35596-02DD-41BE-B9FD-3C6AF433DFC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3B36DDD8-A774-4BA7-87E8-D81BD16D44DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D87186BC-E04A-4AD7-80E6-2CDBC86FA89E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4F913735-B180-4DE3-8CAF-C29F5B1AB862}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{91208837-6871-40F4-A39E-F2764F6361C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D0E905F0-BDDE-4C33-AA24-974325851794}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-05-2021 11:35:05 Windows Modules Installer
13-05-2021 12:14:28 Removed QuickTime 7

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/13/2021 06:07:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x844
Startzeit der fehlerhaften Anwendung: 0x01d748121b27a4b3
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 607d16d1-11f5-429a-b5a1-c9eff8adda70
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/13/2021 06:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2704
Startzeit der fehlerhaften Anwendung: 0x01d7481214814c32
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: fd8f21f5-f002-4a33-980a-03b1cb6609a1
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/13/2021 06:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x1fd8
Startzeit der fehlerhaften Anwendung: 0x01d748120dd6677f
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 4ed4df3f-9f38-4bcc-ae87-29205833fa63
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/13/2021 06:07:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x332c
Startzeit der fehlerhaften Anwendung: 0x01d74812072abb96
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: a294349c-761b-45db-8399-5e75863426cc
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/13/2021 06:06:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x331c
Startzeit der fehlerhaften Anwendung: 0x01d74812007fb073
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 7fd71b77-d834-4958-97ac-350f374be7c9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/13/2021 06:06:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0xbd8
Startzeit der fehlerhaften Anwendung: 0x01d74811f9d4eaa7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: e8459fb8-5196-4b38-9d56-fafed74d2f02
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/13/2021 06:06:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x3218
Startzeit der fehlerhaften Anwendung: 0x01d74811f32c6835
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 3ca8ee8a-ddb6-420e-9784-31e98e2d1357
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/13/2021 06:06:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x1450
Startzeit der fehlerhaften Anwendung: 0x01d74811ec820950
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 6a746c74-1110-4f3f-a199-09c7fc44c610
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (05/13/2021 02:04:53 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/13/2021 01:56:32 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.

Error: (05/13/2021 01:51:33 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/13/2021 01:02:57 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/12/2021 11:50:45 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/12/2021 11:44:40 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/12/2021 11:44:40 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/12/2021 11:44:40 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


Windows Defender:
================
Date: 2021-05-13 08:42:19
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A5C7AD69-10D0-4EEF-8DE5-21D2CD29A62B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\Netzwerkdienst

Date: 2021-05-12 15:40:42
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {AF240971-446E-4A2D-ABBE-781272221BA2}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-05-12 11:44:03
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {64005E21-B5AD-413B-B629-722F2E9BA944}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: PC\Alexander

Date: 2021-05-12 07:43:01
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {394DA5D5-86C2-49A3-8847-56B778F8D73A}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\Netzwerkdienst

Date: 2021-05-11 15:11:52
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {9FEF9F91-E5FE-4DFC-AD21-8604B427BB2D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-05-06 07:38:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.339.42.0
%Vorherige Version der Sicherheitsinformationen: 1.337.639.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.6
%Vorherige Modulversion: 1.1.18100.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-05-06 07:38:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.339.42.0
%Vorherige Version der Sicherheitsinformationen: 1.337.639.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.6
%Vorherige Modulversion: 1.1.18100.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-05-06 07:38:56
Description:
Fehler von Microsoft Defender Antivirus beim Aktualisieren des Moduls.
Neue Modulversion: 1.1.18100.6
Vorherige Modulversion: 1.1.18100.5
Benutzer: NT-AUTORITÄT\SYSTEM
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-04-28 18:00:03
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.337.117.0
%Vorherige Version der Sicherheitsinformationen: 1.335.1693.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.5
%Vorherige Modulversion: 1.1.18000.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-04-28 18:00:03
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.337.117.0
%Vorherige Version der Sicherheitsinformationen: 1.335.1693.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.5
%Vorherige Modulversion: 1.1.18000.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

CodeIntegrity:
===============
Date: 2021-05-13 13:47:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F11a 11/13/2013
Motherboard: Gigabyte Technology Co., Ltd. Z77-DS3H
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 79%
Total physical RAM: 8079.84 MB
Available physical RAM: 1637.08 MB
Total Virtual: 16271.84 MB
Available Virtual: 9141.64 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:837.87 GB) (Free:341.7 GB) NTFS
Drive d: (Programme) (Fixed) (Total:488.28 GB) (Free:319.34 GB) NTFS
Drive e: (Daten) (Fixed) (Total:976.56 GB) (Free:17.82 GB) NTFS
Drive f: (Daten_2) (Fixed) (Total:398.05 GB) (Free:2.88 GB) NTFS
Drive h: (Daten_3) (Fixed) (Total:2794.39 GB) (Free:1553.61 GB) NTFS

\\?\Volume{c0cedc76-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0CEDC76)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=837.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00007119)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: 00060924)

Partition: GPT.

==================== End of Addition.txt =======================

Hier noch die Ergebnisse von Malwarebytes. Dort wurden Malware gefunden!

Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 13.05.21
Scan-Zeit: 13:23
Protokolldatei: 979ce0b2-b3dd-11eb-9f85-902b3434bb9b.json

-Softwaredaten-
Version: 4.3.3.116
Komponentenversion: 1.0.1292
Version des Aktualisierungspakets: 1.0.40350
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19042.985)
CPU: x64
Dateisystem: NTFS
Benutzer: PC\Alexander

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 787057
Erkannte Bedrohungen: 34
In die Quarantäne verschobene Bedrohungen: 34
Abgelaufene Zeit: 24 Min., 19 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 3
PUP.Optional.Linkury, C:\USERS\ALEXANDER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 263, 455234, , , , , ,
PUP.Optional.Linkury, C:\USERS\DANIELA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 263, 455234, , , , , ,
PUP.Optional.Linkury, C:\USERS\DANIELA_2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 263, 455234, , , , , ,

Datei: 31
Generic.Trojan.Injector.DDS, C:\USERS\ALEXANDER\APPDATA\ROAMING\Microsoft\Windows\Recent\ElecPow12h.zip.lnk, In Quarantäne, 1000002, 0, , , , , 2EE1ED409BBC0D1AAC4B0C79656DD78A, 2AFC3005EA7CB95EBAF004624157906B7F0CE4357F21100A09B9E1D8A80EA559
Generic.Trojan.Injector.DDS, C:\USERS\ALEXANDER\DOWNLOADS\ELECPOW12H.ZIP, In Quarantäne, 1000002, 0, 1.0.40350, DB5189FFCB82FADCE0DBA54C, dds, 01241484, FC845530426AF1B17EA9AC81A86B159E, CC379EF8AB56146FDB51A8646B318D40A89A89DE72E8004E111F511A48409FA4
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 263, 455234, , , , , D39CB2961127469B3EDC267CD5936BDF, DD98E2B03E1B3DDC7CA8135C6062BCAE49CC26654853F7C994C26146425917D9
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\008737.ldb, In Quarantäne, 263, 455234, , , , , 3683C6434CA592ADC61CF167AE670EB1, 03B9CB8DEE8A4B3F3CE9F739C38C2A64E1BB4249A44A600252E30BB08B84B73F
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\008738.log, In Quarantäne, 263, 455234, , , , , 2552D4D333E7A32817C1B74B5E984309, F94AFFC044E83D89DA77F030FC06DBC64D29575E6CA22A36DC0903AFE79A12B9
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\008739.ldb, In Quarantäne, 263, 455234, , , , , CCCC22759B382DA594AEB5EE7C47ED45, 28C9063741098037FB66FB5800C33CF0FD5A22FC344477B3172751BD075AD92A
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 263, 455234, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 263, 455234, , , , , ,
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 263, 455234, , , , , F7360C89C91311D4546C5E63735A0B7F, 88EE4CAFF07E0FA09496E2EB7A901FEB1AAA5E78BD56D97F089F12585FDA2DE0
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 263, 455234, , , , , E57CB184E87BC62EB908964DA9414F32, 459701738EF66DB961708BB7721380FCED17E46AB9CD1C587A7579314DFA76E2
PUP.Optional.Linkury, C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 263, 455234, , , , , B8D65DA3017F0D4FD71A1CE6033E8185, 7B796C6B6DD939A6233E4AC587C80F46996FA649677FB6F134F161BCDE13D852
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 263, 455234, , , , , 98BDAD7B3E81B754D7FF42ED394D548E, 6A7BD6A921AD5FBABE94AD7A848432C2454D91EDD2078EF8BCDEFF4C416A707C
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000019.ldb, In Quarantäne, 263, 455234, , , , , 447C0330450A6CDBAC38C0096CB7184E, E1C9A297871FDBD93D53C7CAD5E1D165E329773C975E039F541FE37F8EE54931
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000022.ldb, In Quarantäne, 263, 455234, , , , , CE991044E4C5A39EBCBB99EBDD1A653B, DB518255524C143E815F723A139A60591BCA99EB2D37C4F87058F7260776308A
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000024.log, In Quarantäne, 263, 455234, , , , , A3C91849E29ABB021A1B95EE23CDFE62, 3C354883DF898CF3BFA402E8F3583A0115466A6BE15FE67A9605C56D7E3C8262
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000025.ldb, In Quarantäne, 263, 455234, , , , , 488E138A7A83257A05E400009D4BD7E2, AE75884138F81B026D3C07A398261D1778B489F8DC808BB9B7C40E3B1168A13E
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 263, 455234, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 263, 455234, , , , , ,
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 263, 455234, , , , , AC3FE23186F6810C1C5F462ABE98AD90, 90A128EEAADA12D7A51AFB4CBC1EC52482E9969EAD554FF679850C39B751A2E1
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 263, 455234, , , , , 66F0E1CAF2FE531FF16D599D94CCD9BA, 7276F99CE239FAD347B62CE638E63F91CE14675B155CC3E3945809BD4D423677
PUP.Optional.Linkury, C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 263, 455234, , , , , 487C5DD037ED28FDCF9D8CC1D4F678E9, 7CA729D70059B5CD8C91F209D2D8D87298C9648A16FC87B21C401E9844D2FCD7
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 263, 455234, , , , , BF75812A93F72D1B68E0703861C6154A, F7C6E03399335A1EB90963FE72ED6E9DB16D53C2E8F5014E11E6C2589C803021
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001304.ldb, In Quarantäne, 263, 455234, , , , , DBE777754A54E8D323123F9552EEC78A, 149E22E77CA3F2A5C4F25A392270E4E18B112ECDA50A815F9B1868C93C4F8689
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001305.log, In Quarantäne, 263, 455234, , , , , 4F334EE91375266CE9BBDD8E9244BD71, 3EE59E663B4C8986D4B63A9C5946046A10FA2CEAEFCDE05A66CCAECD5CFEBDF3
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001306.ldb, In Quarantäne, 263, 455234, , , , , C69C7C0CBF5DCC7B5C7CDA9A249A2415, 2B994C0D4D427E7978EC26EA9DBF19CEDF5962AF573FD66A7270E0D33A1DB9A8
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 263, 455234, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 263, 455234, , , , , ,
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 263, 455234, , , , , 47718583A0F234D168890B3E24FC251C, 3CA758167AE4E0398BD8FDAD2CDF488501928C4F1C02AEE4A0B0B4F96AAE0137
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 263, 455234, , , , , 1528CBBC83EE30B33913A78C81CA3E52, 5D4B274002F0A95AC61C3F3A99137B6C7F79BF813BCA89DBC5C19A9B233486BE
PUP.Optional.Linkury, C:\Users\Daniela_2\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 263, 455234, , , , , 81EB189D8DCBEE51A72342AC0C939C16, 58A4C0F6C1644D41CAFEB7BA607AEA6BD15AAA9A2922C6322382A8C09B9DEBAD
PUP.Optional.Linkury, C:\USERS\DANIELA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Ersetzt, 263, 455234, 1.0.40350, , ame, , 872603098A9B96EAF9399A9EFADBF5C9, 2025D4B538E3DD407E9E0720E5F6BE109FCBCBC4BBDE0F25FBCB77947F5474D7

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

M-K-D-B 14.05.2021 21:29
:hallo:



Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.





Die Syncronisierung von Google Chrome verhindert, dass die Adware vollständig entfernt werden kann.





Schritt 1
  • Starte Google Chrome.
  • Melde dich in deinem Google Dashboard an.
  • Klicke im Bereich "Chrome-Synchronisierung" auf Synchronisierung zurücksetzen und bestätige dies mit Ok. Mit diesem Schritt werden die Daten von den Google-Servern entfernt.
  • Schließe Google Chrome.





Schritt 2
  • Deinstalliere Google Chrome über Start > Einstellungen > Apps.
  • Setze bei der Deinstallation auch einen Haken vor Auch die Browserdaten löschen .
  • Starte den Rechner im Anschluss neu auf.
  • Installiere Google Chrome neu (falls benötigt). Vorerst keine Erweiterungen/Plugins installieren und nicht mit einem evtl. vorhandenen Konto verbinden/synchronisieren.





Schritt 3
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Sweeny 15.05.2021 08:04
Hallo Matthias,

ganz vielen Dank. Das mache ich sehr gerne.

Auf https://chrome.google.com/sync gibt es allerdings nur die Möglichkeit, "Daten zu löschen". Synchronisierung zurücksetzen gibt es nicht?

Viele Grüße

Alex

M-K-D-B 15.05.2021 13:02
Ah ok, dann bitte Daten löschen auswählen. :)
Anschließend bitte weiter mit den anderen Schritten.

Sweeny 15.05.2021 19:42
Hallo,

das habe ich jetzt alles so gemacht... Hier wieder die Logs:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by Daniela (administrator) on PC (15-05-2021 20:32:54)
Running from C:\Users\Alexander\Downloads
Loaded Profiles: Daniela & Alexander
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

((c)2016 Datacolor) [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Gira Giersiepen GmbH & Co. KG) [File not signed] C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\MobileBrServ\mbbService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\jbServices.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncCheck.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\net.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.215.0_x64__8wekyb3d8bbwe\YourPhone.exe
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-08-29] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [MD5 File Hasher] => C:\Program Files (x86)\MD5 File Hasher\MD5FileHasher -s
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33031648 2021-05-06] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-30] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [PureSync] => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncTray.exe [1433888 2021-01-12] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [8030280 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [3F39F816CD7BDDEEE521D84DB3B9E481A1B62B66._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [Amazon Music] => C:\Users\Daniela_2\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2746184 2016-08-22] (Link64 GmbH -> Link64 GmbH)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [PTOneClick] => C:\Users\Daniela_2\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe /AutoRunning="1"
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [CiscoMeetingDaemon] => "C:\Users\Daniela_2\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [110264 2013-04-09] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Winlogon\GPExtensions: [{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}] -> %SystemRoot%\System32\RdpGroupPolicyExtension.dll
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-15]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-11-30]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) [File not signed]
Startup: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-13]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04291AB8-1BFF-482D-A354-0DAA63096B83} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [880 2020-09-25] () [File not signed]
Task: {04620E3E-9FF6-47C3-A01D-3391D0960B5E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {157F03BB-812E-48C2-978F-EB0066E01444} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe
Task: {1962D670-73A2-4161-9A19-96A76222E178} - System32\Tasks\JumpingBytes\PureSyncElvDaniela => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncHelper.exe [168304 2020-12-29] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
Task: {1B78249E-0F85-4595-AD1B-CCAB4B056072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D915986-CA90-4D97-B368-5FDEF41966A6} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {1E639B88-7427-4D46-BDE4-EED2D5F7C033} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe
Task: {24F345DF-CDEF-4C26-AD31-EAF482740CED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2D8ADC5D-837C-4828-AA64-3FC4C3079E99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2EBB0D39-C126-4B26-8B72-90B964C712B3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-04-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {37892A5E-D1D4-452D-ADFE-6422BB2D4776} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {3B3F30A3-9CD8-4F03-B0DF-8C8B6A87E0C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {4426CA6A-6D63-4546-9887-23745332C150} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Alexander\Downloads\adwcleaner_8.0.8.exe [8447152 2021-01-04] (Malwarebytes Inc -> Malwarebytes)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {49F6C337-FA53-4D3B-843D-BED1B91BE776} - System32\Tasks\{54BA2233-CCFA-4261-A274-CCA9C78F9057} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.13.0.101/de/abandoninstall?page=tsProgressBar
Task: {5A9BE10E-CDC1-4CB2-B604-82B206E024CF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5DF044AA-F71D-465A-A02D-9661F829562B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} - System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {730AC712-A578-4E65-9B1C-81CDB7383A0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D264AAA-6A33-4C26-BBF6-E2793D0725E8} - System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {817196E8-49EA-44B0-9801-06263B2B7759} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {83B0D73A-F964-44E7-8F91-623ED70F52B5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8B0BA113-9347-4E90-ABA6-4E0044A54B3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {982191EA-C967-4C55-89E1-98A29DCF2D7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A1A1065C-53BB-44A2-AB31-FF1A14B21F33} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-30] (Garmin International, Inc. -> )
Task: {A22B84F6-6C73-4A07-B406-F3E8401D1215} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A571E058-5154-4DEF-A1FD-35E525B5A7D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A698037E-D4C5-48F7-9873-E12612DF4122} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B94B5459-13C5-4CFC-AEFB-0D44C00DDBBA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D73272D8-6B30-42B4-9F86-9D193D236005} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DA7D7AEF-5F67-4FE5-A4B2-A48329BB6822} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {DC1F9E36-2BB2-4476-9905-DC43F652CE24} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {DFB52FB2-5D05-488A-A154-428C6E6F1FC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E44C1574-A4D3-44BD-B903-47238C91A761} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E61B52C4-BD2A-4CEF-99C4-F3F3234E3778} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {FCCFE89B-E986-4F5E-872C-78311469263D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-565462843-2377332638-636861087-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-565462843-2377332638-636861087-1002] => http=127.0.0.1:8082
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5480B2BA-F1B7-4A2B-8A15-1DF39A453731}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{60341516-228f-4571-b28b-6a54ea39e1de}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{6f5fd123-17cc-41ab-880d-ba370803e490}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{819399cc-6cbd-46fa-85c8-6453fe863580}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{da847a6d-8b87-488d-8d74-945bab7d8180}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{eaaf18ef-cd74-4176-90b9-86a9fc005615}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ef76afab-0760-4a1b-b70f-36c9844b65b6}: [DhcpNameServer] 192.168.178.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKU\S-1-5-21-565462843-2377332638-636861087-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 Cloud Station Backup VSS Service x64; C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe [287256 2018-03-01] (Synology Inc. -> ) [File not signed]
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [352280 2019-03-06] (Synology Inc. -> ) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-14] (Macrovision Europe Ltd.) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1242696 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
R2 GPAService; C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe [9216 2020-04-29] (Gira Giersiepen GmbH & Co. KG) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [245688 2019-11-15] (Huawei Technologies Co., Ltd. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1705088 2020-05-12] (Rockstar Games, Inc. -> Rockstar Games)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [384072 2013-10-09] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-08-08] (Synology Inc. -> ) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\NisSrv.exe [2599312 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe [128376 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-01-23] (AnchorFree Inc -> The OpenVPN Project)
S3 avmaudio; C:\WINDOWS\System32\DRIVERS\avmaudio.sys [116096 2012-07-14] (AVM Berlin) [File not signed]
S3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-08-05] (AVM Berlin) [File not signed]
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S3 fwlanusbn; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) [File not signed]
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
U4 npcap_wifi; no ImagePath
S1 UimBus; \SystemRoot\System32\drivers\uimbus.sys [X]
S1 Uim_DEVIM; \SystemRoot\System32\drivers\uimdevim.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-15 20:26 - 2021-05-15 20:26 - 000000000 ____D C:\Users\Alexander\Downloads\FRST-OlderVersion
2021-05-15 20:24 - 2021-05-15 20:24 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-15 20:24 - 2021-05-15 20:24 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-15 20:24 - 2021-05-15 20:24 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-15 20:24 - 2021-05-15 20:24 - 000000000 ___DC C:\Users\Alexander\AppData\LocalLow\IGDump
2021-05-15 09:02 - 2021-05-15 09:03 - 002052852 ____C C:\Users\Alexander\Documents\bookmarks_15.05.21.html
2021-05-13 20:03 - 2021-05-13 20:03 - 000009280 ____C C:\Users\Daniela\Desktop\malware.txt
2021-05-13 20:01 - 2021-05-13 20:01 - 000000000 ____D C:\Users\Daniela\AppData\Local\mbam
2021-05-13 18:40 - 2021-05-13 18:40 - 000010974 _____ C:\Users\Alexander\Downloads\Aenderungssscheck_5579350570682806442.pdf
2021-05-13 17:57 - 2021-05-13 18:08 - 000113050 _____ C:\Users\Alexander\Downloads\Shortcut.txt
2021-05-13 17:53 - 2021-05-15 20:26 - 002299392 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64 (1).exe
2021-05-13 13:22 - 2021-05-13 13:22 - 000000000 ____D C:\Users\Alexander\AppData\Local\mbam
2021-05-13 13:21 - 2021-05-13 13:21 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-13 13:20 - 2021-05-13 13:20 - 002078632 _____ (Malwarebytes) C:\Users\Alexander\Downloads\mbsetup.exe
2021-05-13 13:18 - 2021-05-13 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\AviraSpeedup
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\Avira
2021-05-13 13:07 - 2021-05-13 13:07 - 006554200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alexander\Downloads\avira_de_asu80_1191873915-1620901252__poptws.exe
2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngineLauncher
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngine
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\NVIDIA Corporation
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\EpicGamesLauncher
2021-05-13 12:51 - 2021-05-13 12:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\sp6_log
2021-05-13 12:20 - 2021-05-13 12:20 - 031412280 _____ (Piriform Software Ltd) C:\Users\Alexander\Downloads\ccsetup579.exe
2021-05-13 09:35 - 2021-05-13 09:35 - 000048980 _____ C:\Users\Alexander\Downloads\rkma.Nodes_.WindowControllerNode-1.0.29.zip
2021-05-13 08:59 - 2021-05-13 09:00 - 022337937 _____ C:\Users\Alexander\Downloads\Pegasus_E-Bikes_Betriebsanleitung_BOSCH Intuvia _MY2021_DE.pdf
2021-05-13 08:50 - 2021-05-13 08:50 - 004316080 _____ (Dominik Reichl ) C:\Users\Alexander\Downloads\KeePass-2.48.1-Setup.exe
2021-05-12 20:55 - 2021-05-12 20:56 - 022927958 _____ C:\Users\Alexander\Downloads\XiaomiADBFastbootTools (4).jar
2021-05-12 11:47 - 2021-05-12 11:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-12 11:46 - 2021-05-12 11:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 11:46 - 2021-05-12 11:46 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 11:46 - 2021-05-12 11:46 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-12 07:34 - 2021-05-12 07:34 - 000001474 _____ C:\Users\Alexander\Downloads\URLLink (20).acsm
2021-05-10 20:05 - 2021-05-10 20:05 - 000030113 _____ C:\Users\Alexander\Downloads\Impfquotenmonitoring (4).xlsx
2021-05-06 14:40 - 2021-05-06 14:40 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (5).pdf
2021-05-06 14:39 - 2021-05-06 14:39 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (2).pdf
2021-05-06 14:17 - 2021-05-06 14:17 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (4).pdf
2021-05-06 13:39 - 2021-05-06 13:39 - 004611099 _____ C:\Users\Alexander\Downloads\indego-400-100047627-original-pdf-344873-de-de.pdf
2021-05-06 13:38 - 2021-05-06 13:38 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (1).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (3).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (2).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen.pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008372691 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (1).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 004611099 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 4,4 MB).pdf
2021-05-01 18:21 - 2021-05-01 18:21 - 014562150 _____ C:\WINDOWS\SysWOW64\a6d3737a-f1a4-40bd-ba3b-cab2eec8ba75.gproj
2021-05-01 18:07 - 2021-05-01 18:07 - 014562164 _____ C:\WINDOWS\SysWOW64\8153567d-4c64-4aca-9e59-c4eadc920168.gproj
2021-05-01 18:06 - 2021-05-01 18:06 - 014562198 _____ C:\WINDOWS\SysWOW64\ba0cf4c6-8abb-4ef3-836d-0027a2be1a15.gproj
2021-05-01 17:54 - 2021-05-01 17:54 - 014559759 _____ C:\WINDOWS\SysWOW64\716109be-b030-4168-926d-8f358e3462ce.gproj
2021-05-01 17:42 - 2021-05-01 17:42 - 014560960 _____ C:\WINDOWS\SysWOW64\206a6125-ca37-4ff1-bd34-26fa25967e3a.gproj
2021-05-01 17:30 - 2021-05-01 17:30 - 014553120 _____ C:\WINDOWS\SysWOW64\de74be2b-f678-4b01-804e-40c91755dcda.gproj
2021-05-01 17:22 - 2021-05-01 17:22 - 014547269 _____ C:\WINDOWS\SysWOW64\8f189782-fe33-4ea4-a0e4-9b1c9541efb8.gproj
2021-05-01 17:17 - 2021-05-01 17:17 - 014547335 _____ C:\WINDOWS\SysWOW64\8b5bc60a-7c14-4d40-aaf4-5a8ca818ff66.gproj
2021-05-01 17:15 - 2021-05-01 17:15 - 014547369 _____ C:\WINDOWS\SysWOW64\891c0700-7ff2-4bfb-9d77-14a9740a5e3f.gproj
2021-05-01 17:08 - 2021-05-01 17:08 - 014547263 _____ C:\WINDOWS\SysWOW64\6a86d4bc-d366-4ce9-b851-4e16ae88ed96.gproj
2021-05-01 17:05 - 2021-05-01 17:05 - 014545033 _____ C:\WINDOWS\SysWOW64\300e5685-c2e8-4534-a90c-0d99c7ee4f62.gproj
2021-05-01 15:49 - 2021-05-01 15:49 - 000141876 _____ C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba.zip
2021-05-01 15:49 - 2021-05-01 15:49 - 000000000 ____D C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba
2021-05-01 15:20 - 2021-05-01 15:20 - 014714494 _____ C:\WINDOWS\SysWOW64\923d93eb-517b-40e4-b539-e5242aaf63d0.gproj
2021-05-01 15:20 - 2021-05-01 15:20 - 014389004 _____ C:\WINDOWS\SysWOW64\f63315e3-5003-4437-a614-06f6f43086f7.gproj
2021-05-01 12:38 - 2021-05-01 12:38 - 000614448 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin
2021-05-01 12:37 - 2021-05-01 12:37 - 000438957 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin.gz
2021-05-01 11:22 - 2021-05-01 11:22 - 014389503 _____ C:\WINDOWS\SysWOW64\0f085712-de48-4617-ae9a-5c7980ad6bf5.gproj
2021-05-01 11:13 - 2021-05-01 11:13 - 019694741 _____ C:\Users\Alexander\Downloads\2021_05_01_Zimmerhofer.knxproj
2021-04-28 20:50 - 2021-04-28 20:50 - 000394029 ____C C:\Users\Alexander\Desktop\zeitaufgaben_volle_stunde_1.pdf
2021-04-28 20:38 - 2021-04-28 20:38 - 001387849 _____ C:\Users\Alexander\Desktop\Zirkus_Abschreibkartei_Druck.pdf
2021-04-28 20:37 - 2021-04-28 20:37 - 001238257 _____ C:\Users\Alexander\Desktop\Dominos_Uhrzeiten.pdf
2021-04-28 20:35 - 2021-04-28 20:35 - 000935475 _____ C:\Users\Alexander\Desktop\AB_Tag_24 Stunden.pdf
2021-04-25 14:54 - 2021-04-25 15:03 - 004228506 ____C C:\Users\Alexander\Desktop\IMG_6715.mp4
2021-04-24 19:41 - 2021-04-24 19:41 - 014362110 _____ C:\WINDOWS\SysWOW64\c853b3f9-927f-4f9d-bfe5-bbb2449a0134.gproj
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ___DC C:\Users\Alexander\Documents\PDFsam Enhanced Files
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\spellings
2021-04-24 08:49 - 2021-04-24 08:49 - 000000000 ____D C:\ProgramData\PDFsam Basic
2021-04-24 08:48 - 2021-04-24 08:49 - 020694304 _____ (Andrea Vacondio) C:\Users\Alexander\Downloads\PDFsam_Basic_4_Installer (1).exe
2021-04-23 20:08 - 2021-04-23 20:08 - 000339381 _____ C:\Users\Alexander\Downloads\7002011317.pdf
2021-04-23 20:06 - 2021-04-23 20:06 - 000087229 _____ C:\Users\Alexander\Downloads\7002011311.pdf
2021-04-23 14:12 - 2021-04-23 14:12 - 000096265 _____ C:\Users\Alexander\Downloads\Label-9699617009.pdf
2021-04-23 13:11 - 2021-04-23 13:11 - 000252893 ____C C:\Users\Alexander\Documents\9699617009.pdf
2021-04-20 14:13 - 2021-04-20 14:13 - 000182225 _____ C:\Users\Daniela_2\Downloads\sormas Notgruppe 4.xlsx
2021-04-20 09:23 - 2021-04-20 09:23 - 000871637 _____ C:\Users\Alexander\Downloads\Impfdokumentation (3).pdf
2021-04-19 22:51 - 2021-04-19 22:51 - 000044017 ____C C:\Users\Alexander\Desktop\Impfzentrum Bonn.pdf
2021-04-19 12:42 - 2021-04-19 12:42 - 000019628 _____ C:\Users\Alexander\Downloads\germany_vaccinations_timeseries_v2.tsv
2021-04-19 12:41 - 2021-04-19 12:41 - 000018588 _____ C:\Users\Alexander\Downloads\germany_deliveries_timeseries_v2.tsv
2021-04-19 10:21 - 2021-04-19 10:21 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-19 10:03 - 2021-04-19 10:03 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-04-19 07:56 - 2021-04-19 07:56 - 000842910 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2)_Ute.pdf
2021-04-19 07:38 - 2021-04-19 07:38 - 000870299 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2).pdf
2021-04-19 07:37 - 2021-04-19 07:37 - 000835570 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1)_Carlo.pdf
2021-04-19 07:36 - 2021-04-19 07:36 - 000862959 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1).pdf
2021-04-18 16:36 - 2021-04-18 16:36 - 007505263 _____ C:\Users\Alexander\Downloads\20693710.pdf
2021-04-18 16:27 - 2021-04-18 16:27 - 014362447 _____ C:\WINDOWS\SysWOW64\e24cf558-316e-4022-9189-974973802dac.gproj
2021-04-18 15:33 - 2021-04-18 15:33 - 000039424 ____C C:\Users\Daniela_2\Desktop\Notgruppe4.xls
2021-04-18 09:54 - 2021-04-18 09:54 - 001871048 _____ C:\Users\Alexander\Desktop\MDT_THB_SCN_02_Bewegungsmelder_Automatik_Schalter_55_63.pdf
2021-04-18 09:53 - 2021-04-18 09:53 - 000416540 _____ C:\Users\Alexander\Desktop\MDT_AOI_Motion_Detector_Automatic_Switch_55_02.pdf
2021-04-17 18:47 - 2021-04-19 20:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-17 18:47 - 2021-04-17 18:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-17 18:37 - 2021-04-17 18:37 - 103052437 _____ C:\Users\Alexander\Downloads\tks-ip-gateway_05.04.00.08 (1).zip
2021-04-17 15:46 - 2021-04-17 15:46 - 014362389 _____ C:\WINDOWS\SysWOW64\0d9754c3-2270-4de6-8638-187a4d6ecda7.gproj
2021-04-17 14:53 - 2021-04-17 14:53 - 000001603 _____ C:\Users\Daniela_2\Downloads\URLLink (24).acsm
2021-04-17 14:48 - 2021-04-17 14:48 - 000001620 _____ C:\Users\Daniela_2\Downloads\URLLink (23).acsm
2021-04-17 11:45 - 2021-04-17 11:45 - 000017432 _____ C:\Users\Alexander\Downloads\Download.CSV
2021-04-17 11:10 - 2021-04-17 11:10 - 000001561 _____ C:\Users\Daniela_2\Downloads\URLLink (22).acsm
2021-04-17 10:03 - 2021-04-17 10:03 - 000144775 ____C C:\Users\Alexander\Desktop\formular_kontaktpersonen_pflegende_angehoerige_und_schwangere_beschreibbar.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-15 20:34 - 2015-04-05 09:49 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CrashDumps
2021-05-15 20:33 - 2021-01-04 12:14 - 000030025 _____ C:\Users\Alexander\Downloads\FRST.txt
2021-05-15 20:33 - 2021-01-04 12:14 - 000000000 ____D C:\FRST
2021-05-15 20:31 - 2021-01-04 12:17 - 000078194 _____ C:\Users\Alexander\Downloads\Addition.txt
2021-05-15 20:31 - 2020-11-12 23:37 - 001916338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-15 20:31 - 2019-12-07 16:51 - 000820626 _____ C:\WINDOWS\system32\perfh007.dat
2021-05-15 20:31 - 2019-12-07 16:51 - 000177158 _____ C:\WINDOWS\system32\perfc007.dat
2021-05-15 20:31 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-15 20:26 - 2020-01-04 19:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-15 20:26 - 2016-12-27 15:40 - 000000000 ___DC C:\Users\Alexander\AppData\LocalLow\Mozilla
2021-05-15 20:25 - 2019-01-27 12:27 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\KeePass
2021-05-15 20:25 - 2013-12-06 17:22 - 000000000 ___RD C:\Users\Alexander\Gemeinsame Cloudstation
2021-05-15 20:25 - 2013-04-11 21:58 - 000000000 ___RD C:\Users\Alexander\CloudStation
2021-05-15 20:25 - 2013-04-11 21:57 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CloudStation
2021-05-15 20:24 - 2020-11-12 23:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-15 20:24 - 2020-11-12 23:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-15 20:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-15 20:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-15 20:24 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-15 20:24 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-05-15 20:24 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-15 20:24 - 2016-06-17 21:17 - 000000000 __SHD C:\Users\Alexander\IntelGraphicsProfiles
2021-05-15 20:24 - 2013-01-06 14:27 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-15 20:23 - 2014-09-26 21:10 - 000000000 _SHDC C:\Users\Daniela\AppData\Local\EmieUserList
2021-05-15 20:23 - 2014-09-26 21:10 - 000000000 _SHDC C:\Users\Daniela\AppData\Local\EmieSiteList
2021-05-15 20:23 - 2012-07-15 21:11 - 000000000 ____D C:\Program Files (x86)\Google
2021-05-15 20:22 - 2018-05-30 22:35 - 000000000 ___DC C:\Users\Daniela\AppData\Local\Google
2021-05-15 09:14 - 2012-08-13 19:59 - 000000000 ___DC C:\Users\Alexander\Documents\Outlook-Dateien
2021-05-15 09:07 - 2017-05-31 22:04 - 000000348 _____ C:\WINDOWS\BRRBCOM.INI
2021-05-15 08:46 - 2020-06-25 15:37 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-15 08:46 - 2020-06-25 15:37 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-15 08:46 - 2020-06-25 15:37 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-14 13:42 - 2020-11-12 23:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-13 20:06 - 2012-07-14 10:48 - 000000000 ___DC C:\Users\Daniela\AppData\Roaming\Notepad++
2021-05-13 20:02 - 2015-05-23 06:32 - 000000000 ___DC C:\Users\Daniela\AppData\Local\CrashDumps
2021-05-13 19:58 - 2015-05-23 06:09 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\CrashDumps
2021-05-13 19:58 - 2013-12-06 17:44 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\CloudStation
2021-05-13 19:52 - 2020-03-30 19:23 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\WebEx
2021-05-13 19:51 - 2020-03-30 19:23 - 000000000 ____D C:\Users\Daniela_2\AppData\Roaming\webex
2021-05-13 19:37 - 2013-12-06 17:46 - 000000000 ___RD C:\Users\Daniela_2\Gemeinsame CloudStation
2021-05-13 19:37 - 2013-12-06 17:45 - 000000000 ___RD C:\Users\Daniela_2\CloudStation
2021-05-13 19:36 - 2016-06-18 06:55 - 000000000 __SHD C:\Users\Daniela_2\IntelGraphicsProfiles
2021-05-13 14:01 - 2014-11-24 20:24 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-13 13:51 - 2020-11-12 23:26 - 002806440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-13 13:21 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-13 13:02 - 2019-02-17 17:49 - 000000000 ____D C:\Program Files (x86)\iMobie
2021-05-13 12:58 - 2019-06-09 08:21 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-05-13 12:58 - 2017-01-10 22:18 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2021-05-13 12:57 - 2018-11-25 20:12 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\D3DSCache
2021-05-13 12:52 - 2012-08-17 20:07 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-13 12:51 - 2016-09-22 03:30 - 000000000 ____D C:\Program Files\Common Files\logishrd
2021-05-13 12:51 - 2016-03-26 13:57 - 000000000 ____D C:\ProgramData\Logishrd
2021-05-13 12:46 - 2019-08-07 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-13 12:45 - 2020-03-25 21:52 - 000000000 ____D C:\Program Files (x86)\AntiTwin
2021-05-13 12:44 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Packages
2021-05-13 12:23 - 2019-06-09 09:57 - 000000000 ____D C:\temp
2021-05-13 12:16 - 2016-02-21 17:48 - 000000000 ____D C:\ProgramData\Apple Computer
2021-05-13 12:14 - 2016-06-17 21:19 - 000000000 ___RD C:\Users\Alexander\OneDrive
2021-05-13 08:52 - 2019-01-27 12:26 - 000001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2021-05-13 08:52 - 2019-01-27 12:26 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2021-05-13 08:44 - 2016-06-18 06:44 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-13 08:33 - 2012-08-07 10:00 - 000000000 ___DC C:\Users\Daniela_2\Documents\Outlook-Dateien
2021-05-12 12:15 - 2020-08-14 17:10 - 000000000 ___DC C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-12 12:15 - 2019-08-07 21:42 - 000000000 ____D C:\Program Files (x86)\Gira
2021-05-12 12:11 - 2021-04-02 11:28 - 000000000 ____D C:\Program Files\GrafanaLabs
2021-05-12 12:07 - 2014-07-12 17:09 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Skype
2021-05-12 12:07 - 2012-07-14 10:37 - 000000000 ____D C:\ProgramData\Skype
2021-05-12 11:55 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-12 11:49 - 2019-12-07 16:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 11:49 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-12 11:49 - 2019-12-07 16:52 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 11:49 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 11:36 - 2020-11-11 20:48 - 000000000 ___HD C:\$WinREAgent
2021-05-12 11:34 - 2013-07-21 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 11:24 - 2012-07-14 10:20 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 07:32 - 2020-11-12 23:38 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-565462843-2377332638-636861087-1002
2021-05-11 07:32 - 2020-11-12 23:28 - 000002427 ____C C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-11 07:32 - 2016-06-18 06:56 - 000000000 ___RD C:\Users\Daniela_2\OneDrive
2021-05-10 20:24 - 2019-04-20 21:56 - 000000000 ____D C:\Users\Daniela_2\AppData\Roaming\KeePass
2021-05-10 14:03 - 2018-05-30 22:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-02 20:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Daniela_2
2021-05-02 09:33 - 2013-04-11 22:17 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\vlc
2021-05-01 22:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Alexander
2021-05-01 12:52 - 2021-03-04 20:41 - 000000000 ____D C:\Program Files\PDFsam Basic
2021-04-30 10:22 - 2020-10-01 15:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-30 09:13 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\Packages
2021-04-26 07:44 - 2020-11-28 10:08 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b93b6516950a
2021-04-26 07:44 - 2020-11-12 23:38 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-24 09:02 - 2012-07-15 21:14 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\Adobe
2021-04-23 19:36 - 2015-09-01 05:57 - 000000000 ___RD C:\Users\Daniela_2\Dropbox
2021-04-22 14:54 - 2020-11-12 23:38 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-22 14:54 - 2020-11-12 23:38 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 20:29 - 2020-01-04 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-19 10:21 - 2020-11-12 23:27 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-19 10:03 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-18 15:33 - 2021-02-22 17:21 - 000039424 _____ C:\Users\Daniela_2\Downloads\Notgruppe Wechselunterricht 4.xls
2021-04-17 18:47 - 2020-01-04 19:04 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-17 14:53 - 2012-07-31 09:01 - 000000000 ___DC C:\Users\Daniela_2\Documents\My Digital Editions

==================== Files in the root of some directories ========

2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ () C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2016-12-11 21:15 - 2016-12-11 21:15 - 000000000 ____C () C:\Users\Daniela\AppData\Local\{E34785DD-D791-45FC-BB3D-4F10309E5D2D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---

Sweeny 15.05.2021 19:43
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Daniela (15-05-2021 20:34:21)
Running from C:\Users\Alexander\Downloads
Windows 10 Pro Version 20H2 19042.985 (X64) (2020-11-12 21:38:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-565462843-2377332638-636861087-500 - Administrator - Disabled)
Alexander (S-1-5-21-565462843-2377332638-636861087-1001 - Limited - Enabled) => C:\Users\Alexander
Daniela (S-1-5-21-565462843-2377332638-636861087-1000 - Administrator - Enabled) => C:\Users\Daniela
Daniela_2 (S-1-5-21-565462843-2377332638-636861087-1002 - Limited - Enabled) => C:\Users\Daniela_2
DefaultAccount (S-1-5-21-565462843-2377332638-636861087-503 - Limited - Disabled)
Gast (S-1-5-21-565462843-2377332638-636861087-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-565462843-2377332638-636861087-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-565462843-2377332638-636861087-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Bridge Start Meeting (HKLM-x32\...\Adobe_e5be561960de651ccc8f21c193701df) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.9 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{368B4CD9-A459-4A34-A303-AA63BC3B172A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
cewe-fotoservice.de (HKLM-x32\...\cewe-fotoservice.de) (Version: 6.4.4 - CEWE Stiftung u Co. KGaA)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\CopyTrans Suite) (Version: 4.017 - WindSolutions)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Diercke Globus Online (HKLM-x32\...\Diercke Globus Online) (Version: 3.1.0 - Imagon GmbH)
Digitale Schulbücher (HKLM-x32\...\{DE24A5DA-8CE2-4BF8-AE5E-125FBC70BE9B}) (Version: 1.1.0.65 - VBM Service GmbH)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 7.1.2 - CEWE Stiftung u Co. KGaA)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version:  - )
Elevated Installer (HKLM-x32\...\{1D2951A7-36F2-40F6-9428-54E742F6FBBE}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries) Hidden
Encuentros 1 Edición 3000 (HKLM-x32\...\{8DC02275-4598-4163-8DCC-84FA398789E8}) (Version: 1.0.3.0 - Cornelsen Verlag)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileZilla Client 3.51.0 (HKLM-x32\...\FileZilla Client) (Version: 3.51.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{0A696C9D-D446-46AC-BEA4-8BD449909481}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{0ed393fb-f601-48bb-8b9e-e4c9ec3853bf}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Gira Project Assistant 4.5 (HKLM-x32\...\{bc6ee074-0fda-4ce0-9101-1742d780ec21}) (Version: 4.5.0.6557 - Gira Giersiepen GmbH & Co. KG)
Gira Projekt Assistent 4.5 (HKLM-x32\...\{959A0D30-B65F-48EB-BA91-479E0D7A6B05}) (Version: 4.5.0.6557 - Gira Giersiepen GmbH & Co. KG) Hidden
Git version 2.30.0 (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Git_is1) (Version: 2.30.0 - The Git Development Community)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HL-3152CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{4B691388-E031-4268-A096-95173D1E6E0F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java(TM) SE Development Kit 14.0.2 (64-bit) (HKLM\...\{6D7FE298-9878-53C8-801B-76A251D18BB2}) (Version: 14.0.2.0 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 2.48.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.48.1 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
KNX ETS5 Compatibility Components V5.5.0 (HKLM-x32\...\{070C17B5-D0DB-443A-9504-0AF04FE91F1E}) (Version: 5.5.0.0 - KNX Association cvba) Hidden
KNX ETS5 v5.7.5 (HKLM-x32\...\{88361985-6e56-44b8-b096-6b029a18b03d}) (Version: 5.7.1373.39489 - KNX Association cvba)
KNX ETS5 v5.7.5 (HKLM-x32\...\{D0FDBD87-FB2C-4A94-ABC2-50A8CD772C0A}) (Version: 5.7.1373.39489 - KNX Association cvba) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes)
Maniac Mansion (HKLM-x32\...\1832758895_is1) (Version: 1.0 - GOG.com)
MD5 File Hasher 1.4 (HKLM-x32\...\MD5 File Hasher_is1) (Version:  - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1113.826 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM\...\{598EF772-9320-43B6-9D3C-A60A1F6A804E}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM-x32\...\{2773DECE-0FE5-4CA9-96A8-621E0185388F}) (Version: 15.0.600.33 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.34.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 87.0 (x64 de) (HKLM\...\Mozilla Firefox 87.0 (x64 de)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiCommander (x64) (HKLM\...\MultiCommander x64) (Version: 9.6.1.2582 - Mathias Svensson)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.5 - )
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.00 - Nmap Project)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PureSync (HKLM-x32\...\{904CE946-09F9-4DB9-8D00-9E2E66DF4239}) (Version: 6.2.2 - Jumping Bytes)
RAPID Mode (HKLM\...\{0EBB0FA7-1DBA-4B97-9B44-BD5CC451EEF2}) (Version: 1.0.0.103 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games)
Saal Design Software (HKLM-x32\...\{26B842A7-6A09-5DCF-0805-2B8984C1EA84}) (Version: 4.0 - Saal Digital Fotoservice GmbH) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 4.0 - Saal Digital Fotoservice GmbH)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Data Migration (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.06.28 - Meltytech, LLC)
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version:  - )
sv.net comfort (HKLM-x32\...\sv.net comfort) (Version: 20.1.0 - ITSG GmbH)
Sweet Home 3D version 6.4.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.4.2 - eTeks)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.1-15163 - Synology)
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3475 - Synology, Inc.)
Synology Cloud Station (remove only) (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Synology CloudStation) (Version:  - )
Synology Cloud Station Backup (remove only) (HKLM\...\Synology Cloud Station Backup) (Version: 4.2.6.4408 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.3.0.4435 - Synology, Inc.)
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer)
Toolkit Documentation (HKLM-x32\...\{2BBA97A1-176F-DA72-96DE-0FEA66AF3EFF}) (Version: 10.1.18362.1 - Microsoft) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Unterrichtsmanager (HKLM-x32\...\{5772F79F-40DA-496F-A364-7E8AF0746F5D}) (Version: 1.0.1405.801 - Cornelsen Schulverlage)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{86A64DD6-2619-4D30-B777-75568A3EE56D}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
VideoDownloaderUltimate (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.91 - Link64)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Community 2017 (HKLM-x32\...\97af953f) (Version: 15.9.28307.1321 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\WhatsApp) (Version: 0.4.2088 - WhatsApp)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinDirStat 1.1.2 (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\WinDirStat) (Version:  - )
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{fb450356-9879-4b2e-8dc9-282709286661}) (Version: 10.1.18362.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinMerge 2.16.0.0 x64 (HKLM\...\WinMerge_is1) (Version: 2.16.0.0 - Thingamahoochie Software)
Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)
XMedia Recode Version 3.1.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.8 - XMedia Recode)
Zoom (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\ZoomUMX) (Version: 5.4.1 (58698.1027) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2021-03-21] (Microsoft Corporation) [MS Ad]
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-06-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} =>  -> No File
ShellIconOverlayIdentifiers: [  05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} =>  -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1-x32: [GeoSetterShellExt] -> {7506374C-A693-427B-8DDD-99DAFB79433D} => E:\PROGRA~1\GEOSET~1\GEOSET~1.DLL -> No File
ContextMenuHandlers1: [GeoSetterShellExt64] -> {A50BD5C6-4B18-44F3-8D6D-62DE89A969E9} => E:\PROGRA~1\GEOSET~1\GEOSET~2.DLL -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6-x32: [GeoSetterShellExt] -> {7506374C-A693-427B-8DDD-99DAFB79433D} => E:\PROGRA~1\GEOSET~1\GEOSET~1.DLL -> No File
ContextMenuHandlers6: [GeoSetterShellExt64] -> {A50BD5C6-4B18-44F3-8D6D-62DE89A969E9} => E:\PROGRA~1\GEOSET~1\GEOSET~2.DLL -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-565462843-2377332638-636861087-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} =>  -> No File
ContextMenuHandlers6_S-1-5-21-565462843-2377332638-636861087-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2016-02-10 09:19 - 2016-02-09 09:15 - 000096256 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000274432 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll
2016-02-10 10:21 - 2016-02-09 09:15 - 000013824 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Internet Encodings.dll
2016-02-10 10:21 - 2016-02-09 09:15 - 001865216 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBGUIFramework.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 005340672 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000090112 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000031744 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
2016-02-10 09:19 - 2016-02-09 09:15 - 000293376 _____ () [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 021790171 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 003506395 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 002223218 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000033280 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000043008 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000032768 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000507904 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000239104 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000430080 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000834555 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000121524 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 003331103 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 001547595 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000691712 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000124430 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 001315328 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll
2016-02-17 11:19 - 2015-04-13 07:12 - 000053248 _____ (Datacolor) [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\dccmtr.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 004620288 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Core.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 003921408 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Gui.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 001448448 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Network.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 006133760 ____C (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\Qt5Widgets.dll
2019-02-17 11:27 - 2018-02-19 03:02 - 000202240 _____ (hxxp://winmerge.org) [File not signed] C:\Program Files\WinMerge\ShellExtensionX64.dll
2010-11-18 21:08 - 2010-11-18 21:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000065629 ____C (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\libwinpthread-1.dll
2019-01-03 12:11 - 2019-01-03 12:11 - 000824119 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\sqlite3.DLL
2013-08-06 15:52 - 2013-08-06 15:52 - 001281536 _____ (Synology Inc.) [File not signed] C:\Program Files (x86)\Synology Data Replicator  3\vssWin764.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 002781303 ____C (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\LIBEAY32.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 000809896 ____C (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\SSLEAY32.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 002822144 ____C (TODO: <Company name>) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-02-13 22:35 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\AOMEI Backupper;%SYSTEMROOT%\System32\OpenSSH\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-565462843-2377332638-636861087-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Control Panel\Desktop\\Wallpaper -> H:\Fotos\2019\Frieda_2019\Kalenderfotos_November\frieda-002.jpg
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniela_2\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Frieda-2019_01_22-003.jpeg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
LAN-Verbindung: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "launchOnStartup"
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{55CAA789-75B3-4FCA-8214-E07865B6FBDC}C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E1633AB0-97A3-41E4-A53E-915EAAA83035}C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CE788340-F605-421D-8FF3-CA3CC0EF1E24}C:\program files (x86)\gira\tks-communicator\tks-communicator.exe] => (Allow) C:\program files (x86)\gira\tks-communicator\tks-communicator.exe => No File
FirewallRules: [TCP Query User{AD2FFCE5-197F-4B35-9DC9-B492593060C9}C:\program files (x86)\gira\tks-communicator\tks-communicator.exe] => (Allow) C:\program files (x86)\gira\tks-communicator\tks-communicator.exe => No File
FirewallRules: [UDP Query User{8DEC5C2A-50D9-4ABD-A594-74FD4F5D1FDE}C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe => No File
FirewallRules: [TCP Query User{36C0A478-18FD-4300-844B-4D9C0410CA40}C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe => No File
FirewallRules: [UDP Query User{4BF21D08-AAAD-47B4-ACF2-26AD5ED62725}C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe => No File
FirewallRules: [TCP Query User{ED16257D-1ADF-4A9F-98A5-690359AC9FF6}C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe => No File
FirewallRules: [UDP Query User{9D391266-08FB-447D-892D-0EB0CECF0EAB}C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe] => (Allow) C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe => No File
FirewallRules: [TCP Query User{A4C7DD96-EFC5-4549-990D-9CE116EBC2BF}C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe] => (Allow) C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe => No File
FirewallRules: [{AAE95FEA-85CD-4028-A5A1-2EB812683457}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1E6735FE-0C08-49CE-8F7B-1DEDC13A460D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6AF40D22-915B-4FB9-976B-991984655605}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{080415CC-2ACC-4692-BE1E-E4A27E011713}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8A68AB7F-FCE8-45FB-AF87-D6F24B900EAC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EB71518-6B77-4673-877B-B907CBCCDAA6}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{CADB1434-9996-48AC-B2CC-8E09333DB45B}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{D709CCD3-7E76-430C-8992-613F422B5B0C}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{AAED9C16-950F-45F6-A039-BF15CD0F8816}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [UDP Query User{B4F4F3FC-5EA1-40C7-81E5-4A09A3A1B67A}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{D5126744-85D7-4A52-8304-A80B95D706CA}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{9EBEC148-2A01-4E33-A6AD-BC7673F3F36F}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{78F9492E-5FBB-4F72-9B9D-236C7ECDF7AE}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{AFA75C90-429F-4B39-80B8-BAC4E728C41F}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [TCP Query User{E96814A9-FC94-4DFB-B347-B496860EB61F}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{AEEC7785-7C79-4470-9AC9-C5689694093A}E:\programme\moodle\server\mysql\bin\mysqld.exe] => (Allow) E:\programme\moodle\server\mysql\bin\mysqld.exe => No File
FirewallRules: [TCP Query User{B410D241-C267-4AB6-AC7E-69CDB00977DF}E:\programme\moodle\server\mysql\bin\mysqld.exe] => (Allow) E:\programme\moodle\server\mysql\bin\mysqld.exe => No File
FirewallRules: [{86D560CE-5DE2-4DD1-AC46-B8F880DAB686}] => (Allow) C:\Users\Daniela\AppData\Local\Apps\2.0\QMZ1C5M7.CQQ\46V32XO8.QCE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{7A256D19-F0C1-4241-8DE9-4852A2EB3219}] => (Allow) C:\Users\Daniela\AppData\Local\Apps\2.0\QMZ1C5M7.CQQ\46V32XO8.QCE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{1548F67D-3F29-4BD4-B837-58906A66EF7A}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{383314EA-D4BC-4A7B-ADAF-1786BE9FD640}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{48052F57-61C7-4341-976B-48C5BC4407B3}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{0A7AB025-5395-4BAF-B0AB-E153CC2B41FB}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{E5F59835-76C4-4AEF-8DAD-E599F4A41304}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{0A547D25-F15F-4A3B-BFB7-B64CE31E3F6B}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{D83C555A-EF7A-45EE-95B4-650DB5467B5E}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{42BAB2EB-D8AB-4A4E-BCB7-9A37A76240FF}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{45ED6230-C9B8-4D09-82E3-CED1A6D9D71F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{5528DA7F-EFC0-4F42-AB5E-3E51F7D01FE9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{6F27145A-815B-427A-BEFB-27DCF71FBC47}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{AB18D25F-57D0-4708-BED5-E28744036A90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{476B8290-BB08-4DE1-A695-7DBBD373FE2A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{67DD2201-ED52-4B2E-834C-B5674007846C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{5D783FFB-A793-4BEE-8F9A-E44DE739CAEB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{C17A6886-4BAC-425F-8E24-DB6D35591C2A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{694D7876-7FA1-43B4-93D8-6403EC1D0A28}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{8B9EE56C-2ECC-4534-8671-155E3BBF441F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{98022E0D-5521-4296-8391-93AC26A3E4DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{05FB4CC1-8DE3-456B-8E87-6B8D33F98440}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{CB037463-1B6E-4DEE-ABC9-CE23FA686FC9}] => (Allow) E:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{249DC5AB-0D5E-4D2C-9925-F62D89359AB4}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe => No File
FirewallRules: [{80E5F4FC-82A7-46FD-B3BD-2D51269AE448}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe => No File
FirewallRules: [{FABF2069-DE19-47E3-949B-9587E469CD68}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe => No File
FirewallRules: [{0A302D0C-550F-41CD-9C6B-FAE7A6660111}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe => No File
FirewallRules: [TCP Query User{901687F5-E1BE-48CA-B7D3-6A977408A472}C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{C4ECB983-4AEF-4881-BB41-1FC941556C42}C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{E8AB70C8-1390-45C8-A30D-2B4EF53392A4}C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{64C2B278-B065-4DCB-8B1F-40FC111FB091}C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe => No File
FirewallRules: [TCP Query User{BB586E50-4195-4F18-97EE-72ACB75F2B9C}C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{914A8033-8C28-4EDB-85E9-4161E9905093}C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{0B04024D-306F-473A-BF3E-C9CC5B3F28D5}C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{F698BBCD-6B70-4CF3-9D8D-D5FF36BD8CB0}C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe => No File
FirewallRules: [{52AF1549-73FF-4FB8-9518-EB558253F27C}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{D725FA94-5970-43AF-98BE-6369A17405C5}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{BAD145E7-AB58-46CB-A637-711908F0AF98}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{6544ECC3-0638-427F-B75B-018692B1C83B}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [TCP Query User{03ED5189-0C44-477F-B547-C8F09E7B531C}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [UDP Query User{0D2EEB70-2C83-437B-9A14-133BBEFBBAB0}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [TCP Query User{584CA64F-9CAA-46F5-97E8-E93D2EA7D451}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [UDP Query User{DBD28CA4-5DC2-4BDC-A4CF-CA40CB40B6A1}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [TCP Query User{799AFFFA-3D23-488D-A5D7-E87D9A8ACBFD}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) [File not signed]
FirewallRules: [UDP Query User{8D8D0C25-0A95-43D5-AD32-2E9415851449}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) [File not signed]
FirewallRules: [TCP Query User{3641CD9C-6872-4DF2-9956-3C0B32C844E2}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{CFA2047C-2F6E-4B37-8E6E-012CC1F78E4F}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{C0EA3906-BCD0-4F86-8DD9-C3BE545E995B}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => No File
FirewallRules: [UDP Query User{CC6D968E-7E2A-4100-A8C0-4560B6F407B1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => No File
FirewallRules: [TCP Query User{6630C8D7-4E94-4F32-BB11-F9486F348E21}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{E6A33421-3676-43FD-9602-21B98D29B1EA}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [{38A9EF06-BB71-46C6-945D-96034E484A8C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1469B19-EF07-4960-92BD-429935153F45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{75F49C2D-E4BB-468A-98DD-5A27E06244F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40CBC498-7B3C-4525-AF4E-75958D2297F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF62BAF4-8DD9-41E4-A035-53CD03FBEBA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AC69356F-FF32-40BC-9737-3539408E50F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{61ACFAD5-C588-40D7-BC79-BE2108EE066D}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl)
FirewallRules: [UDP Query User{7AD714A4-90C2-466E-A98E-1A551ED16DB7}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl)
FirewallRules: [TCP Query User{9959DBBF-787C-4827-B15A-7DCFCAE213E8}C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe (Gira Giersiepen GmbH & Co. KG) [File not signed]
FirewallRules: [UDP Query User{8FA4E236-7B69-4E33-9F4E-08746C25D798}C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe (Gira Giersiepen GmbH & Co. KG) [File not signed]
FirewallRules: [{7C2C1C59-2294-4205-BFC5-7BC7B79F7C32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{456A0292-9FCC-411A-91B8-C3486B4F6ADD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EA4D5F54-48DE-469B-AF9E-3767A92DA5F4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A5A35596-02DD-41BE-B9FD-3C6AF433DFC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3B36DDD8-A774-4BA7-87E8-D81BD16D44DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D87186BC-E04A-4AD7-80E6-2CDBC86FA89E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4F913735-B180-4DE3-8CAF-C29F5B1AB862}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{91208837-6871-40F4-A39E-F2764F6361C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

12-05-2021 11:35:05 Windows Modules Installer
13-05-2021 12:14:28 Removed QuickTime 7

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/15/2021 08:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x1bcc
Startzeit der fehlerhaften Anwendung: 0x01d749b8ff2cbfcf
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 5b85b0ba-7654-49d3-9563-fd81c01ebefb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/15/2021 08:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x27f8
Startzeit der fehlerhaften Anwendung: 0x01d749b8f7e88616
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: f2073060-5485-4021-b045-8b365fe8ae01
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/15/2021 08:34:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2848
Startzeit der fehlerhaften Anwendung: 0x01d749b8f0922fd3
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: f1483226-f6f3-49ca-8400-39fd56c69d7e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/15/2021 08:34:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2180
Startzeit der fehlerhaften Anwendung: 0x01d749b8e9759a22
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 0f3ca448-e1e6-41a9-ac49-d9ed7deed37c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/15/2021 08:34:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x1920
Startzeit der fehlerhaften Anwendung: 0x01d749b8e251e5f4
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: b856e2f1-68ed-441a-ab74-6b6cd248a8b8
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/15/2021 08:33:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2954
Startzeit der fehlerhaften Anwendung: 0x01d749b8db2f7991
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 8d0a64c0-0e10-44b1-ae27-57d2a7d3cf9c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/15/2021 08:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0xa54
Startzeit der fehlerhaften Anwendung: 0x01d749b8d40f114e
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: e770c846-df0b-44d6-8f98-6679581fb32f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/15/2021 08:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x28e4
Startzeit der fehlerhaften Anwendung: 0x01d749b8ccebf176
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: b2cff48c-38b4-4b55-a770-ee5cef2b03de
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (05/15/2021 08:24:35 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/15/2021 08:24:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HuaweiHiSuiteService64.exe" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (05/13/2021 08:26:26 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{9AA46009-3CE0-458A-A354-715610A075E6}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/13/2021 07:52:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HuaweiHiSuiteService64.exe" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/13/2021 07:35:23 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/13/2021 07:35:23 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/13/2021 07:35:23 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/13/2021 07:35:23 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


Windows Defender:
================
Date: 2021-05-13 08:42:19
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A5C7AD69-10D0-4EEF-8DE5-21D2CD29A62B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\Netzwerkdienst

Date: 2021-05-12 15:40:42
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {AF240971-446E-4A2D-ABBE-781272221BA2}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-05-12 11:44:03
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {64005E21-B5AD-413B-B629-722F2E9BA944}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: PC\Alexander

Date: 2021-05-12 07:43:01
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {394DA5D5-86C2-49A3-8847-56B778F8D73A}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\Netzwerkdienst

Date: 2021-05-11 15:11:52
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {9FEF9F91-E5FE-4DFC-AD21-8604B427BB2D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-05-06 07:38:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.339.42.0
%Vorherige Version der Sicherheitsinformationen: 1.337.639.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.6
%Vorherige Modulversion: 1.1.18100.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-05-06 07:38:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.339.42.0
%Vorherige Version der Sicherheitsinformationen: 1.337.639.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.6
%Vorherige Modulversion: 1.1.18100.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-05-06 07:38:56
Description:
Fehler von Microsoft Defender Antivirus beim Aktualisieren des Moduls.
Neue Modulversion: 1.1.18100.6
Vorherige Modulversion: 1.1.18100.5
Benutzer: NT-AUTORITÄT\SYSTEM
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-04-28 18:00:03
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.337.117.0
%Vorherige Version der Sicherheitsinformationen: 1.335.1693.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.5
%Vorherige Modulversion: 1.1.18000.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-04-28 18:00:03
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.337.117.0
%Vorherige Version der Sicherheitsinformationen: 1.335.1693.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.5
%Vorherige Modulversion: 1.1.18000.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

CodeIntegrity:
===============
Date: 2021-05-15 08:55:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F11a 11/13/2013
Motherboard: Gigabyte Technology Co., Ltd. Z77-DS3H
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 55%
Total physical RAM: 8079.84 MB
Available physical RAM: 3593.53 MB
Total Virtual: 16271.84 MB
Available Virtual: 11978.32 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:837.87 GB) (Free:341.13 GB) NTFS
Drive d: (Programme) (Fixed) (Total:488.28 GB) (Free:319.34 GB) NTFS
Drive e: (Daten) (Fixed) (Total:976.56 GB) (Free:17.82 GB) NTFS
Drive f: (Daten_2) (Fixed) (Total:398.05 GB) (Free:2.88 GB) NTFS
Drive h: (Daten_3) (Fixed) (Total:2794.39 GB) (Free:1553.61 GB) NTFS

\\?\Volume{c0cedc76-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0CEDC76)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=837.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00007119)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: 00060924)

Partition: GPT.

==================== End of Addition.txt =======================

M-K-D-B 15.05.2021 20:08
Schritt 1 wird ein etwas dauern, also bitte gedulde dich.





Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
    C:\Program Files\Common Files\AV
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
    GroupPolicy: Restriction ? <==== ATTENTION
    GroupPolicy\User: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    Task: {04620E3E-9FF6-47C3-A01D-3391D0960B5E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {1B78249E-0F85-4595-AD1B-CCAB4B056072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {24F345DF-CDEF-4C26-AD31-EAF482740CED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {2D8ADC5D-837C-4828-AA64-3FC4C3079E99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {5A9BE10E-CDC1-4CB2-B604-82B206E024CF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} - System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
    Task: {730AC712-A578-4E65-9B1C-81CDB7383A0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7D264AAA-6A33-4C26-BBF6-E2793D0725E8} - System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
    Task: {817196E8-49EA-44B0-9801-06263B2B7759} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {83B0D73A-F964-44E7-8F91-623ED70F52B5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {982191EA-C967-4C55-89E1-98A29DCF2D7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A571E058-5154-4DEF-A1FD-35E525B5A7D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {A698037E-D4C5-48F7-9873-E12612DF4122} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {DFB52FB2-5D05-488A-A154-428C6E6F1FC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {E44C1574-A4D3-44BD-B903-47238C91A761} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    ProxyEnable: [S-1-5-21-565462843-2377332638-636861087-1002] => Proxy is enabled.
    ProxyServer: [S-1-5-21-565462843-2377332638-636861087-1002] => http=127.0.0.1:8082
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
    S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
    U3 idsvc; no ImagePath
    U4 npcap_wifi; no ImagePath
    S1 UimBus; \SystemRoot\System32\drivers\uimbus.sys [X]
    S1 Uim_DEVIM; \SystemRoot\System32\drivers\uimdevim.sys [X]
    2021-05-13 13:18 - 2021-05-13 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
    2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\AviraSpeedup
    2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\Avira
    2021-05-13 13:07 - 2021-05-13 13:07 - 006554200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alexander\Downloads\avira_de_asu80_1191873915-1620901252__poptws.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
    HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    CMD: fltmc instances
    CMD: netsh int ip reset
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: Bitsadmin /Reset /Allusers
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
    CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
    powershell: Set-MpPreference -PUAProtection Enabled
    powershell: Set-MpPreference -DisableScanningNetworkFiles 0
    CMD: DISM /Online /Cleanup-image /Restorehealth
    Hosts:
    RemoveProxy:
    SystemRestore: On
    Reboot:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 3
  • Starte FRST erneut und klicke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei des FRST-Fix (fixlog.txt)
  • die Logdatei von AdwCleaner
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Sweeny 16.05.2021 12:28
Ganz vielen Dank für Deine Unterstützung. Hier die Dateien... Der Rechner friert immer noch macnhmal 2-5 Sekunden ein, zum Beispiel wenn man eine Tastatureingabe vornimmt.

Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-16-2021
# Duration: 00:00:12
# OS:      Windows 10 Pro
# Scanned:  31985
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy            Search By ZoneAlarm

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2010 octets] - [04/01/2021 10:21:47]
AdwCleaner[C00].txt - [2068 octets] - [04/01/2021 10:22:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Daniela (16-05-2021 13:26:38)
Running from C:\Users\Alexander\Downloads
Windows 10 Pro Version 20H2 19042.985 (X64) (2020-11-12 21:38:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-565462843-2377332638-636861087-500 - Administrator - Disabled)
Alexander (S-1-5-21-565462843-2377332638-636861087-1001 - Limited - Enabled) => C:\Users\Alexander
Daniela (S-1-5-21-565462843-2377332638-636861087-1000 - Administrator - Enabled) => C:\Users\Daniela
Daniela_2 (S-1-5-21-565462843-2377332638-636861087-1002 - Limited - Enabled) => C:\Users\Daniela_2
DefaultAccount (S-1-5-21-565462843-2377332638-636861087-503 - Limited - Disabled)
Gast (S-1-5-21-565462843-2377332638-636861087-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-565462843-2377332638-636861087-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-565462843-2377332638-636861087-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Bridge Start Meeting (HKLM-x32\...\Adobe_e5be561960de651ccc8f21c193701df) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.9 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{368B4CD9-A459-4A34-A303-AA63BC3B172A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
cewe-fotoservice.de (HKLM-x32\...\cewe-fotoservice.de) (Version: 6.4.4 - CEWE Stiftung u Co. KGaA)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\CopyTrans Suite) (Version: 4.017 - WindSolutions)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Diercke Globus Online (HKLM-x32\...\Diercke Globus Online) (Version: 3.1.0 - Imagon GmbH)
Digitale Schulbücher (HKLM-x32\...\{DE24A5DA-8CE2-4BF8-AE5E-125FBC70BE9B}) (Version: 1.1.0.65 - VBM Service GmbH)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 7.1.2 - CEWE Stiftung u Co. KGaA)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version:  - )
Elevated Installer (HKLM-x32\...\{1D2951A7-36F2-40F6-9428-54E742F6FBBE}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries) Hidden
Encuentros 1 Edición 3000 (HKLM-x32\...\{8DC02275-4598-4163-8DCC-84FA398789E8}) (Version: 1.0.3.0 - Cornelsen Verlag)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileZilla Client 3.51.0 (HKLM-x32\...\FileZilla Client) (Version: 3.51.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{0A696C9D-D446-46AC-BEA4-8BD449909481}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{0ed393fb-f601-48bb-8b9e-e4c9ec3853bf}) (Version: 7.4.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Gira Project Assistant 4.5 (HKLM-x32\...\{bc6ee074-0fda-4ce0-9101-1742d780ec21}) (Version: 4.5.0.6557 - Gira Giersiepen GmbH & Co. KG)
Gira Projekt Assistent 4.5 (HKLM-x32\...\{959A0D30-B65F-48EB-BA91-479E0D7A6B05}) (Version: 4.5.0.6557 - Gira Giersiepen GmbH & Co. KG) Hidden
Git version 2.30.0 (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Git_is1) (Version: 2.30.0 - The Git Development Community)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HL-3152CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{4B691388-E031-4268-A096-95173D1E6E0F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java(TM) SE Development Kit 14.0.2 (64-bit) (HKLM\...\{6D7FE298-9878-53C8-801B-76A251D18BB2}) (Version: 14.0.2.0 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 2.48.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.48.1 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
KNX ETS5 Compatibility Components V5.5.0 (HKLM-x32\...\{070C17B5-D0DB-443A-9504-0AF04FE91F1E}) (Version: 5.5.0.0 - KNX Association cvba) Hidden
KNX ETS5 v5.7.5 (HKLM-x32\...\{88361985-6e56-44b8-b096-6b029a18b03d}) (Version: 5.7.1373.39489 - KNX Association cvba)
KNX ETS5 v5.7.5 (HKLM-x32\...\{D0FDBD87-FB2C-4A94-ABC2-50A8CD772C0A}) (Version: 5.7.1373.39489 - KNX Association cvba) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes)
Maniac Mansion (HKLM-x32\...\1832758895_is1) (Version: 1.0 - GOG.com)
MD5 File Hasher 1.4 (HKLM-x32\...\MD5 File Hasher_is1) (Version:  - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1113.826 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM\...\{598EF772-9320-43B6-9D3C-A60A1F6A804E}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM-x32\...\{2773DECE-0FE5-4CA9-96A8-621E0185388F}) (Version: 15.0.600.33 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.34.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 87.0 (x64 de) (HKLM\...\Mozilla Firefox 87.0 (x64 de)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiCommander (x64) (HKLM\...\MultiCommander x64) (Version: 9.6.1.2582 - Mathias Svensson)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.5 - )
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.00 - Nmap Project)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PureSync (HKLM-x32\...\{904CE946-09F9-4DB9-8D00-9E2E66DF4239}) (Version: 6.2.2 - Jumping Bytes)
RAPID Mode (HKLM\...\{0EBB0FA7-1DBA-4B97-9B44-BD5CC451EEF2}) (Version: 1.0.0.103 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games)
Saal Design Software (HKLM-x32\...\{26B842A7-6A09-5DCF-0805-2B8984C1EA84}) (Version: 4.0 - Saal Digital Fotoservice GmbH) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 4.0 - Saal Digital Fotoservice GmbH)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Data Migration (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.06.28 - Meltytech, LLC)
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version:  - )
sv.net comfort (HKLM-x32\...\sv.net comfort) (Version: 20.1.0 - ITSG GmbH)
Sweet Home 3D version 6.4.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.4.2 - eTeks)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.1-15163 - Synology)
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3475 - Synology, Inc.)
Synology Cloud Station (remove only) (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Synology CloudStation) (Version:  - )
Synology Cloud Station Backup (remove only) (HKLM\...\Synology Cloud Station Backup) (Version: 4.2.6.4408 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.3.0.4435 - Synology, Inc.)
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer)
Toolkit Documentation (HKLM-x32\...\{2BBA97A1-176F-DA72-96DE-0FEA66AF3EFF}) (Version: 10.1.18362.1 - Microsoft) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Unterrichtsmanager (HKLM-x32\...\{5772F79F-40DA-496F-A364-7E8AF0746F5D}) (Version: 1.0.1405.801 - Cornelsen Schulverlage)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{86A64DD6-2619-4D30-B777-75568A3EE56D}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
VideoDownloaderUltimate (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.91 - Link64)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Community 2017 (HKLM-x32\...\97af953f) (Version: 15.9.28307.1321 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\WhatsApp) (Version: 0.4.2088 - WhatsApp)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinDirStat 1.1.2 (HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\WinDirStat) (Version:  - )
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{fb450356-9879-4b2e-8dc9-282709286661}) (Version: 10.1.18362.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinMerge 2.16.0.0 x64 (HKLM\...\WinMerge_is1) (Version: 2.16.0.0 - Thingamahoochie Software)
Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)
XMedia Recode Version 3.1.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.8 - XMedia Recode)
Zoom (HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\ZoomUMX) (Version: 5.4.1 (58698.1027) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2021-03-21] (Microsoft Corporation) [MS Ad]
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-06-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
CustomCLSID: HKU\S-1-5-21-565462843-2377332638-636861087-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Alexander\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll -> No File
ShellIconOverlayIdentifiers: [  04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} =>  -> No File
ShellIconOverlayIdentifiers: [  05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} =>  -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1-x32: [GeoSetterShellExt] -> {7506374C-A693-427B-8DDD-99DAFB79433D} => E:\PROGRA~1\GEOSET~1\GEOSET~1.DLL -> No File
ContextMenuHandlers1: [GeoSetterShellExt64] -> {A50BD5C6-4B18-44F3-8D6D-62DE89A969E9} => E:\PROGRA~1\GEOSET~1\GEOSET~2.DLL -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers2: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [PureSync] -> {D1079645-619B-4d0b-8FD5-1008B95134E1} => C:\Program Files (x86)\Jumping Bytes\PureSync\psshell64.dll [2010-12-21] (Jumping Bytes - Dipl.-Ing. Christoph Guentner -> Jumping Bytes)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2018-02-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6-x32: [GeoSetterShellExt] -> {7506374C-A693-427B-8DDD-99DAFB79433D} => E:\PROGRA~1\GEOSET~1\GEOSET~1.DLL -> No File
ContextMenuHandlers6: [GeoSetterShellExt64] -> {A50BD5C6-4B18-44F3-8D6D-62DE89A969E9} => E:\PROGRA~1\GEOSET~1\GEOSET~2.DLL -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-565462843-2377332638-636861087-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} =>  -> No File
ContextMenuHandlers6_S-1-5-21-565462843-2377332638-636861087-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2020-05-24 18:11 - 2020-05-24 18:11 - 001315328 ____C () [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll
2019-02-17 11:27 - 2018-02-19 03:02 - 000202240 _____ (hxxp://winmerge.org) [File not signed] C:\Program Files\WinMerge\ShellExtensionX64.dll
2010-11-18 21:08 - 2010-11-18 21:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-08-06 15:52 - 2013-08-06 15:52 - 001281536 _____ (Synology Inc.) [File not signed] C:\Program Files (x86)\Synology Data Replicator  3\vssWin764.dll
2020-05-24 18:11 - 2020-05-24 18:11 - 002822144 ____C (TODO: <Company name>) [File not signed] C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-02-13 22:35 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\AOMEI Backupper;%SYSTEMROOT%\System32\OpenSSH\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-565462843-2377332638-636861087-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Control Panel\Desktop\\Wallpaper -> H:\Fotos\2019\Frieda_2019\Kalenderfotos_November\frieda-002.jpg
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniela_2\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Frieda-2019_01_22-003.jpeg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
LAN-Verbindung: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "launchOnStartup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{55CAA789-75B3-4FCA-8214-E07865B6FBDC}C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E1633AB0-97A3-41E4-A53E-915EAAA83035}C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\alexander\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CE788340-F605-421D-8FF3-CA3CC0EF1E24}C:\program files (x86)\gira\tks-communicator\tks-communicator.exe] => (Allow) C:\program files (x86)\gira\tks-communicator\tks-communicator.exe => No File
FirewallRules: [TCP Query User{AD2FFCE5-197F-4B35-9DC9-B492593060C9}C:\program files (x86)\gira\tks-communicator\tks-communicator.exe] => (Allow) C:\program files (x86)\gira\tks-communicator\tks-communicator.exe => No File
FirewallRules: [UDP Query User{8DEC5C2A-50D9-4ABD-A594-74FD4F5D1FDE}C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe => No File
FirewallRules: [TCP Query User{36C0A478-18FD-4300-844B-4D9C0410CA40}C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.3\gira project assistant.exe => No File
FirewallRules: [UDP Query User{4BF21D08-AAAD-47B4-ACF2-26AD5ED62725}C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe => No File
FirewallRules: [TCP Query User{ED16257D-1ADF-4A9F-98A5-690359AC9FF6}C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.2\gira project assistant.exe => No File
FirewallRules: [UDP Query User{9D391266-08FB-447D-892D-0EB0CECF0EAB}C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe] => (Allow) C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe => No File
FirewallRules: [TCP Query User{A4C7DD96-EFC5-4549-990D-9CE116EBC2BF}C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe] => (Allow) C:\program files (x86)\gira\tks-ip-gateway\tks-ip-gateway-finder.exe => No File
FirewallRules: [{AAE95FEA-85CD-4028-A5A1-2EB812683457}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1E6735FE-0C08-49CE-8F7B-1DEDC13A460D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6AF40D22-915B-4FB9-976B-991984655605}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{080415CC-2ACC-4692-BE1E-E4A27E011713}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8A68AB7F-FCE8-45FB-AF87-D6F24B900EAC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EB71518-6B77-4673-877B-B907CBCCDAA6}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{CADB1434-9996-48AC-B2CC-8E09333DB45B}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{D709CCD3-7E76-430C-8992-613F422B5B0C}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{AAED9C16-950F-45F6-A039-BF15CD0F8816}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [UDP Query User{B4F4F3FC-5EA1-40C7-81E5-4A09A3A1B67A}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{D5126744-85D7-4A52-8304-A80B95D706CA}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{9EBEC148-2A01-4E33-A6AD-BC7673F3F36F}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{78F9492E-5FBB-4F72-9B9D-236C7ECDF7AE}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{AFA75C90-429F-4B39-80B8-BAC4E728C41F}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [TCP Query User{E96814A9-FC94-4DFB-B347-B496860EB61F}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{AEEC7785-7C79-4470-9AC9-C5689694093A}E:\programme\moodle\server\mysql\bin\mysqld.exe] => (Allow) E:\programme\moodle\server\mysql\bin\mysqld.exe => No File
FirewallRules: [TCP Query User{B410D241-C267-4AB6-AC7E-69CDB00977DF}E:\programme\moodle\server\mysql\bin\mysqld.exe] => (Allow) E:\programme\moodle\server\mysql\bin\mysqld.exe => No File
FirewallRules: [{86D560CE-5DE2-4DD1-AC46-B8F880DAB686}] => (Allow) C:\Users\Daniela\AppData\Local\Apps\2.0\QMZ1C5M7.CQQ\46V32XO8.QCE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{7A256D19-F0C1-4241-8DE9-4852A2EB3219}] => (Allow) C:\Users\Daniela\AppData\Local\Apps\2.0\QMZ1C5M7.CQQ\46V32XO8.QCE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{1548F67D-3F29-4BD4-B837-58906A66EF7A}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{383314EA-D4BC-4A7B-ADAF-1786BE9FD640}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{48052F57-61C7-4341-976B-48C5BC4407B3}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{0A7AB025-5395-4BAF-B0AB-E153CC2B41FB}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{E5F59835-76C4-4AEF-8DAD-E599F4A41304}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{0A547D25-F15F-4A3B-BFB7-B64CE31E3F6B}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{D83C555A-EF7A-45EE-95B4-650DB5467B5E}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{42BAB2EB-D8AB-4A4E-BCB7-9A37A76240FF}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe => No File
FirewallRules: [{45ED6230-C9B8-4D09-82E3-CED1A6D9D71F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{5528DA7F-EFC0-4F42-AB5E-3E51F7D01FE9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{6F27145A-815B-427A-BEFB-27DCF71FBC47}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{AB18D25F-57D0-4708-BED5-E28744036A90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{476B8290-BB08-4DE1-A695-7DBBD373FE2A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{67DD2201-ED52-4B2E-834C-B5674007846C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{5D783FFB-A793-4BEE-8F9A-E44DE739CAEB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{C17A6886-4BAC-425F-8E24-DB6D35591C2A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{694D7876-7FA1-43B4-93D8-6403EC1D0A28}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{8B9EE56C-2ECC-4534-8671-155E3BBF441F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{98022E0D-5521-4296-8391-93AC26A3E4DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{05FB4CC1-8DE3-456B-8E87-6B8D33F98440}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{CB037463-1B6E-4DEE-ABC9-CE23FA686FC9}] => (Allow) E:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{249DC5AB-0D5E-4D2C-9925-F62D89359AB4}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe => No File
FirewallRules: [{80E5F4FC-82A7-46FD-B3BD-2D51269AE448}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe => No File
FirewallRules: [{FABF2069-DE19-47E3-949B-9587E469CD68}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe => No File
FirewallRules: [{0A302D0C-550F-41CD-9C6B-FAE7A6660111}] => (Allow) E:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe => No File
FirewallRules: [TCP Query User{901687F5-E1BE-48CA-B7D3-6A977408A472}C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{C4ECB983-4AEF-4881-BB41-1FC941556C42}C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{E8AB70C8-1390-45C8-A30D-2B4EF53392A4}C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{64C2B278-B065-4DCB-8B1F-40FC111FB091}C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Block) C:\users\daniela\appdata\local\temp\rarsfx0\x64\pcsftool.exe => No File
FirewallRules: [TCP Query User{BB586E50-4195-4F18-97EE-72ACB75F2B9C}C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{914A8033-8C28-4EDB-85E9-4161E9905093}C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{0B04024D-306F-473A-BF3E-C9CC5B3F28D5}C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{F698BBCD-6B70-4CF3-9D8D-D5FF36BD8CB0}C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\daniela\appdata\local\temp\rarsfx1\x64\pcsftool.exe => No File
FirewallRules: [{52AF1549-73FF-4FB8-9518-EB558253F27C}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{D725FA94-5970-43AF-98BE-6369A17405C5}] => (Allow) C:\Users\Alexander\AppData\Local\Apps\2.0\V7AT4666.215\D7MDN8AB.PXR\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{BAD145E7-AB58-46CB-A637-711908F0AF98}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [{6544ECC3-0638-427F-B75B-018692B1C83B}] => (Allow) C:\Users\Daniela_2\AppData\Local\Apps\2.0\BH2PTDWE.ZAJ\ZPYPR21H.0J5\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [TCP Query User{03ED5189-0C44-477F-B547-C8F09E7B531C}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [UDP Query User{0D2EEB70-2C83-437B-9A14-133BBEFBBAB0}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [TCP Query User{584CA64F-9CAA-46F5-97E8-E93D2EA7D451}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [UDP Query User{DBD28CA4-5DC2-4BDC-A4CF-CA40CB40B6A1}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Block) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe (Link64 GmbH -> Link64 GmbH)
FirewallRules: [TCP Query User{799AFFFA-3D23-488D-A5D7-E87D9A8ACBFD}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) [File not signed]
FirewallRules: [UDP Query User{8D8D0C25-0A95-43D5-AD32-2E9415851449}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) [File not signed]
FirewallRules: [TCP Query User{3641CD9C-6872-4DF2-9956-3C0B32C844E2}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{CFA2047C-2F6E-4B37-8E6E-012CC1F78E4F}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{C0EA3906-BCD0-4F86-8DD9-C3BE545E995B}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => No File
FirewallRules: [UDP Query User{CC6D968E-7E2A-4100-A8C0-4560B6F407B1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => No File
FirewallRules: [TCP Query User{6630C8D7-4E94-4F32-BB11-F9486F348E21}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{E6A33421-3676-43FD-9602-21B98D29B1EA}C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\daniela_2\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [{38A9EF06-BB71-46C6-945D-96034E484A8C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1469B19-EF07-4960-92BD-429935153F45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{75F49C2D-E4BB-468A-98DD-5A27E06244F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40CBC498-7B3C-4525-AF4E-75958D2297F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF62BAF4-8DD9-41E4-A035-53CD03FBEBA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AC69356F-FF32-40BC-9737-3539408E50F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{61ACFAD5-C588-40D7-BC79-BE2108EE066D}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl)
FirewallRules: [UDP Query User{7AD714A4-90C2-466E-A98E-1A551ED16DB7}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl)
FirewallRules: [TCP Query User{9959DBBF-787C-4827-B15A-7DCFCAE213E8}C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe (Gira Giersiepen GmbH & Co. KG) [File not signed]
FirewallRules: [UDP Query User{8FA4E236-7B69-4E33-9F4E-08746C25D798}C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe] => (Allow) C:\program files (x86)\gira\gira project assistant\4.5\gira project assistant.exe (Gira Giersiepen GmbH & Co. KG) [File not signed]
FirewallRules: [{7C2C1C59-2294-4205-BFC5-7BC7B79F7C32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{456A0292-9FCC-411A-91B8-C3486B4F6ADD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EA4D5F54-48DE-469B-AF9E-3767A92DA5F4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A5A35596-02DD-41BE-B9FD-3C6AF433DFC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3B36DDD8-A774-4BA7-87E8-D81BD16D44DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D87186BC-E04A-4AD7-80E6-2CDBC86FA89E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4F913735-B180-4DE3-8CAF-C29F5B1AB862}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{91208837-6871-40F4-A39E-F2764F6361C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

12-05-2021 11:35:05 Windows Modules Installer
13-05-2021 12:14:28 Removed QuickTime 7

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/16/2021 01:27:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x6c8
Startzeit der fehlerhaften Anwendung: 0x01d74a466c4a0fb4
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: bbae6be0-8ac4-4998-8988-af290f2a2b89
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/16/2021 01:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2fd0
Startzeit der fehlerhaften Anwendung: 0x01d74a4664e612ea
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 9d29cd42-1216-4766-b09b-052cf6f268ba
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/16/2021 01:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x830
Startzeit der fehlerhaften Anwendung: 0x01d74a465d7846ed
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 11b33bf1-fc93-4b92-9668-ba3f6e90aa97
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/16/2021 01:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0x01d74a4655b61303
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: d61360de-eaa7-4320-af4e-95eb65719e17
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/16/2021 01:26:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x21dc
Startzeit der fehlerhaften Anwendung: 0x01d74a464e684e69
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: d1ea7147-35e3-455b-8853-f84d57650ab0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/16/2021 01:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2bb8
Startzeit der fehlerhaften Anwendung: 0x01d74a46471c3b14
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: c96b2949-c194-4394-93f3-a098baf3d743
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/16/2021 01:26:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2604
Startzeit der fehlerhaften Anwendung: 0x01d74a463f8c68b7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 2f506c39-f685-4bd6-9d3e-49d152ecb4bc
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/16/2021 01:25:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 10.0.19041.1, Zeitstempel: 0x60c3fe88
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.964, Zeitstempel: 0x812662a7
Ausnahmecode: 0x00000675
Fehleroffset: 0x000000000010b39c
ID des fehlerhaften Prozesses: 0x2514
Startzeit der fehlerhaften Anwendung: 0x01d74a46383d33cb
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\ctfmon.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 9b78161b-2f9c-43cd-bb13-14bb206c3e3c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (05/16/2021 12:59:07 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/16/2021 12:58:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2021 12:58:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Mobile Broadband HL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2021 12:58:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2021 12:58:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2021 12:58:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SNMP-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2021 12:58:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Samsung RAPID Mode Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2021 12:58:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cloud Station Backup VSS Service x64" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Windows Defender:
================
Date: 2021-05-13 08:42:19
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A5C7AD69-10D0-4EEF-8DE5-21D2CD29A62B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\Netzwerkdienst

Date: 2021-05-12 15:40:42
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {AF240971-446E-4A2D-ABBE-781272221BA2}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-05-12 11:44:03
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {64005E21-B5AD-413B-B629-722F2E9BA944}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: PC\Alexander

Date: 2021-05-12 07:43:01
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {394DA5D5-86C2-49A3-8847-56B778F8D73A}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\Netzwerkdienst

Date: 2021-05-11 15:11:52
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {9FEF9F91-E5FE-4DFC-AD21-8604B427BB2D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-05-06 07:38:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.339.42.0
%Vorherige Version der Sicherheitsinformationen: 1.337.639.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.6
%Vorherige Modulversion: 1.1.18100.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-05-06 07:38:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.339.42.0
%Vorherige Version der Sicherheitsinformationen: 1.337.639.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.6
%Vorherige Modulversion: 1.1.18100.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-05-06 07:38:56
Description:
Fehler von Microsoft Defender Antivirus beim Aktualisieren des Moduls.
Neue Modulversion: 1.1.18100.6
Vorherige Modulversion: 1.1.18100.5
Benutzer: NT-AUTORITÄT\SYSTEM
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-04-28 18:00:03
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.337.117.0
%Vorherige Version der Sicherheitsinformationen: 1.335.1693.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.5
%Vorherige Modulversion: 1.1.18000.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2021-04-28 18:00:03
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.337.117.0
%Vorherige Version der Sicherheitsinformationen: 1.335.1693.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18100.5
%Vorherige Modulversion: 1.1.18000.5
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

CodeIntegrity:
===============
Date: 2021-05-16 13:04:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F11a 11/13/2013
Motherboard: Gigabyte Technology Co., Ltd. Z77-DS3H
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 82%
Total physical RAM: 8079.84 MB
Available physical RAM: 1410.12 MB
Total Virtual: 16271.84 MB
Available Virtual: 9069.13 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:837.87 GB) (Free:338.82 GB) NTFS
Drive d: (Programme) (Fixed) (Total:488.28 GB) (Free:319.34 GB) NTFS
Drive e: (Daten) (Fixed) (Total:976.56 GB) (Free:17.82 GB) NTFS
Drive f: (Daten_2) (Fixed) (Total:398.05 GB) (Free:2.88 GB) NTFS
Drive h: (Daten_3) (Fixed) (Total:2794.39 GB) (Free:1553.61 GB) NTFS

\\?\Volume{c0cedc76-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0CEDC76)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=837.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 00007119)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: 00060924)

Partition: GPT.

==================== End of Addition.txt =======================

Sweeny 16.05.2021 12:29

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by Daniela (administrator) on PC (16-05-2021 13:24:39)
Running from C:\Users\Alexander\Downloads
Loaded Profiles: Daniela & Alexander
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-08-29] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [MD5 File Hasher] => C:\Program Files (x86)\MD5 File Hasher\MD5FileHasher -s
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33031648 2021-05-06] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-30] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [PureSync] => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncTray.exe [1433888 2021-01-12] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [8030280 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [3F39F816CD7BDDEEE521D84DB3B9E481A1B62B66._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [Amazon Music] => C:\Users\Daniela_2\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2746184 2016-08-22] (Link64 GmbH -> Link64 GmbH)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [PTOneClick] => C:\Users\Daniela_2\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe /AutoRunning="1"
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [CiscoMeetingDaemon] => "C:\Users\Daniela_2\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [110264 2013-04-09] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Winlogon\GPExtensions: [{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}] -> %SystemRoot%\System32\RdpGroupPolicyExtension.dll
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-16]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-11-30]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) [File not signed]
Startup: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-13]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04291AB8-1BFF-482D-A354-0DAA63096B83} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [880 2020-09-25] () [File not signed]
Task: {04620E3E-9FF6-47C3-A01D-3391D0960B5E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {157F03BB-812E-48C2-978F-EB0066E01444} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe
Task: {1962D670-73A2-4161-9A19-96A76222E178} - System32\Tasks\JumpingBytes\PureSyncElvDaniela => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncHelper.exe [168304 2020-12-29] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
Task: {1B78249E-0F85-4595-AD1B-CCAB4B056072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D915986-CA90-4D97-B368-5FDEF41966A6} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {1E639B88-7427-4D46-BDE4-EED2D5F7C033} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe
Task: {24F345DF-CDEF-4C26-AD31-EAF482740CED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2D8ADC5D-837C-4828-AA64-3FC4C3079E99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2EBB0D39-C126-4B26-8B72-90B964C712B3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-04-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {37892A5E-D1D4-452D-ADFE-6422BB2D4776} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {3B3F30A3-9CD8-4F03-B0DF-8C8B6A87E0C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {4426CA6A-6D63-4546-9887-23745332C150} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Alexander\Downloads\adwcleaner_8.0.8.exe [8447152 2021-01-04] (Malwarebytes Inc -> Malwarebytes)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {49F6C337-FA53-4D3B-843D-BED1B91BE776} - System32\Tasks\{54BA2233-CCFA-4261-A274-CCA9C78F9057} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.13.0.101/de/abandoninstall?page=tsProgressBar
Task: {5A9BE10E-CDC1-4CB2-B604-82B206E024CF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5DF044AA-F71D-465A-A02D-9661F829562B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {64942FCF-CA04-4B9F-93AF-EE4F9D5143C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} - System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {730AC712-A578-4E65-9B1C-81CDB7383A0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D264AAA-6A33-4C26-BBF6-E2793D0725E8} - System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {817196E8-49EA-44B0-9801-06263B2B7759} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {83B0D73A-F964-44E7-8F91-623ED70F52B5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {982191EA-C967-4C55-89E1-98A29DCF2D7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A1A1065C-53BB-44A2-AB31-FF1A14B21F33} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-30] (Garmin International, Inc. -> )
Task: {A22B84F6-6C73-4A07-B406-F3E8401D1215} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A571E058-5154-4DEF-A1FD-35E525B5A7D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A698037E-D4C5-48F7-9873-E12612DF4122} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B94B5459-13C5-4CFC-AEFB-0D44C00DDBBA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D73272D8-6B30-42B4-9F86-9D193D236005} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DA7D7AEF-5F67-4FE5-A4B2-A48329BB6822} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {DC1F9E36-2BB2-4476-9905-DC43F652CE24} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {DFB52FB2-5D05-488A-A154-428C6E6F1FC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E44C1574-A4D3-44BD-B903-47238C91A761} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E61B52C4-BD2A-4CEF-99C4-F3F3234E3778} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {FCCFE89B-E986-4F5E-872C-78311469263D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-565462843-2377332638-636861087-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-565462843-2377332638-636861087-1002] => http=127.0.0.1:8082
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5480B2BA-F1B7-4A2B-8A15-1DF39A453731}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{60341516-228f-4571-b28b-6a54ea39e1de}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{6f5fd123-17cc-41ab-880d-ba370803e490}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{819399cc-6cbd-46fa-85c8-6453fe863580}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{da847a6d-8b87-488d-8d74-945bab7d8180}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{eaaf18ef-cd74-4176-90b9-86a9fc005615}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ef76afab-0760-4a1b-b70f-36c9844b65b6}: [DhcpNameServer] 192.168.178.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKU\S-1-5-21-565462843-2377332638-636861087-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S2 Cloud Station Backup VSS Service x64; C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe [287256 2018-03-01] (Synology Inc. -> ) [File not signed]
S2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [352280 2019-03-06] (Synology Inc. -> ) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-14] (Macrovision Europe Ltd.) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1242696 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
S2 GPAService; C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe [9216 2020-04-29] (Gira Giersiepen GmbH & Co. KG) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [245688 2019-11-15] (Huawei Technologies Co., Ltd. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1705088 2020-05-12] (Rockstar Games, Inc. -> Rockstar Games)
S2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [384072 2013-10-09] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-08-08] (Synology Inc. -> ) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\NisSrv.exe [2599312 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe [128376 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-01-23] (AnchorFree Inc -> The OpenVPN Project)
S3 avmaudio; C:\WINDOWS\System32\DRIVERS\avmaudio.sys [116096 2012-07-14] (AVM Berlin) [File not signed]
S3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-08-05] (AVM Berlin) [File not signed]
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S3 fwlanusbn; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) [File not signed]
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
U4 npcap_wifi; no ImagePath
S1 UimBus; \SystemRoot\System32\drivers\uimbus.sys [X]
S1 Uim_DEVIM; \SystemRoot\System32\drivers\uimdevim.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-16 13:01 - 2021-05-16 13:01 - 000000000 ___DC C:\Users\Alexander\AppData\LocalLow\IGDump
2021-05-16 12:55 - 2021-05-16 12:56 - 008534696 _____ (Malwarebytes) C:\Users\Alexander\Downloads\adwcleaner_8.2.exe
2021-05-16 12:55 - 2021-05-16 12:55 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-16 12:54 - 2021-05-16 12:54 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-16 12:54 - 2021-05-16 12:54 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-16 12:53 - 2021-05-16 13:01 - 000039206 _____ C:\Users\Alexander\Downloads\Fixlog.txt
2021-05-16 12:53 - 2021-05-16 12:53 - 000000000 ____D C:\Users\Alexander\AppData\Local\PeerDistRepub
2021-05-15 20:26 - 2021-05-15 20:26 - 000000000 ____D C:\Users\Alexander\Downloads\FRST-OlderVersion
2021-05-15 09:02 - 2021-05-15 09:03 - 002052852 ____C C:\Users\Alexander\Documents\bookmarks_15.05.21.html
2021-05-13 20:03 - 2021-05-13 20:03 - 000009280 ____C C:\Users\Daniela\Desktop\malware.txt
2021-05-13 20:01 - 2021-05-13 20:01 - 000000000 ____D C:\Users\Daniela\AppData\Local\mbam
2021-05-13 18:40 - 2021-05-13 18:40 - 000010974 _____ C:\Users\Alexander\Downloads\Aenderungssscheck_5579350570682806442.pdf
2021-05-13 17:57 - 2021-05-13 18:08 - 000113050 _____ C:\Users\Alexander\Downloads\Shortcut.txt
2021-05-13 17:53 - 2021-05-15 20:26 - 002299392 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64 (1).exe
2021-05-13 13:22 - 2021-05-13 13:22 - 000000000 ____D C:\Users\Alexander\AppData\Local\mbam
2021-05-13 13:21 - 2021-05-13 13:21 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-13 13:20 - 2021-05-13 13:20 - 002078632 _____ (Malwarebytes) C:\Users\Alexander\Downloads\mbsetup.exe
2021-05-13 13:18 - 2021-05-13 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngineLauncher
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngine
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\NVIDIA Corporation
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\EpicGamesLauncher
2021-05-13 12:51 - 2021-05-13 12:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\sp6_log
2021-05-13 12:20 - 2021-05-13 12:20 - 031412280 _____ (Piriform Software Ltd) C:\Users\Alexander\Downloads\ccsetup579.exe
2021-05-13 09:35 - 2021-05-13 09:35 - 000048980 _____ C:\Users\Alexander\Downloads\rkma.Nodes_.WindowControllerNode-1.0.29.zip
2021-05-13 08:59 - 2021-05-13 09:00 - 022337937 _____ C:\Users\Alexander\Downloads\Pegasus_E-Bikes_Betriebsanleitung_BOSCH Intuvia _MY2021_DE.pdf
2021-05-13 08:50 - 2021-05-13 08:50 - 004316080 _____ (Dominik Reichl ) C:\Users\Alexander\Downloads\KeePass-2.48.1-Setup.exe
2021-05-12 20:55 - 2021-05-12 20:56 - 022927958 _____ C:\Users\Alexander\Downloads\XiaomiADBFastbootTools (4).jar
2021-05-12 11:47 - 2021-05-12 11:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-12 11:46 - 2021-05-12 11:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 11:46 - 2021-05-12 11:46 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 11:46 - 2021-05-12 11:46 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-12 07:34 - 2021-05-12 07:34 - 000001474 _____ C:\Users\Alexander\Downloads\URLLink (20).acsm
2021-05-10 20:05 - 2021-05-10 20:05 - 000030113 _____ C:\Users\Alexander\Downloads\Impfquotenmonitoring (4).xlsx
2021-05-06 14:40 - 2021-05-06 14:40 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (5).pdf
2021-05-06 14:39 - 2021-05-06 14:39 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (2).pdf
2021-05-06 14:17 - 2021-05-06 14:17 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (4).pdf
2021-05-06 13:39 - 2021-05-06 13:39 - 004611099 _____ C:\Users\Alexander\Downloads\indego-400-100047627-original-pdf-344873-de-de.pdf
2021-05-06 13:38 - 2021-05-06 13:38 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (1).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (3).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (2).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen.pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008372691 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (1).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 004611099 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 4,4 MB).pdf
2021-05-01 18:21 - 2021-05-01 18:21 - 014562150 _____ C:\WINDOWS\SysWOW64\a6d3737a-f1a4-40bd-ba3b-cab2eec8ba75.gproj
2021-05-01 18:07 - 2021-05-01 18:07 - 014562164 _____ C:\WINDOWS\SysWOW64\8153567d-4c64-4aca-9e59-c4eadc920168.gproj
2021-05-01 18:06 - 2021-05-01 18:06 - 014562198 _____ C:\WINDOWS\SysWOW64\ba0cf4c6-8abb-4ef3-836d-0027a2be1a15.gproj
2021-05-01 17:54 - 2021-05-01 17:54 - 014559759 _____ C:\WINDOWS\SysWOW64\716109be-b030-4168-926d-8f358e3462ce.gproj
2021-05-01 17:42 - 2021-05-01 17:42 - 014560960 _____ C:\WINDOWS\SysWOW64\206a6125-ca37-4ff1-bd34-26fa25967e3a.gproj
2021-05-01 17:30 - 2021-05-01 17:30 - 014553120 _____ C:\WINDOWS\SysWOW64\de74be2b-f678-4b01-804e-40c91755dcda.gproj
2021-05-01 17:22 - 2021-05-01 17:22 - 014547269 _____ C:\WINDOWS\SysWOW64\8f189782-fe33-4ea4-a0e4-9b1c9541efb8.gproj
2021-05-01 17:17 - 2021-05-01 17:17 - 014547335 _____ C:\WINDOWS\SysWOW64\8b5bc60a-7c14-4d40-aaf4-5a8ca818ff66.gproj
2021-05-01 17:15 - 2021-05-01 17:15 - 014547369 _____ C:\WINDOWS\SysWOW64\891c0700-7ff2-4bfb-9d77-14a9740a5e3f.gproj
2021-05-01 17:08 - 2021-05-01 17:08 - 014547263 _____ C:\WINDOWS\SysWOW64\6a86d4bc-d366-4ce9-b851-4e16ae88ed96.gproj
2021-05-01 17:05 - 2021-05-01 17:05 - 014545033 _____ C:\WINDOWS\SysWOW64\300e5685-c2e8-4534-a90c-0d99c7ee4f62.gproj
2021-05-01 15:49 - 2021-05-01 15:49 - 000141876 _____ C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba.zip
2021-05-01 15:49 - 2021-05-01 15:49 - 000000000 ____D C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba
2021-05-01 15:20 - 2021-05-01 15:20 - 014714494 _____ C:\WINDOWS\SysWOW64\923d93eb-517b-40e4-b539-e5242aaf63d0.gproj
2021-05-01 15:20 - 2021-05-01 15:20 - 014389004 _____ C:\WINDOWS\SysWOW64\f63315e3-5003-4437-a614-06f6f43086f7.gproj
2021-05-01 12:38 - 2021-05-01 12:38 - 000614448 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin
2021-05-01 12:37 - 2021-05-01 12:37 - 000438957 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin.gz
2021-05-01 11:22 - 2021-05-01 11:22 - 014389503 _____ C:\WINDOWS\SysWOW64\0f085712-de48-4617-ae9a-5c7980ad6bf5.gproj
2021-05-01 11:13 - 2021-05-01 11:13 - 019694741 _____ C:\Users\Alexander\Downloads\2021_05_01_Zimmerhofer.knxproj
2021-04-28 20:50 - 2021-04-28 20:50 - 000394029 ____C C:\Users\Alexander\Desktop\zeitaufgaben_volle_stunde_1.pdf
2021-04-28 20:38 - 2021-04-28 20:38 - 001387849 _____ C:\Users\Alexander\Desktop\Zirkus_Abschreibkartei_Druck.pdf
2021-04-28 20:37 - 2021-04-28 20:37 - 001238257 _____ C:\Users\Alexander\Desktop\Dominos_Uhrzeiten.pdf
2021-04-28 20:35 - 2021-04-28 20:35 - 000935475 _____ C:\Users\Alexander\Desktop\AB_Tag_24 Stunden.pdf
2021-04-25 14:54 - 2021-04-25 15:03 - 004228506 ____C C:\Users\Alexander\Desktop\IMG_6715.mp4
2021-04-24 19:41 - 2021-04-24 19:41 - 014362110 _____ C:\WINDOWS\SysWOW64\c853b3f9-927f-4f9d-bfe5-bbb2449a0134.gproj
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ___DC C:\Users\Alexander\Documents\PDFsam Enhanced Files
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\spellings
2021-04-24 08:49 - 2021-04-24 08:49 - 000000000 ____D C:\ProgramData\PDFsam Basic
2021-04-24 08:48 - 2021-04-24 08:49 - 020694304 _____ (Andrea Vacondio) C:\Users\Alexander\Downloads\PDFsam_Basic_4_Installer (1).exe
2021-04-23 20:08 - 2021-04-23 20:08 - 000339381 _____ C:\Users\Alexander\Downloads\7002011317.pdf
2021-04-23 20:06 - 2021-04-23 20:06 - 000087229 _____ C:\Users\Alexander\Downloads\7002011311.pdf
2021-04-23 14:12 - 2021-04-23 14:12 - 000096265 _____ C:\Users\Alexander\Downloads\Label-9699617009.pdf
2021-04-23 13:11 - 2021-04-23 13:11 - 000252893 ____C C:\Users\Alexander\Documents\9699617009.pdf
2021-04-20 14:13 - 2021-04-20 14:13 - 000182225 _____ C:\Users\Daniela_2\Downloads\sormas Notgruppe 4.xlsx
2021-04-20 09:23 - 2021-04-20 09:23 - 000871637 _____ C:\Users\Alexander\Downloads\Impfdokumentation (3).pdf
2021-04-19 22:51 - 2021-04-19 22:51 - 000044017 ____C C:\Users\Alexander\Desktop\Impfzentrum Bonn.pdf
2021-04-19 12:42 - 2021-04-19 12:42 - 000019628 _____ C:\Users\Alexander\Downloads\germany_vaccinations_timeseries_v2.tsv
2021-04-19 12:41 - 2021-04-19 12:41 - 000018588 _____ C:\Users\Alexander\Downloads\germany_deliveries_timeseries_v2.tsv
2021-04-19 10:21 - 2021-04-19 10:21 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-19 10:03 - 2021-04-19 10:03 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-04-19 07:56 - 2021-04-19 07:56 - 000842910 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2)_Ute.pdf
2021-04-19 07:38 - 2021-04-19 07:38 - 000870299 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2).pdf
2021-04-19 07:37 - 2021-04-19 07:37 - 000835570 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1)_Carlo.pdf
2021-04-19 07:36 - 2021-04-19 07:36 - 000862959 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1).pdf
2021-04-18 16:36 - 2021-04-18 16:36 - 007505263 _____ C:\Users\Alexander\Downloads\20693710.pdf
2021-04-18 16:27 - 2021-04-18 16:27 - 014362447 _____ C:\WINDOWS\SysWOW64\e24cf558-316e-4022-9189-974973802dac.gproj
2021-04-18 15:33 - 2021-04-18 15:33 - 000039424 ____C C:\Users\Daniela_2\Desktop\Notgruppe4.xls
2021-04-18 09:54 - 2021-04-18 09:54 - 001871048 _____ C:\Users\Alexander\Desktop\MDT_THB_SCN_02_Bewegungsmelder_Automatik_Schalter_55_63.pdf
2021-04-18 09:53 - 2021-04-18 09:53 - 000416540 _____ C:\Users\Alexander\Desktop\MDT_AOI_Motion_Detector_Automatic_Switch_55_02.pdf
2021-04-17 18:47 - 2021-05-16 13:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-17 18:47 - 2021-04-17 18:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-17 18:37 - 2021-04-17 18:37 - 103052437 _____ C:\Users\Alexander\Downloads\tks-ip-gateway_05.04.00.08 (1).zip
2021-04-17 15:46 - 2021-04-17 15:46 - 014362389 _____ C:\WINDOWS\SysWOW64\0d9754c3-2270-4de6-8638-187a4d6ecda7.gproj
2021-04-17 14:53 - 2021-04-17 14:53 - 000001603 _____ C:\Users\Daniela_2\Downloads\URLLink (24).acsm
2021-04-17 14:48 - 2021-04-17 14:48 - 000001620 _____ C:\Users\Daniela_2\Downloads\URLLink (23).acsm
2021-04-17 11:45 - 2021-04-17 11:45 - 000017432 _____ C:\Users\Alexander\Downloads\Download.CSV
2021-04-17 11:10 - 2021-04-17 11:10 - 000001561 _____ C:\Users\Daniela_2\Downloads\URLLink (22).acsm
2021-04-17 10:03 - 2021-04-17 10:03 - 000144775 ____C C:\Users\Alexander\Desktop\formular_kontaktpersonen_pflegende_angehoerige_und_schwangere_beschreibbar.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-16 13:26 - 2015-04-05 09:49 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CrashDumps
2021-05-16 13:25 - 2021-01-04 12:14 - 000027493 _____ C:\Users\Alexander\Downloads\FRST.txt
2021-05-16 13:25 - 2021-01-04 12:14 - 000000000 ____D C:\FRST
2021-05-16 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-16 13:09 - 2020-01-04 19:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-16 13:08 - 2016-12-27 15:40 - 000000000 ___DC C:\Users\Alexander\AppData\LocalLow\Mozilla
2021-05-16 13:07 - 2021-01-04 12:17 - 000070764 _____ C:\Users\Alexander\Downloads\Addition.txt
2021-05-16 13:07 - 2020-11-12 23:38 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-05-16 13:07 - 2020-11-12 23:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-16 13:07 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-16 13:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-16 12:59 - 2020-11-12 23:37 - 001916338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-16 12:59 - 2019-12-07 16:51 - 000820626 _____ C:\WINDOWS\system32\perfh007.dat
2021-05-16 12:59 - 2019-12-07 16:51 - 000177158 _____ C:\WINDOWS\system32\perfc007.dat
2021-05-16 12:59 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-16 12:55 - 2019-01-27 12:27 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\KeePass
2021-05-16 12:55 - 2013-12-06 17:22 - 000000000 ___RD C:\Users\Alexander\Gemeinsame Cloudstation
2021-05-16 12:55 - 2013-04-11 21:58 - 000000000 ___RD C:\Users\Alexander\CloudStation
2021-05-16 12:55 - 2013-04-11 21:57 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CloudStation
2021-05-16 12:54 - 2020-11-12 23:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-16 12:54 - 2020-11-12 23:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-16 12:54 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-05-16 12:54 - 2016-06-17 21:17 - 000000000 __SHD C:\Users\Alexander\IntelGraphicsProfiles
2021-05-16 12:54 - 2013-01-06 14:27 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-15 20:24 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-15 20:23 - 2014-09-26 21:10 - 000000000 _SHDC C:\Users\Daniela\AppData\Local\EmieUserList
2021-05-15 20:23 - 2014-09-26 21:10 - 000000000 _SHDC C:\Users\Daniela\AppData\Local\EmieSiteList
2021-05-15 20:23 - 2012-07-15 21:11 - 000000000 ____D C:\Program Files (x86)\Google
2021-05-15 20:22 - 2018-05-30 22:35 - 000000000 ___DC C:\Users\Daniela\AppData\Local\Google
2021-05-15 09:14 - 2012-08-13 19:59 - 000000000 ___DC C:\Users\Alexander\Documents\Outlook-Dateien
2021-05-15 09:07 - 2017-05-31 22:04 - 000000348 _____ C:\WINDOWS\BRRBCOM.INI
2021-05-15 08:46 - 2020-06-25 15:37 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-15 08:46 - 2020-06-25 15:37 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-15 08:46 - 2020-06-25 15:37 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-13 20:06 - 2012-07-14 10:48 - 000000000 ___DC C:\Users\Daniela\AppData\Roaming\Notepad++
2021-05-13 20:02 - 2015-05-23 06:32 - 000000000 ___DC C:\Users\Daniela\AppData\Local\CrashDumps
2021-05-13 19:58 - 2015-05-23 06:09 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\CrashDumps
2021-05-13 19:58 - 2013-12-06 17:44 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\CloudStation
2021-05-13 19:52 - 2020-03-30 19:23 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\WebEx
2021-05-13 19:51 - 2020-03-30 19:23 - 000000000 ____D C:\Users\Daniela_2\AppData\Roaming\webex
2021-05-13 19:37 - 2013-12-06 17:46 - 000000000 ___RD C:\Users\Daniela_2\Gemeinsame CloudStation
2021-05-13 19:37 - 2013-12-06 17:45 - 000000000 ___RD C:\Users\Daniela_2\CloudStation
2021-05-13 19:36 - 2016-06-18 06:55 - 000000000 __SHD C:\Users\Daniela_2\IntelGraphicsProfiles
2021-05-13 14:01 - 2014-11-24 20:24 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-13 13:51 - 2020-11-12 23:26 - 002806440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-13 13:21 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-13 13:02 - 2019-02-17 17:49 - 000000000 ____D C:\Program Files (x86)\iMobie
2021-05-13 12:58 - 2019-06-09 08:21 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-05-13 12:58 - 2017-01-10 22:18 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2021-05-13 12:57 - 2018-11-25 20:12 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\D3DSCache
2021-05-13 12:52 - 2012-08-17 20:07 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-13 12:51 - 2016-09-22 03:30 - 000000000 ____D C:\Program Files\Common Files\logishrd
2021-05-13 12:51 - 2016-03-26 13:57 - 000000000 ____D C:\ProgramData\Logishrd
2021-05-13 12:46 - 2019-08-07 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-13 12:45 - 2020-03-25 21:52 - 000000000 ____D C:\Program Files (x86)\AntiTwin
2021-05-13 12:44 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Packages
2021-05-13 12:23 - 2019-06-09 09:57 - 000000000 ____D C:\temp
2021-05-13 12:16 - 2016-02-21 17:48 - 000000000 ____D C:\ProgramData\Apple Computer
2021-05-13 12:14 - 2016-06-17 21:19 - 000000000 ___RD C:\Users\Alexander\OneDrive
2021-05-13 08:52 - 2019-01-27 12:26 - 000001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2021-05-13 08:52 - 2019-01-27 12:26 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2021-05-13 08:44 - 2016-06-18 06:44 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-13 08:33 - 2012-08-07 10:00 - 000000000 ___DC C:\Users\Daniela_2\Documents\Outlook-Dateien
2021-05-12 12:15 - 2020-08-14 17:10 - 000000000 ___DC C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-12 12:15 - 2019-08-07 21:42 - 000000000 ____D C:\Program Files (x86)\Gira
2021-05-12 12:11 - 2021-04-02 11:28 - 000000000 ____D C:\Program Files\GrafanaLabs
2021-05-12 12:07 - 2014-07-12 17:09 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Skype
2021-05-12 12:07 - 2012-07-14 10:37 - 000000000 ____D C:\ProgramData\Skype
2021-05-12 11:55 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-12 11:49 - 2019-12-07 16:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 11:49 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-12 11:49 - 2019-12-07 16:52 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 11:49 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 11:36 - 2020-11-11 20:48 - 000000000 ___HD C:\$WinREAgent
2021-05-12 11:34 - 2013-07-21 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 11:24 - 2012-07-14 10:20 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 07:32 - 2020-11-12 23:38 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-565462843-2377332638-636861087-1002
2021-05-11 07:32 - 2020-11-12 23:28 - 000002427 ____C C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-11 07:32 - 2016-06-18 06:56 - 000000000 ___RD C:\Users\Daniela_2\OneDrive
2021-05-10 20:24 - 2019-04-20 21:56 - 000000000 ____D C:\Users\Daniela_2\AppData\Roaming\KeePass
2021-05-10 14:03 - 2018-05-30 22:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-02 20:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Daniela_2
2021-05-02 09:33 - 2013-04-11 22:17 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\vlc
2021-05-01 22:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Alexander
2021-05-01 12:52 - 2021-03-04 20:41 - 000000000 ____D C:\Program Files\PDFsam Basic
2021-04-30 10:22 - 2020-10-01 15:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-30 09:13 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\Packages
2021-04-26 07:44 - 2020-11-28 10:08 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b93b6516950a
2021-04-26 07:44 - 2020-11-12 23:38 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-24 09:02 - 2012-07-15 21:14 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\Adobe
2021-04-23 19:36 - 2015-09-01 05:57 - 000000000 ___RD C:\Users\Daniela_2\Dropbox
2021-04-22 14:54 - 2020-11-12 23:38 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-22 14:54 - 2020-11-12 23:38 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 20:29 - 2020-01-04 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-19 10:21 - 2020-11-12 23:27 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-19 10:03 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-18 15:33 - 2021-02-22 17:21 - 000039424 _____ C:\Users\Daniela_2\Downloads\Notgruppe Wechselunterricht 4.xls
2021-04-17 18:47 - 2020-01-04 19:04 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-17 14:53 - 2012-07-31 09:01 - 000000000 ___DC C:\Users\Daniela_2\Documents\My Digital Editions

==================== Files in the root of some directories ========

2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ () C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2016-12-11 21:15 - 2016-12-11 21:15 - 000000000 ____C () C:\Users\Daniela\AppData\Local\{E34785DD-D791-45FC-BB3D-4F10309E5D2D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---

M-K-D-B 16.05.2021 19:39
Die Logdatei von Schritt 1 fehlt, bitte nachreichen.

Sweeny 17.05.2021 07:07
Ach, Entschuldigung. Ich habe es vergessen zu posten.

Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-05-2021
durchgeführt von Alexander (16-05-2021 12:53:40) Run:1
Gestartet von C:\Users\Alexander\Downloads
Geladene Profile: Alexander
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
C:\Program Files\Common Files\AV
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {04620E3E-9FF6-47C3-A01D-3391D0960B5E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1B78249E-0F85-4595-AD1B-CCAB4B056072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24F345DF-CDEF-4C26-AD31-EAF482740CED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2D8ADC5D-837C-4828-AA64-3FC4C3079E99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5A9BE10E-CDC1-4CB2-B604-82B206E024CF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} - System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {730AC712-A578-4E65-9B1C-81CDB7383A0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D264AAA-6A33-4C26-BBF6-E2793D0725E8} - System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {817196E8-49EA-44B0-9801-06263B2B7759} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {83B0D73A-F964-44E7-8F91-623ED70F52B5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {982191EA-C967-4C55-89E1-98A29DCF2D7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A571E058-5154-4DEF-A1FD-35E525B5A7D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A698037E-D4C5-48F7-9873-E12612DF4122} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DFB52FB2-5D05-488A-A154-428C6E6F1FC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E44C1574-A4D3-44BD-B903-47238C91A761} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
ProxyEnable: [S-1-5-21-565462843-2377332638-636861087-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-565462843-2377332638-636861087-1002] => http=127.0.0.1:8082
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
U3 idsvc; no ImagePath
U4 npcap_wifi; no ImagePath
S1 UimBus; \SystemRoot\System32\drivers\uimbus.sys [X]
S1 Uim_DEVIM; \SystemRoot\System32\drivers\uimdevim.sys [X]
2021-05-13 13:18 - 2021-05-13 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\AviraSpeedup
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\Avira
2021-05-13 13:07 - 2021-05-13 13:07 - 006554200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alexander\Downloads\avira_de_asu80_1191873915-1620901252__poptws.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
CMD: fltmc instances
CMD: netsh int ip reset
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
CMD: DISM /Online /Cleanup-image /Restorehealth
Hosts:
RemoveProxy:
SystemRestore: On
Reboot:

*****************

"HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => erfolgreich entfernt

"C:\Program Files\Common Files\AV" Ordner verschieben:

Konnte nicht verschoben werden "C:\Program Files\Common Files\AV" => ist geplant bei Neustart verschoben zu werden.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2} => konnte nicht entfernt werden. Zugriff verweigert.

"C:\WINDOWS\system32\GroupPolicy\Machine" Ordner verschieben:

Konnte nicht verschoben werden "C:\WINDOWS\system32\GroupPolicy\Machine" => ist geplant bei Neustart verschoben zu werden.

Konnte nicht verschoben werden "C:\WINDOWS\system32\GroupPolicy\GPT.ini" => ist geplant bei Neustart verschoben zu werden.
Konnte nicht verschoben werden "C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini" => ist geplant bei Neustart verschoben zu werden.

"C:\WINDOWS\system32\GroupPolicy\User" Ordner verschieben:

Konnte nicht verschoben werden "C:\WINDOWS\system32\GroupPolicy\User" => ist geplant bei Neustart verschoben zu werden.

Konnte nicht verschoben werden "C:\WINDOWS\system32\GroupPolicy\GPT.ini" => ist geplant bei Neustart verschoben zu werden.
Konnte nicht verschoben werden "C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini" => ist geplant bei Neustart verschoben zu werden.
Konnte nicht verschoben werden "C:\ProgramData\NTUSER.pol" => ist geplant bei Neustart verschoben zu werden.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04620E3E-9FF6-47C3-A01D-3391D0960B5E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04620E3E-9FF6-47C3-A01D-3391D0960B5E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B78249E-0F85-4595-AD1B-CCAB4B056072} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B78249E-0F85-4595-AD1B-CCAB4B056072} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24F345DF-CDEF-4C26-AD31-EAF482740CED} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F345DF-CDEF-4C26-AD31-EAF482740CED} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D8ADC5D-837C-4828-AA64-3FC4C3079E99} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D8ADC5D-837C-4828-AA64-3FC4C3079E99} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A9BE10E-CDC1-4CB2-B604-82B206E024CF} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A9BE10E-CDC1-4CB2-B604-82B206E024CF} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} => konnte nicht entfernt werden. Zugriff verweigert.
Konnte nicht verschoben werden "C:\WINDOWS\System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E}" => ist geplant bei Neustart verschoben zu werden.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E887F441-25A6-4815-BCE1-41682C06FB8E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{730AC712-A578-4E65-9B1C-81CDB7383A0A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{730AC712-A578-4E65-9B1C-81CDB7383A0A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D264AAA-6A33-4C26-BBF6-E2793D0725E8} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D264AAA-6A33-4C26-BBF6-E2793D0725E8} => konnte nicht entfernt werden. Zugriff verweigert.
Konnte nicht verschoben werden "C:\WINDOWS\System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11}" => ist geplant bei Neustart verschoben zu werden.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{817196E8-49EA-44B0-9801-06263B2B7759} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817196E8-49EA-44B0-9801-06263B2B7759} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83B0D73A-F964-44E7-8F91-623ED70F52B5} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83B0D73A-F964-44E7-8F91-623ED70F52B5} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{982191EA-C967-4C55-89E1-98A29DCF2D7A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{982191EA-C967-4C55-89E1-98A29DCF2D7A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A571E058-5154-4DEF-A1FD-35E525B5A7D0} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A571E058-5154-4DEF-A1FD-35E525B5A7D0} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A698037E-D4C5-48F7-9873-E12612DF4122} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A698037E-D4C5-48F7-9873-E12612DF4122} => konnte nicht entfernt werden. Zugriff verweigert.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nicht gefunden
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFB52FB2-5D05-488A-A154-428C6E6F1FC4} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB52FB2-5D05-488A-A154-428C6E6F1FC4} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E44C1574-A4D3-44BD-B903-47238C91A761} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E44C1574-A4D3-44BD-B903-47238C91A761} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => konnte nicht entfernt werden. Zugriff verweigert.
"HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => nicht gefunden
"HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => nicht gefunden
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => erfolgreich entfernt
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\idsvc => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\npcap_wifi => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\UimBus => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\Uim_DEVIM => konnte nicht entfernt werden. Zugriff verweigert.
"C:\WINDOWS\system32\Tasks\Avira" => nicht gefunden
C:\Users\Alexander\AppData\Local\AviraSpeedup => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Avira => erfolgreich verschoben
C:\Users\Alexander\Downloads\avira_de_asu80_1191873915-1620901252__poptws.exe => erfolgreich verschoben
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Fehler beim Setzen des Wertes
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Fehler beim Setzen des Wertes
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => konnte nicht entfernt werden. Zugriff verweigert.
"HKU\S-1-5-21-565462843-2377332638-636861087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SpybotPostWindows10UpgradeReInstall" => erfolgreich entfernt
"HKU\S-1-5-21-565462843-2377332638-636861087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => nicht gefunden

========= fltmc instances =========


Fehler bei der Filter-/Instanzauflistung: 0x80070005
Zugriff verweigert

========= Ende von CMD: =========


========= netsh int ip reset =========

Depotweiterleitung wird zurckgesetzt... OK
Depot wird zurckgesetzt... OK
Steuerungsprotokoll wird zurckgesetzt... OK
Echosequenzanforderung wird zurckgesetzt... OK
Global wird zurckgesetzt... Fehler
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
Schnittstelle wird zurckgesetzt... Fehler
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
Anycastadresse wird zurckgesetzt... OK
Multicastadresse wird zurckgesetzt... OK
Unicastadresse wird zurckgesetzt... Fehler
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
Nachbar wird zurckgesetzt... Fehler
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
Pfad wird zurckgesetzt... Fehler
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
Potentiell wird zurckgesetzt... OK
Pr„fixrichtlinie wird zurckgesetzt... OK
Proxynachbar wird zurckgesetzt... OK
Route wird zurckgesetzt... OK
Standordpr„fix wird zurckgesetzt... OK
Unterschnittstelle wird zurckgesetzt... OK
Reaktivierungsmuster wird zurckgesetzt... OK
Nachbar aufl”sen wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... Fehler
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... Fehler
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.


========= Ende von CMD: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========

Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).


========= Ende von CMD: =========


========= netsh advfirewall reset =========

Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).


========= Ende von CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).


========= Ende von CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to enum jobs - 0x80070005
Zugriff verweigert



========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Fehler: Die Leistungsindikatoreinstellung konnte nicht aus dem Systemsicherungsspeicher neu erstellt werden. Fehlercode: 5.
========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Fehler: Die Leistungsindikatoreinstellung konnte nicht aus dem Systemsicherungsspeicher neu erstellt werden. Fehlercode: 5.
========= Ende von CMD: =========


========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========


Fehler: Die Leistungsindikatoreinstellung konnte nicht aus dem Systemsicherungsspeicher neu erstellt werden. Fehlercode: 5.
========= Ende von CMD: =========


========= "C:\Windows\SysWOW64\lodctr.exe" /R =========


Fehler: Die Leistungsindikatoreinstellung konnte nicht aus dem Systemsicherungsspeicher neu erstellt werden. Fehlercode: 5.
========= Ende von CMD: =========


========= Set-MpPreference -PUAProtection Enabled =========

Set-MpPreference : You don't have enough permissions to perform the requested operation.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -PUAProtection Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
  CimException
    + FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference
 

========= Ende von Powershell: =========


========= Set-MpPreference -DisableScanningNetworkFiles 0 =========

Set-MpPreference : You don't have enough permissions to perform the requested operation.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -DisableScanningNetworkFiles 0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
  CimException
    + FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference
 

========= Ende von Powershell: =========


========= DISM /Online /Cleanup-image /Restorehealth =========


Fehler: 740

Zum Ausfhren von DISM sind erh”hte Rechte erforderlich.
Verwenden Sie eine Eingabeaufforderung fr erh”hte Rechte, um diese Aufgaben
abzuschlieáen.

========= Ende von CMD: =========

Konnte nicht verschoben werden "C:\Windows\System32\Drivers\etc\hosts" => ist geplant bei Neustart verschoben zu werden.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections => Zugriff verweigert
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections => Zugriff verweigert
"HKU\S-1-5-21-565462843-2377332638-636861087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-565462843-2377332638-636861087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========

SystemRestore: On => Fehler

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 16-05-2021 13:01:25)

C:\Program Files\Common Files\AV => Konnte nicht verschoben werden
C:\WINDOWS\system32\GroupPolicy\Machine => Konnte nicht verschoben werden
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Konnte nicht verschoben werden
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => Konnte nicht verschoben werden
C:\WINDOWS\system32\GroupPolicy\User => Konnte nicht verschoben werden
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Konnte nicht verschoben werden
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => Konnte nicht verschoben werden
C:\ProgramData\NTUSER.pol => Konnte nicht verschoben werden
C:\WINDOWS\System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => Konnte nicht verschoben werden
C:\WINDOWS\System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => Konnte nicht verschoben werden
C:\Windows\System32\Drivers\etc\hosts => Konnte nicht verschoben werden
Konnte nicht wiederhergestellt werden Hosts.

Ergebnis der geplanten Schlüssel-Entfernung nach dem Neustart:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04620E3E-9FF6-47C3-A01D-3391D0960B5E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04620E3E-9FF6-47C3-A01D-3391D0960B5E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B78249E-0F85-4595-AD1B-CCAB4B056072} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B78249E-0F85-4595-AD1B-CCAB4B056072} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24F345DF-CDEF-4C26-AD31-EAF482740CED} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F345DF-CDEF-4C26-AD31-EAF482740CED} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D8ADC5D-837C-4828-AA64-3FC4C3079E99} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D8ADC5D-837C-4828-AA64-3FC4C3079E99} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A9BE10E-CDC1-4CB2-B604-82B206E024CF} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A9BE10E-CDC1-4CB2-B604-82B206E024CF} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E887F441-25A6-4815-BCE1-41682C06FB8E} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{730AC712-A578-4E65-9B1C-81CDB7383A0A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{730AC712-A578-4E65-9B1C-81CDB7383A0A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D264AAA-6A33-4C26-BBF6-E2793D0725E8} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D264AAA-6A33-4C26-BBF6-E2793D0725E8} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{817196E8-49EA-44B0-9801-06263B2B7759} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817196E8-49EA-44B0-9801-06263B2B7759} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83B0D73A-F964-44E7-8F91-623ED70F52B5} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83B0D73A-F964-44E7-8F91-623ED70F52B5} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{982191EA-C967-4C55-89E1-98A29DCF2D7A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{982191EA-C967-4C55-89E1-98A29DCF2D7A} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A571E058-5154-4DEF-A1FD-35E525B5A7D0} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A571E058-5154-4DEF-A1FD-35E525B5A7D0} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A698037E-D4C5-48F7-9873-E12612DF4122} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A698037E-D4C5-48F7-9873-E12612DF4122} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFB52FB2-5D05-488A-A154-428C6E6F1FC4} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB52FB2-5D05-488A-A154-428C6E6F1FC4} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E44C1574-A4D3-44BD-B903-47238C91A761} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E44C1574-A4D3-44BD-B903-47238C91A761} => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\idsvc => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\npcap_wifi => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\UimBus => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\Uim_DEVIM => konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => konnte nicht entfernt werden. Zugriff verweigert.

==== Ende vom Fixlog 13:01:26 ====

M-K-D-B 17.05.2021 08:15
Zitat:
Fr den angeforderten Vorgang sind erh”hte Rechte erforderlich (Als Administrator ausfhren).
Du hast Schritt 1 nicht als Administrator ausgeführt. :D
Ohne Adminrechte wird das allerdings nichts. ;)

Wir benötigen grundsätzlich immer Adminrechte.


Schritt 1 (Reparatur) und Schritt 3 (neuer Suchlauf) mit Adminrechten ausführen.

Sweeny 17.05.2021 09:45
Matthias, das tut mir leid.

Ich habe jetzt erneut den Fix eingespielt und danach erneut gescannt.

Leider ist der Rechner noch nicht wieder normal schnell.

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Daniela (17-05-2021 10:31:54) Run:2
Running from C:\Users\Alexander\Downloads
Loaded Profiles: Daniela & Alexander & Daniela_2
Boot Mode: NormalC
==============================================

fixlist content:
*****************
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
C:\Program Files\Common Files\AV
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {04620E3E-9FF6-47C3-A01D-3391D0960B5E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1B78249E-0F85-4595-AD1B-CCAB4B056072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24F345DF-CDEF-4C26-AD31-EAF482740CED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C40D05D-9777-4C7E-B5A9-BE37D4108F3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2D8ADC5D-837C-4828-AA64-3FC4C3079E99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5A9BE10E-CDC1-4CB2-B604-82B206E024CF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5BA33DD0-E9E1-4AFE-9241-8AEDA668932B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6DDD6299-22D5-4AD2-9874-AA8009BBB2AB} - System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {730AC712-A578-4E65-9B1C-81CDB7383A0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D264AAA-6A33-4C26-BBF6-E2793D0725E8} - System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {817196E8-49EA-44B0-9801-06263B2B7759} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {83B0D73A-F964-44E7-8F91-623ED70F52B5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {982191EA-C967-4C55-89E1-98A29DCF2D7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A571E058-5154-4DEF-A1FD-35E525B5A7D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A698037E-D4C5-48F7-9873-E12612DF4122} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DFB52FB2-5D05-488A-A154-428C6E6F1FC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E44C1574-A4D3-44BD-B903-47238C91A761} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
ProxyEnable: [S-1-5-21-565462843-2377332638-636861087-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-565462843-2377332638-636861087-1002] => http=127.0.0.1:8082
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
U3 idsvc; no ImagePath
U4 npcap_wifi; no ImagePath
S1 UimBus; \SystemRoot\System32\drivers\uimbus.sys [X]
S1 Uim_DEVIM; \SystemRoot\System32\drivers\uimdevim.sys [X]
2021-05-13 13:18 - 2021-05-13 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\AviraSpeedup
2021-05-13 13:10 - 2021-05-13 13:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\Avira
2021-05-13 13:07 - 2021-05-13 13:07 - 006554200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alexander\Downloads\avira_de_asu80_1191873915-1620901252__poptws.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
CMD: fltmc instances
CMD: netsh int ip reset
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
CMD: DISM /Online /Cleanup-image /Restorehealth
Hosts:
RemoveProxy:
SystemRestore: On
Reboot:

*****************

"HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => not found
C:\Program Files\Common Files\AV => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04620E3E-9FF6-47C3-A01D-3391D0960B5E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04620E3E-9FF6-47C3-A01D-3391D0960B5E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B78249E-0F85-4595-AD1B-CCAB4B056072}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B78249E-0F85-4595-AD1B-CCAB4B056072}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24F345DF-CDEF-4C26-AD31-EAF482740CED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F345DF-CDEF-4C26-AD31-EAF482740CED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C40D05D-9777-4C7E-B5A9-BE37D4108F3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C40D05D-9777-4C7E-B5A9-BE37D4108F3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D8ADC5D-837C-4828-AA64-3FC4C3079E99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D8ADC5D-837C-4828-AA64-3FC4C3079E99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A9BE10E-CDC1-4CB2-B604-82B206E024CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A9BE10E-CDC1-4CB2-B604-82B206E024CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BA33DD0-E9E1-4AFE-9241-8AEDA668932B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BA33DD0-E9E1-4AFE-9241-8AEDA668932B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D549C7B-04CE-48F6-AFD9-ABF56A9BA0FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DDD6299-22D5-4AD2-9874-AA8009BBB2AB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DDD6299-22D5-4AD2-9874-AA8009BBB2AB}" => removed successfully
C:\WINDOWS\System32\Tasks\{E887F441-25A6-4815-BCE1-41682C06FB8E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E887F441-25A6-4815-BCE1-41682C06FB8E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{730AC712-A578-4E65-9B1C-81CDB7383A0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{730AC712-A578-4E65-9B1C-81CDB7383A0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D264AAA-6A33-4C26-BBF6-E2793D0725E8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D264AAA-6A33-4C26-BBF6-E2793D0725E8}" => removed successfully
C:\WINDOWS\System32\Tasks\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EFAFB80-CCC6-4877-A74B-A88AA1B49D11}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{817196E8-49EA-44B0-9801-06263B2B7759}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817196E8-49EA-44B0-9801-06263B2B7759}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83B0D73A-F964-44E7-8F91-623ED70F52B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83B0D73A-F964-44E7-8F91-623ED70F52B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{982191EA-C967-4C55-89E1-98A29DCF2D7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{982191EA-C967-4C55-89E1-98A29DCF2D7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A571E058-5154-4DEF-A1FD-35E525B5A7D0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A571E058-5154-4DEF-A1FD-35E525B5A7D0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A698037E-D4C5-48F7-9873-E12612DF4122}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A698037E-D4C5-48F7-9873-E12612DF4122}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFB52FB2-5D05-488A-A154-428C6E6F1FC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB52FB2-5D05-488A-A154-428C6E6F1FC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1EEAC18-87BA-4EB3-AC0B-CBB04713BF4D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E44C1574-A4D3-44BD-B903-47238C91A761}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E44C1574-A4D3-44BD-B903-47238C91A761}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater => removed successfully
HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe => removed successfully
HuaweiHiSuiteService64.exe => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully
npcap_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\UimBus => removed successfully
UimBus => service removed successfully
HKLM\System\CurrentControlSet\Services\Uim_DEVIM => removed successfully
Uim_DEVIM => service removed successfully
C:\WINDOWS\system32\Tasks\Avira => moved successfully
"C:\Users\Alexander\AppData\Local\AviraSpeedup" => not found
"C:\Users\Alexander\AppData\Local\Avira" => not found
"C:\Users\Alexander\Downloads\avira_de_asu80_1191873915-1620901252__poptws.exe" => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-565462843-2377332638-636861087-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-565462843-2377332638-636861087-1002\Software\Microsoft\Internet Explorer\Main\\"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SpybotPostWindows10UpgradeReInstall" => not found
"HKU\S-1-5-21-565462843-2377332638-636861087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => not found

========= fltmc instances =========

Filter                Volumename                                H”he        Instanzname          Frame  Volumestatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
FileCrypt            D:                                        141100    FileCrypt Instance        0    00000007 
FileInfo                                                        40500    FileInfo                  0    00000007 
FileInfo              C:                                        40500    FileInfo                  0    00000007 
FileInfo              D:                                        40500    FileInfo                  0    00000007 
FileInfo              E:                                        40500    FileInfo                  0    00000007 
FileInfo              F:                                        40500    FileInfo                  0    00000007 
FileInfo              H:                                        40500    FileInfo                  0    00000007 
FileInfo              \Device\Mup                                40500    FileInfo                  0    00000007 
MBAMChameleon                                                  400900    MBAMChameleon            0    00000000 
MBAMChameleon        C:                                        400900    MBAMChameleon            0    00000000 
MBAMChameleon        D:                                        400900    MBAMChameleon            0    00000000 
MBAMChameleon        E:                                        400900    MBAMChameleon            0    00000000 
MBAMChameleon        F:                                        400900    MBAMChameleon            0    00000000 
MBAMChameleon        H:                                        400900    MBAMChameleon            0    00000000 
MBAMFarflt                                                      268150    MBAMFarflt                0    00000004 
MBAMFarflt            C:                                        268150    MBAMFarflt                0    00000004 
MBAMFarflt            D:                                        268150    MBAMFarflt                0    00000004 
MBAMFarflt            E:                                        268150    MBAMFarflt                0    00000004 
MBAMFarflt            F:                                        268150    MBAMFarflt                0    00000004 
MBAMFarflt            H:                                        268150    MBAMFarflt                0    00000004 
MBAMProtection                                                  328800    MBAMProtection            0    00000004 
MBAMProtection        C:                                        328800    MBAMProtection            0    00000004 
MBAMProtection        D:                                        328800    MBAMProtection            0    00000004 
MBAMProtection        E:                                        328800    MBAMProtection            0    00000004 
MBAMProtection        F:                                        328800    MBAMProtection            0    00000004 
MBAMProtection        H:                                        328800    MBAMProtection            0    00000004 
MBAMProtection        \Device\Mup                              328800    MBAMProtection            0    00000004 
SamsungRapidFSFltr                                              388980    SamsungRapidFSFltr Instance    0    00000004 
SamsungRapidFSFltr    C:                                        388980    SamsungRapidFSFltr Instance    0    00000004 
SamsungRapidFSFltr    D:                                        388980    SamsungRapidFSFltr Instance    0    00000004 
SamsungRapidFSFltr    E:                                        388980    SamsungRapidFSFltr Instance    0    00000004 
SamsungRapidFSFltr    F:                                        388980    SamsungRapidFSFltr Instance    0    00000004 
SamsungRapidFSFltr    H:                                        388980    SamsungRapidFSFltr Instance    0    00000004 
Wof                                                              40700    Wof Instance              0    00000007 
Wof                  C:                                        40700    Wof Instance              0    00000007 
Wof                  D:                                        40700    Wof Instance              0    00000007 
Wof                  E:                                        40700    Wof Instance              0    00000007 
Wof                  F:                                        40700    Wof Instance              0    00000007 
Wof                  H:                                        40700    Wof Instance              0    00000007 
luafv                C:                                        135000    luafv                    0    00000007 
npsvctrig            \Device\NamedPipe                          46000    npsvctrig                0    00000000 
wcifs                C:                                        189900    wcifs Instance            0    00000007 
wcifs                D:                                        189900    wcifs Instance            0    00000007 

========= End of CMD: =========


========= netsh int ip reset =========

Depotweiterleitung wird zurckgesetzt... OK
Depot wird zurckgesetzt... OK
Steuerungsprotokoll wird zurckgesetzt... OK
Echosequenzanforderung wird zurckgesetzt... OK
Global wird zurckgesetzt... OK
Schnittstelle wird zurckgesetzt... OK
Anycastadresse wird zurckgesetzt... OK
Multicastadresse wird zurckgesetzt... OK
Unicastadresse wird zurckgesetzt... OK
Nachbar wird zurckgesetzt... OK
Pfad wird zurckgesetzt... OK
Potentiell wird zurckgesetzt... OK
Pr„fixrichtlinie wird zurckgesetzt... OK
Proxynachbar wird zurckgesetzt... OK
Route wird zurckgesetzt... OK
Standordpr„fix wird zurckgesetzt... OK
Unterschnittstelle wird zurckgesetzt... OK
Reaktivierungsmuster wird zurckgesetzt... OK
Nachbar aufl”sen wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... Fehler
Zugriff verweigert

 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
 wird zurckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


========= netsh advfirewall reset =========

OK.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Fehler: Die Leistungsindikatoreinstellung konnte nicht aus dem Systemsicherungsspeicher neu erstellt werden. Fehlercode: 2.
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= End of CMD: =========


========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= End of CMD: =========


========= "C:\Windows\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= End of CMD: =========


========= Set-MpPreference -PUAProtection Enabled =========

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -PUAProtection Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
  CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 

========= End of Powershell: =========


========= Set-MpPreference -DisableScanningNetworkFiles 0 =========

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -DisableScanningNetworkFiles 0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
  CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 

========= End of Powershell: =========


========= DISM /Online /Cleanup-image /Restorehealth =========


Tool zur Imageverwaltung fr die Bereitstellung
Version: 10.0.19041.844

Abbildversion: 10.0.19042.985


[==                        3.8%                          ]

[==                        4.5%                          ]

[===                        5.4%                          ]

[===                        6.3%                          ]

[====                      7.2%                          ]

[====                      8.1%                          ]

[=====                      9.1%                          ]

[=====                      9.7%                          ]

[======                    10.6%                          ]

[======                    11.6%                          ]

[=======                    12.6%                          ]

[=======                    13.6%                          ]

[========                  14.6%                          ]

[=========                  15.5%                          ]

[=========                  16.5%                          ]

[==========                17.5%                          ]

[==========                18.5%                          ]

[===========                19.2%                          ]

[===========                19.4%                          ]

[===========                19.9%                          ]

[===========                20.4%                          ]

[===========                20.5%                          ]

[===========                20.6%                          ]

[============              21.4%                          ]

[============              22.3%                          ]

[=============              23.3%                          ]

[==============            24.3%                          ]

[==============            24.8%                          ]

[==============            25.5%                          ]

[===============            26.5%                          ]

[===============            27.5%                          ]

[================          28.4%                          ]

[=================          29.4%                          ]

[=================          30.1%                          ]

[==================        31.1%                          ]

[==================        31.8%                          ]

[==================        32.0%                          ]

[==================        32.3%                          ]

[==================        32.5%                          ]

[===================        33.0%                          ]

[===================        33.6%                          ]

[===================        34.0%                          ]

[===================        34.4%                          ]

[====================      34.9%                          ]

[====================      35.2%                          ]

[====================      35.4%                          ]

[====================      35.7%                          ]

[=====================      36.2%                          ]

[=====================      36.6%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.4%                          ]

[=====================      37.7%                          ]

[======================    38.5%                          ]

[======================    38.9%                          ]

[======================    39.2%                          ]

[=======================    39.8%                          ]

[=======================    40.5%                          ]

[=======================    40.9%                          ]

[========================  41.9%                          ]

[========================  42.9%                          ]

[=========================  43.8%                          ]

[========================== 44.8%                          ]

[========================== 45.5%                          ]

[========================== 46.5%                          ]

[===========================47.5%                          ]

[===========================48.5%                          ]

[===========================49.4%                          ]

[===========================50.2%                          ]

[===========================50.7%                          ]

[===========================50.8%                          ]

[===========================50.9%                          ]

[===========================50.9%                          ]

[===========================51.0%                          ]

[===========================51.2%                          ]

[===========================51.2%                          ]

[===========================51.2%                          ]

[===========================51.2%                          ]

[===========================51.3%                          ]

[===========================51.4%                          ]

[===========================51.4%                          ]

[===========================51.5%                          ]

[===========================51.5%                          ]

[===========================51.5%                          ]

[===========================51.5%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.9%                          ]

[===========================52.0%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.6%                          ]

[===========================52.6%                          ]

[===========================52.7%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.9%                          ]

[===========================53.0%                          ]

[===========================53.0%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.2%                          ]

[===========================53.2%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.8%                          ]

[===========================54.0%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.7%                          ]

[===========================54.8%                          ]

[===========================55.5%                          ]

[===========================56.0%                          ]

[===========================56.2%                          ]

[===========================57.2%=                        ]

[===========================58.2%=                        ]

[===========================59.2%==                        ]

[===========================60.2%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================        ]

[==========================100.0%==========================]
Der Wiederherstellungsvorgang wurde erfolgreich abgeschlossen.
Der Vorgang wurde erfolgreich beendet.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-565462843-2377332638-636861087-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

SystemRestore: On => completed


The system needed a reboot.

==== End of Fixlog 10:35:15 ====

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by Daniela (administrator) on PC (17-05-2021 10:38:58)
Running from C:\Users\Alexander\Downloads
Loaded Profiles: Daniela & Alexander
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

((c)2016 Datacolor) [File not signed] C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Gira Giersiepen GmbH & Co. KG) [File not signed] C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\MobileBrServ\mbbService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\jbServices.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncCheck.exe
(Jumping Bytes  (Christoph Guentner) -> Jumping Bytes) C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\net.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Synology Inc. -> Synology Inc.) C:\Users\Alexander\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.95.0_x64__8wekyb3d8bbwe\YourPhone.exe
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [124000 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-08-29] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [MD5 File Hasher] => C:\Program Files (x86)\MD5 File Hasher\MD5FileHasher -s
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33031648 2021-05-06] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-30] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-565462843-2377332638-636861087-1000\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [PureSync] => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncTray.exe [1433888 2021-01-12] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [8030280 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [3F39F816CD7BDDEEE521D84DB3B9E481A1B62B66._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
HKU\S-1-5-21-565462843-2377332638-636861087-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [Amazon Music] => C:\Users\Daniela_2\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2746184 2016-08-22] (Link64 GmbH -> Link64 GmbH)
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [PTOneClick] => C:\Users\Daniela_2\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe /AutoRunning="1"
HKU\S-1-5-21-565462843-2377332638-636861087-1002\...\Run: [CiscoMeetingDaemon] => "C:\Users\Daniela_2\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [110264 2013-04-09] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\...\Winlogon\GPExtensions: [{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}] -> %SystemRoot%\System32\RdpGroupPolicyExtension.dll
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-17]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-11-30]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) [File not signed]
Startup: C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2021-05-13]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc. -> Synology Inc.) [File not signed]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04291AB8-1BFF-482D-A354-0DAA63096B83} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [880 2020-09-25] () [File not signed]
Task: {157F03BB-812E-48C2-978F-EB0066E01444} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe
Task: {1962D670-73A2-4161-9A19-96A76222E178} - System32\Tasks\JumpingBytes\PureSyncElvDaniela => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncHelper.exe [168304 2020-12-29] (Jumping Bytes  (Christoph Guentner) -> Jumping Bytes)
Task: {1D915986-CA90-4D97-B368-5FDEF41966A6} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {1E639B88-7427-4D46-BDE4-EED2D5F7C033} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe
Task: {1F508119-6274-4D8E-8ADA-6B93EAA85963} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {37892A5E-D1D4-452D-ADFE-6422BB2D4776} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {3B3F30A3-9CD8-4F03-B0DF-8C8B6A87E0C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {4426CA6A-6D63-4546-9887-23745332C150} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Alexander\Downloads\adwcleaner_8.0.8.exe [8447152 2021-01-04] (Malwarebytes Inc -> Malwarebytes)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {49F6C337-FA53-4D3B-843D-BED1B91BE776} - System32\Tasks\{54BA2233-CCFA-4261-A274-CCA9C78F9057} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.13.0.101/de/abandoninstall?page=tsProgressBar
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5DF044AA-F71D-465A-A02D-9661F829562B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {64942FCF-CA04-4B9F-93AF-EE4F9D5143C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {A1A1065C-53BB-44A2-AB31-FF1A14B21F33} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-30] (Garmin International, Inc. -> )
Task: {A22B84F6-6C73-4A07-B406-F3E8401D1215} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B94B5459-13C5-4CFC-AEFB-0D44C00DDBBA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D73272D8-6B30-42B4-9F86-9D193D236005} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DA7D7AEF-5F67-4FE5-A4B2-A48329BB6822} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {DC1F9E36-2BB2-4476-9905-DC43F652CE24} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {E61B52C4-BD2A-4CEF-99C4-F3F3234E3778} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {FCCFE89B-E986-4F5E-872C-78311469263D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5480B2BA-F1B7-4A2B-8A15-1DF39A453731}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{60341516-228f-4571-b28b-6a54ea39e1de}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{6f5fd123-17cc-41ab-880d-ba370803e490}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{819399cc-6cbd-46fa-85c8-6453fe863580}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{da847a6d-8b87-488d-8d74-945bab7d8180}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{eaaf18ef-cd74-4176-90b9-86a9fc005615}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ef76afab-0760-4a1b-b70f-36c9844b65b6}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKU\S-1-5-21-565462843-2377332638-636861087-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 Cloud Station Backup VSS Service x64; C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe [287256 2018-03-01] (Synology Inc. -> ) [File not signed]
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [352280 2019-03-06] (Synology Inc. -> ) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-14] (Macrovision Europe Ltd.) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1242696 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
R2 GPAService; C:\Program Files (x86)\Gira\Gira Project Assistant\Gira Project Assistant Service\Service.WindowsService.exe [9216 2020-04-29] (Gira Giersiepen GmbH & Co. KG) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [245688 2019-11-15] (Huawei Technologies Co., Ltd. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1705088 2020-05-12] (Rockstar Games, Inc. -> Rockstar Games)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29280 2018-06-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [384072 2013-10-09] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-08-08] (Synology Inc. -> ) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\NisSrv.exe [2599312 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe [128376 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-01-23] (AnchorFree Inc -> The OpenVPN Project)
S3 avmaudio; C:\WINDOWS\System32\DRIVERS\avmaudio.sys [116096 2012-07-14] (AVM Berlin) [File not signed]
S3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-08-05] (AVM Berlin) [File not signed]
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S3 fwlanusbn; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) [File not signed]
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-17] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [288864 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119400 2018-06-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 10:36 - 2021-05-17 10:36 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-17 10:36 - 2021-05-17 10:36 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-17 10:36 - 2021-05-17 10:36 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-17 10:36 - 2021-05-17 10:36 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-05-17 10:36 - 2021-05-17 10:36 - 000000000 ___DC C:\Users\Alexander\AppData\LocalLow\IGDump
2021-05-16 13:34 - 2021-05-16 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-05-16 12:55 - 2021-05-16 12:56 - 008534696 _____ (Malwarebytes) C:\Users\Alexander\Downloads\adwcleaner_8.2.exe
2021-05-16 12:53 - 2021-05-17 10:35 - 000038898 _____ C:\Users\Alexander\Downloads\Fixlog.txt
2021-05-16 12:53 - 2021-05-16 12:53 - 000000000 ____D C:\Users\Alexander\AppData\Local\PeerDistRepub
2021-05-15 20:26 - 2021-05-15 20:26 - 000000000 ____D C:\Users\Alexander\Downloads\FRST-OlderVersion
2021-05-15 09:02 - 2021-05-15 09:03 - 002052852 ____C C:\Users\Alexander\Documents\bookmarks_15.05.21.html
2021-05-13 20:03 - 2021-05-13 20:03 - 000009280 ____C C:\Users\Daniela\Desktop\malware.txt
2021-05-13 20:01 - 2021-05-13 20:01 - 000000000 ____D C:\Users\Daniela\AppData\Local\mbam
2021-05-13 18:40 - 2021-05-13 18:40 - 000010974 _____ C:\Users\Alexander\Downloads\Aenderungssscheck_5579350570682806442.pdf
2021-05-13 17:57 - 2021-05-13 18:08 - 000113050 _____ C:\Users\Alexander\Downloads\Shortcut.txt
2021-05-13 17:53 - 2021-05-15 20:26 - 002299392 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64 (1).exe
2021-05-13 13:22 - 2021-05-13 13:22 - 000000000 ____D C:\Users\Alexander\AppData\Local\mbam
2021-05-13 13:21 - 2021-05-13 13:21 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-13 13:21 - 2021-05-13 13:21 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-13 13:21 - 2021-05-13 13:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-13 13:20 - 2021-05-13 13:20 - 002078632 _____ (Malwarebytes) C:\Users\Alexander\Downloads\mbsetup.exe
2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngineLauncher
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\UnrealEngine
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\NVIDIA Corporation
2021-05-13 12:57 - 2021-05-13 12:57 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\EpicGamesLauncher
2021-05-13 12:51 - 2021-05-13 12:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\sp6_log
2021-05-13 12:20 - 2021-05-13 12:20 - 031412280 _____ (Piriform Software Ltd) C:\Users\Alexander\Downloads\ccsetup579.exe
2021-05-13 09:35 - 2021-05-13 09:35 - 000048980 _____ C:\Users\Alexander\Downloads\rkma.Nodes_.WindowControllerNode-1.0.29.zip
2021-05-13 08:59 - 2021-05-13 09:00 - 022337937 _____ C:\Users\Alexander\Downloads\Pegasus_E-Bikes_Betriebsanleitung_BOSCH Intuvia _MY2021_DE.pdf
2021-05-13 08:50 - 2021-05-13 08:50 - 004316080 _____ (Dominik Reichl ) C:\Users\Alexander\Downloads\KeePass-2.48.1-Setup.exe
2021-05-12 20:55 - 2021-05-12 20:56 - 022927958 _____ C:\Users\Alexander\Downloads\XiaomiADBFastbootTools (4).jar
2021-05-12 11:47 - 2021-05-12 11:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-12 11:47 - 2021-05-12 11:47 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-12 11:46 - 2021-05-12 11:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 11:46 - 2021-05-12 11:46 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 11:46 - 2021-05-12 11:46 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 11:46 - 2021-05-12 11:46 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 11:46 - 2021-05-12 11:46 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-12 11:46 - 2021-05-12 11:46 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-12 07:34 - 2021-05-12 07:34 - 000001474 _____ C:\Users\Alexander\Downloads\URLLink (20).acsm
2021-05-10 20:05 - 2021-05-10 20:05 - 000030113 _____ C:\Users\Alexander\Downloads\Impfquotenmonitoring (4).xlsx
2021-05-06 14:40 - 2021-05-06 14:40 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (5).pdf
2021-05-06 14:39 - 2021-05-06 14:39 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (2).pdf
2021-05-06 14:17 - 2021-05-06 14:17 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (4).pdf
2021-05-06 13:39 - 2021-05-06 13:39 - 004611099 _____ C:\Users\Alexander\Downloads\indego-400-100047627-original-pdf-344873-de-de.pdf
2021-05-06 13:38 - 2021-05-06 13:38 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB) (1).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (3).pdf
2021-05-06 13:36 - 2021-05-06 13:36 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (2).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008908282 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen.pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 008372691 _____ C:\Users\Alexander\Downloads\Anleitung Herunterladen (1).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 005733678 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 5,5 MB).pdf
2021-05-06 13:35 - 2021-05-06 13:35 - 004611099 _____ C:\Users\Alexander\Downloads\Herunterladen (PDF - 4,4 MB).pdf
2021-05-01 18:21 - 2021-05-01 18:21 - 014562150 _____ C:\WINDOWS\SysWOW64\a6d3737a-f1a4-40bd-ba3b-cab2eec8ba75.gproj
2021-05-01 18:07 - 2021-05-01 18:07 - 014562164 _____ C:\WINDOWS\SysWOW64\8153567d-4c64-4aca-9e59-c4eadc920168.gproj
2021-05-01 18:06 - 2021-05-01 18:06 - 014562198 _____ C:\WINDOWS\SysWOW64\ba0cf4c6-8abb-4ef3-836d-0027a2be1a15.gproj
2021-05-01 17:54 - 2021-05-01 17:54 - 014559759 _____ C:\WINDOWS\SysWOW64\716109be-b030-4168-926d-8f358e3462ce.gproj
2021-05-01 17:42 - 2021-05-01 17:42 - 014560960 _____ C:\WINDOWS\SysWOW64\206a6125-ca37-4ff1-bd34-26fa25967e3a.gproj
2021-05-01 17:30 - 2021-05-01 17:30 - 014553120 _____ C:\WINDOWS\SysWOW64\de74be2b-f678-4b01-804e-40c91755dcda.gproj
2021-05-01 17:22 - 2021-05-01 17:22 - 014547269 _____ C:\WINDOWS\SysWOW64\8f189782-fe33-4ea4-a0e4-9b1c9541efb8.gproj
2021-05-01 17:17 - 2021-05-01 17:17 - 014547335 _____ C:\WINDOWS\SysWOW64\8b5bc60a-7c14-4d40-aaf4-5a8ca818ff66.gproj
2021-05-01 17:15 - 2021-05-01 17:15 - 014547369 _____ C:\WINDOWS\SysWOW64\891c0700-7ff2-4bfb-9d77-14a9740a5e3f.gproj
2021-05-01 17:08 - 2021-05-01 17:08 - 014547263 _____ C:\WINDOWS\SysWOW64\6a86d4bc-d366-4ce9-b851-4e16ae88ed96.gproj
2021-05-01 17:05 - 2021-05-01 17:05 - 014545033 _____ C:\WINDOWS\SysWOW64\300e5685-c2e8-4534-a90c-0d99c7ee4f62.gproj
2021-05-01 15:49 - 2021-05-01 15:49 - 000141876 _____ C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba.zip
2021-05-01 15:49 - 2021-05-01 15:49 - 000000000 ____D C:\Users\Alexander\Downloads\torsten_kaeker_gmail_com.Logic_.Nodes_.BinaryWatcher-1.0.46-xleoba
2021-05-01 15:20 - 2021-05-01 15:20 - 014714494 _____ C:\WINDOWS\SysWOW64\923d93eb-517b-40e4-b539-e5242aaf63d0.gproj
2021-05-01 15:20 - 2021-05-01 15:20 - 014389004 _____ C:\WINDOWS\SysWOW64\f63315e3-5003-4437-a614-06f6f43086f7.gproj
2021-05-01 12:38 - 2021-05-01 12:38 - 000614448 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin
2021-05-01 12:37 - 2021-05-01 12:37 - 000438957 _____ C:\Users\Alexander\Downloads\tasmota-DE.bin.gz
2021-05-01 11:22 - 2021-05-01 11:22 - 014389503 _____ C:\WINDOWS\SysWOW64\0f085712-de48-4617-ae9a-5c7980ad6bf5.gproj
2021-05-01 11:13 - 2021-05-01 11:13 - 019694741 _____ C:\Users\Alexander\Downloads\2021_05_01_Zimmerhofer.knxproj
2021-04-28 20:50 - 2021-04-28 20:50 - 000394029 ____C C:\Users\Alexander\Desktop\zeitaufgaben_volle_stunde_1.pdf
2021-04-28 20:38 - 2021-04-28 20:38 - 001387849 _____ C:\Users\Alexander\Desktop\Zirkus_Abschreibkartei_Druck.pdf
2021-04-28 20:37 - 2021-04-28 20:37 - 001238257 _____ C:\Users\Alexander\Desktop\Dominos_Uhrzeiten.pdf
2021-04-28 20:35 - 2021-04-28 20:35 - 000935475 _____ C:\Users\Alexander\Desktop\AB_Tag_24 Stunden.pdf
2021-04-25 14:54 - 2021-04-25 15:03 - 004228506 ____C C:\Users\Alexander\Desktop\IMG_6715.mp4
2021-04-24 19:41 - 2021-04-24 19:41 - 014362110 _____ C:\WINDOWS\SysWOW64\c853b3f9-927f-4f9d-bfe5-bbb2449a0134.gproj
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ___DC C:\Users\Alexander\Documents\PDFsam Enhanced Files
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Daniela\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\PDFsam Enhanced 7
2021-04-24 08:51 - 2021-04-24 08:51 - 000000000 ____D C:\spellings
2021-04-24 08:49 - 2021-04-24 08:49 - 000000000 ____D C:\ProgramData\PDFsam Basic
2021-04-24 08:48 - 2021-04-24 08:49 - 020694304 _____ (Andrea Vacondio) C:\Users\Alexander\Downloads\PDFsam_Basic_4_Installer (1).exe
2021-04-23 20:08 - 2021-04-23 20:08 - 000339381 _____ C:\Users\Alexander\Downloads\7002011317.pdf
2021-04-23 20:06 - 2021-04-23 20:06 - 000087229 _____ C:\Users\Alexander\Downloads\7002011311.pdf
2021-04-23 14:12 - 2021-04-23 14:12 - 000096265 _____ C:\Users\Alexander\Downloads\Label-9699617009.pdf
2021-04-23 13:11 - 2021-04-23 13:11 - 000252893 ____C C:\Users\Alexander\Documents\9699617009.pdf
2021-04-20 14:13 - 2021-04-20 14:13 - 000182225 _____ C:\Users\Daniela_2\Downloads\sormas Notgruppe 4.xlsx
2021-04-20 09:23 - 2021-04-20 09:23 - 000871637 _____ C:\Users\Alexander\Downloads\Impfdokumentation (3).pdf
2021-04-19 22:51 - 2021-04-19 22:51 - 000044017 ____C C:\Users\Alexander\Desktop\Impfzentrum Bonn.pdf
2021-04-19 12:42 - 2021-04-19 12:42 - 000019628 _____ C:\Users\Alexander\Downloads\germany_vaccinations_timeseries_v2.tsv
2021-04-19 12:41 - 2021-04-19 12:41 - 000018588 _____ C:\Users\Alexander\Downloads\germany_deliveries_timeseries_v2.tsv
2021-04-19 10:21 - 2021-04-19 10:21 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-19 10:03 - 2021-04-19 10:03 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-04-19 07:56 - 2021-04-19 07:56 - 000842910 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2)_Ute.pdf
2021-04-19 07:38 - 2021-04-19 07:38 - 000870299 _____ C:\Users\Alexander\Downloads\Impfdokumentation (2).pdf
2021-04-19 07:37 - 2021-04-19 07:37 - 000835570 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1)_Carlo.pdf
2021-04-19 07:36 - 2021-04-19 07:36 - 000862959 _____ C:\Users\Alexander\Downloads\Impfdokumentation (1).pdf
2021-04-18 16:36 - 2021-04-18 16:36 - 007505263 _____ C:\Users\Alexander\Downloads\20693710.pdf
2021-04-18 16:27 - 2021-04-18 16:27 - 014362447 _____ C:\WINDOWS\SysWOW64\e24cf558-316e-4022-9189-974973802dac.gproj
2021-04-18 15:33 - 2021-04-18 15:33 - 000039424 ____C C:\Users\Daniela_2\Desktop\Notgruppe4.xls
2021-04-18 09:54 - 2021-04-18 09:54 - 001871048 _____ C:\Users\Alexander\Desktop\MDT_THB_SCN_02_Bewegungsmelder_Automatik_Schalter_55_63.pdf
2021-04-18 09:53 - 2021-04-18 09:53 - 000416540 _____ C:\Users\Alexander\Desktop\MDT_AOI_Motion_Detector_Automatic_Switch_55_02.pdf
2021-04-17 18:47 - 2021-05-17 10:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-17 18:37 - 2021-04-17 18:37 - 103052437 _____ C:\Users\Alexander\Downloads\tks-ip-gateway_05.04.00.08 (1).zip
2021-04-17 15:46 - 2021-04-17 15:46 - 014362389 _____ C:\WINDOWS\SysWOW64\0d9754c3-2270-4de6-8638-187a4d6ecda7.gproj
2021-04-17 14:53 - 2021-04-17 14:53 - 000001603 _____ C:\Users\Daniela_2\Downloads\URLLink (24).acsm
2021-04-17 14:48 - 2021-04-17 14:48 - 000001620 _____ C:\Users\Daniela_2\Downloads\URLLink (23).acsm
2021-04-17 11:45 - 2021-04-17 11:45 - 000017432 _____ C:\Users\Alexander\Downloads\Download.CSV
2021-04-17 11:10 - 2021-04-17 11:10 - 000001561 _____ C:\Users\Daniela_2\Downloads\URLLink (22).acsm
2021-04-17 10:03 - 2021-04-17 10:03 - 000144775 ____C C:\Users\Alexander\Desktop\formular_kontaktpersonen_pflegende_angehoerige_und_schwangere_beschreibbar.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 10:40 - 2015-04-05 09:49 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CrashDumps
2021-05-17 10:39 - 2021-01-04 12:14 - 000025471 _____ C:\Users\Alexander\Downloads\FRST.txt
2021-05-17 10:39 - 2021-01-04 12:14 - 000000000 ____D C:\FRST
2021-05-17 10:36 - 2020-11-12 23:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-17 10:36 - 2020-11-12 23:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-17 10:36 - 2020-01-04 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-17 10:36 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-17 10:36 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-17 10:36 - 2019-01-27 12:27 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\KeePass
2021-05-17 10:36 - 2016-06-17 21:17 - 000000000 __SHD C:\Users\Alexander\IntelGraphicsProfiles
2021-05-17 10:36 - 2013-12-06 17:22 - 000000000 ___RD C:\Users\Alexander\Gemeinsame Cloudstation
2021-05-17 10:36 - 2013-04-11 21:58 - 000000000 ___RD C:\Users\Alexander\CloudStation
2021-05-17 10:36 - 2013-04-11 21:57 - 000000000 ___DC C:\Users\Alexander\AppData\Local\CloudStation
2021-05-17 10:36 - 2013-01-06 14:27 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-17 10:35 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-05-17 10:35 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-17 10:32 - 2019-12-07 16:51 - 000741324 _____ C:\WINDOWS\system32\perfh007.dat
2021-05-17 10:32 - 2019-12-07 16:51 - 000160032 _____ C:\WINDOWS\system32\perfc007.dat
2021-05-17 10:31 - 2020-01-04 19:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-17 10:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-05-17 10:31 - 2016-12-27 15:40 - 000000000 ___DC C:\Users\Alexander\AppData\LocalLow\Mozilla
2021-05-17 10:31 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-05-16 13:40 - 2020-11-12 23:37 - 001916338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-16 13:34 - 2020-01-04 19:04 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-16 13:27 - 2021-01-04 12:17 - 000072280 _____ C:\Users\Alexander\Downloads\Addition.txt
2021-05-16 13:07 - 2020-11-12 23:38 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-05-16 13:07 - 2020-11-12 23:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-16 13:07 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-16 13:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-15 20:24 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-15 20:23 - 2014-09-26 21:10 - 000000000 _SHDC C:\Users\Daniela\AppData\Local\EmieUserList
2021-05-15 20:23 - 2014-09-26 21:10 - 000000000 _SHDC C:\Users\Daniela\AppData\Local\EmieSiteList
2021-05-15 20:23 - 2012-07-15 21:11 - 000000000 ____D C:\Program Files (x86)\Google
2021-05-15 20:22 - 2018-05-30 22:35 - 000000000 ___DC C:\Users\Daniela\AppData\Local\Google
2021-05-15 09:14 - 2012-08-13 19:59 - 000000000 ___DC C:\Users\Alexander\Documents\Outlook-Dateien
2021-05-15 09:07 - 2017-05-31 22:04 - 000000348 _____ C:\WINDOWS\BRRBCOM.INI
2021-05-15 08:46 - 2020-06-25 15:37 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-15 08:46 - 2020-06-25 15:37 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-15 08:46 - 2020-06-25 15:37 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-13 20:06 - 2012-07-14 10:48 - 000000000 ___DC C:\Users\Daniela\AppData\Roaming\Notepad++
2021-05-13 20:02 - 2015-05-23 06:32 - 000000000 ___DC C:\Users\Daniela\AppData\Local\CrashDumps
2021-05-13 19:58 - 2015-05-23 06:09 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\CrashDumps
2021-05-13 19:58 - 2013-12-06 17:44 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\CloudStation
2021-05-13 19:52 - 2020-03-30 19:23 - 000000000 ____D C:\Users\Daniela_2\AppData\Local\WebEx
2021-05-13 19:51 - 2020-03-30 19:23 - 000000000 ____D C:\Users\Daniela_2\AppData\Roaming\webex
2021-05-13 19:37 - 2013-12-06 17:46 - 000000000 ___RD C:\Users\Daniela_2\Gemeinsame CloudStation
2021-05-13 19:37 - 2013-12-06 17:45 - 000000000 ___RD C:\Users\Daniela_2\CloudStation
2021-05-13 19:36 - 2016-06-18 06:55 - 000000000 __SHD C:\Users\Daniela_2\IntelGraphicsProfiles
2021-05-13 14:01 - 2014-11-24 20:24 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-13 13:51 - 2020-11-12 23:26 - 002806440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-13 13:21 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-13 13:02 - 2019-02-17 17:49 - 000000000 ____D C:\Program Files (x86)\iMobie
2021-05-13 12:58 - 2019-06-09 08:21 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-05-13 12:58 - 2017-01-10 22:18 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2021-05-13 12:57 - 2018-11-25 20:12 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\D3DSCache
2021-05-13 12:52 - 2012-08-17 20:07 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-13 12:51 - 2016-09-22 03:30 - 000000000 ____D C:\Program Files\Common Files\logishrd
2021-05-13 12:51 - 2016-03-26 13:57 - 000000000 ____D C:\ProgramData\Logishrd
2021-05-13 12:46 - 2019-08-07 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-13 12:45 - 2020-03-25 21:52 - 000000000 ____D C:\Program Files (x86)\AntiTwin
2021-05-13 12:44 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Packages
2021-05-13 12:23 - 2019-06-09 09:57 - 000000000 ____D C:\temp
2021-05-13 12:16 - 2016-02-21 17:48 - 000000000 ____D C:\ProgramData\Apple Computer
2021-05-13 12:14 - 2016-06-17 21:19 - 000000000 ___RD C:\Users\Alexander\OneDrive
2021-05-13 08:52 - 2019-01-27 12:26 - 000001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2021-05-13 08:52 - 2019-01-27 12:26 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2021-05-13 08:44 - 2016-06-18 06:44 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-13 08:33 - 2012-08-07 10:00 - 000000000 ___DC C:\Users\Daniela_2\Documents\Outlook-Dateien
2021-05-12 12:15 - 2020-08-14 17:10 - 000000000 ___DC C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gira
2021-05-12 12:15 - 2019-08-07 21:42 - 000000000 ____D C:\Program Files (x86)\Gira
2021-05-12 12:11 - 2021-04-02 11:28 - 000000000 ____D C:\Program Files\GrafanaLabs
2021-05-12 12:07 - 2014-07-12 17:09 - 000000000 ___DC C:\Users\Alexander\AppData\Local\Skype
2021-05-12 12:07 - 2012-07-14 10:37 - 000000000 ____D C:\ProgramData\Skype
2021-05-12 11:55 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-12 11:49 - 2019-12-07 16:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 11:49 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-12 11:49 - 2019-12-07 16:52 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-12 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 11:36 - 2020-11-11 20:48 - 000000000 ___HD C:\$WinREAgent
2021-05-12 11:34 - 2013-07-21 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 11:24 - 2012-07-14 10:20 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 07:32 - 2020-11-12 23:38 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-565462843-2377332638-636861087-1002
2021-05-11 07:32 - 2020-11-12 23:28 - 000002427 ____C C:\Users\Daniela_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-11 07:32 - 2016-06-18 06:56 - 000000000 ___RD C:\Users\Daniela_2\OneDrive
2021-05-10 20:24 - 2019-04-20 21:56 - 000000000 ____D C:\Users\Daniela_2\AppData\Roaming\KeePass
2021-05-10 14:03 - 2018-05-30 22:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-02 20:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Daniela_2
2021-05-02 09:33 - 2013-04-11 22:17 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\vlc
2021-05-01 22:28 - 2020-11-12 23:28 - 000000000 ____D C:\Users\Alexander
2021-05-01 12:52 - 2021-03-04 20:41 - 000000000 ____D C:\Program Files\PDFsam Basic
2021-04-30 10:22 - 2020-10-01 15:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-30 09:13 - 2018-01-18 20:37 - 000000000 ___DC C:\Users\Daniela_2\AppData\Local\Packages
2021-04-26 07:44 - 2020-11-28 10:08 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b93b6516950a
2021-04-26 07:44 - 2020-11-12 23:38 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-24 09:02 - 2012-07-15 21:14 - 000000000 ___DC C:\Users\Alexander\AppData\Roaming\Adobe
2021-04-23 19:36 - 2015-09-01 05:57 - 000000000 ___RD C:\Users\Daniela_2\Dropbox
2021-04-22 14:54 - 2020-11-12 23:38 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-22 14:54 - 2020-11-12 23:38 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-19 10:21 - 2020-11-12 23:27 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-19 10:03 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-18 15:33 - 2021-02-22 17:21 - 000039424 _____ C:\Users\Daniela_2\Downloads\Notgruppe Wechselunterricht 4.xls
2021-04-17 14:53 - 2012-07-31 09:01 - 000000000 ___DC C:\Users\Daniela_2\Documents\My Digital Editions

==================== Files in the root of some directories ========

2021-05-13 13:01 - 2021-05-13 13:01 - 000007647 _____ () C:\Users\Daniela\AppData\Local\Resmon.ResmonCfg
2016-12-11 21:15 - 2016-12-11 21:15 - 000000000 ____C () C:\Users\Daniela\AppData\Local\{E34785DD-D791-45FC-BB3D-4F10309E5D2D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---

--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:25 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19