Suddenly high CPU usage (UtcSvc, Windows Driver Foundation); Defender problem

Suddenly high CPU usage (UtcSvc, Windows Driver Foundation); Defender problem

#1 X3nion

X3nion


  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted Yesterday, 05:52 PM

Hey, I'm new to this community and happy to be a part of it! I've already introduced myself in the "Introductions" section.

I've got two problems:

1) My laptop running Windows 11 has become very slow due to the "Service Host: UtcSvc, Connected User Experience and Telemetry" with permanently CPU usage of 30%. Additionally, sometimes the service "Windows Driver Foundation" appears and slows down my system as well.

I did a scan with Malwarebytes, it didn't find anything. However, RogueKiller found inter alia a "PUM.Proxy". I don't know whether everything has something to do with the iPhone recovery tool "Tenorshare Reiboot" I installed but didn't use, as I found out that this could be a scam software. However, other sources say that it isn't considered as harmful. All in all, I deleted it.

2) Furthermore, I cannot activate the memory integrity of the Windows Defender due to the drivers "ftdibus.sys" appearing three times in the incompatible driver section.

I'd be grateful if you could help me check my system for viruses/malware and so on and if there exists some, help me getting rid of them!

Kind regards,

X3nion

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2025
Ran by DELL (administrator) on DESKTOP-FLR7RSH (Dell Inc. Latitude 7370) (08-05-2025 00:39:28)
Running from C:\Users\DELL\Desktop\Thread\FRST64English.exe
Loaded Profiles: DELL
Platform: Microsoft Windows 11 Pro Version 22H2 22621.4317 (X64) Language: Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (ALPS ALPINE CO.,LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\Program Files\Google\Drive File Stream\107.0.3.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\107.0.3.0\crashpad_handler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> ) C:\Program Files\Malwarebytes\Anti-Malware\MBAMCrashHandler.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxEM.exe
(explorer.exe ->) (Google LLC -> Google LLC.) C:\Program Files\Google\Drive File Stream\107.0.3.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2501.31.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <42>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
(services.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
(services.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
(services.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_141eb88527011137\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d0b39b11619fd0c4\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d0b39b11619fd0c4\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\UshUpgradeService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Windows\System32\HostControlService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Windows\System32\HostStorageService.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Sierra Wireless, Inc -> Sierra Wireless, Inc.) C:\Windows\Sierra Wireless Inc\bin\SwiService.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25032.52.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2517.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudOutlookConfig64.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.27777.1008.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mmgaserver.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\10.0.27777.1008-0\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [767480 2021-09-02] (ALPS ALPINE CO.,LTD. -> ALPSALPINE Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230280 2017-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489384 2017-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2265104 2024-08-01] (voidtools -> voidtools)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [384808 2024-12-23] (Expressco Services LLC -> ExpressVPN)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\107.0.3.0\GoogleDriveFS.exe [65821280 2025-04-23] (Google LLC -> Google LLC.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\107.0.3.0\GoogleDriveFS.exe [65821280 2025-04-23] (Google LLC -> Google LLC.)
HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\107.0.3.0\GoogleDriveFS.exe [65821280 2025-04-23] (Google LLC -> Google LLC.)
HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (No File)
HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\Run: [MicrosoftEdgeAutoLaunch_6B770857D9B81538FA9524CBB2D560C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045880 2025-05-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\Run: [ExpressVPN] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [855336 2024-12-23] (Expressco Services LLC -> ExpressVPN)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\107.0.3.0\GoogleDriveFS.exe [65821280 2025-04-23] (Google LLC -> Google LLC.)
HKLM\...\Windows x64\Print Processors\Canon TS6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDEO.DLL [482816 2018-07-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS9500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDER.DLL [529408 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6200 series: C:\WINDOWS\system32\CNMLMEO.DLL [1303040 2018-07-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS9500 series: C:\WINDOWS\system32\CNMLMER.DLL [950272 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\FRITZ!fax Color Port Monitor: C:\WINDOWS\system32\FritzColorPort64.dll [20480 2006-02-23] () [File not signed]
HKLM\...\Print\Monitors\FRITZ!fax Port Monitor: C:\WINDOWS\system32\FritzPort64.dll [20480 2006-02-22] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.116\Installer\chrmstp.exe [2025-05-01] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltraSearch.lnk [2024-08-13]
ShortcutTarget: UltraSearch.lnk -> C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe (JAM Software GmbH -> JAM Software)
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wsl.exe.lnk [2023-03-03]
ShortcutTarget: wsl.exe.lnk -> C:\Windows\System32\wsl.exe (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {56C0E9D4-5FF8-4800-9528-E6B474C9E327} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {1C088204-91D7-42CE-9FB8-BBB904E50CA8} - System32\Tasks\cron => C:\Windows\System32\wsl.exe [200704 2024-06-27] (Microsoft Windows -> Microsoft Corporation)
Task: {9B21F81D-8914-4ECF-BD3F-CAF0C44E6341} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7156.0{444BE4D4-3E4C-4459-BACF-68FB4D1193EF} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe [7096416 2025-05-02] (Google LLC -> Google LLC)
Task: {E6980EEB-29B1-4C76-A429-73F9121BB48E} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE6BED0E-F266-4E36-80E4-FFC32B20F371} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A838DD24-EA2E-4CB6-98C5-E08A9C16EA24} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {57681E76-AAC1-4EBC-9DA1-17B71AC5BB56} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68344 2025-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {DAAAB4D2-618C-43BB-A423-6D3469C0B6A9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD357957-83B3-4567-AB7F-14BA7CE158FB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {81510B79-FBE4-42D6-9D11-0FECBA5D62F5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D95F1D5-BB79-49A1-8556-1E474C30663F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [213216 2025-05-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {CAB898C9-2EB7-4D1B-9872-23979FCB5C82} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {56AB6536-F726-41D0-9524-A2A256A6C9C2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {EFF4A8D7-E1CA-40DF-B699-BC125A0C46A0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {D39894DC-F56D-416F-A1E2-A01DA99D7E2A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {B3EE11FC-DF5C-4187-8CAC-DCEA112C13B4} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4188264911-3070158168-183260160-1002 => C:\Users\DELL\AppData\Local\Microsoft\OneDrive\25.065.0406.0002\OneDriveLauncher.exe [679232 2025-05-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4A75A80-08D5-4DDF-81E6-7528D6A31240} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489384 2017-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {5B10C080-2EEB-46B5-A2F9-D9ABD30F4FBF} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-4188264911-3070158168-183260160-1002 => C:\Users\DELL\AppData\Roaming\Zoom\bin\Zoom.exe [434488 2025-03-08] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4188264911-3070158168-183260160-1002] => http=127.0.0.1:8888;https=127.0.0.1:8888
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{30ed16cb-6eb1-4ae9-8971-c1af6465e341}: [DhcpNameServer] 10.30.128.1
Tcpip\..\Interfaces\{53439dba-5d82-482d-b110-ab9f1e337e23}: [DhcpNameServer] 10.30.128.1
Tcpip\..\Interfaces\{9f570ee7-188e-42b0-8e0e-9fc1014df8c1}: [NameServer] 100.64.100.1
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}\64B4B40234C65726: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}\64B4B40234C65726: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}\74C65696370293: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}\74C65696370293: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}\960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}\D4167656E6471675C414E4D2333525B4: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{cd1f2afe-fce5-4bdd-be78-dca0869f7398}\D4167656E6471675C414E4D2333525B4: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{fb9199cb-b79b-49d1-8c36-4cf47cbe360e}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{fb9199cb-b79b-49d1-8c36-4cf47cbe360e}: [DhcpDomain] fritz.box

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-06]
Edge Extension: (Google Docs Offline) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-01]
Edge Extension: (Edge relevant text changes) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-04-18]

FireFox:
========
FF DefaultProfile: 08x1q7h1.default
FF ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\tvktevs8.Test [2025-02-11]
FF ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\08x1q7h1.default [2022-07-18]
FF ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0wam7xn9.default-release-1714733047451 [2025-05-07]
FF NetworkProxy: Mozilla\Firefox\Profiles\0wam7xn9.default-release-1714733047451 -> backup.ssl", "192.168.178.26"
FF Extension: (Tab Session Manager) - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0wam7xn9.default-release-1714733047451\Extensions\Tab-Session-Manager@sienori.xpi [2025-04-08]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default [2025-03-13]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-02-09]
CHR Extension: (Tab Session Manager) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiomicjabeggjcfkbimgmglanimpnae [2024-06-07]
CHR Extension: (Anwendungs-Launcher für Drive (von Google)) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-04-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-10]
CHR HKU\S-1-5-21-4188264911-3070158168-183260160-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-4188264911-3070158168-183260160-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [114976 2021-09-02] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144784 2018-04-18] (Canon Inc. -> CANON INC.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13824208 2025-04-27] (Microsoft Corporation -> Microsoft Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2265104 2024-08-01] (voidtools -> voidtools)
R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [440616 2024-12-23] (Expressco Services LLC -> ExpressVPN)
R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [440616 2024-12-23] (Expressco Services LLC -> ExpressVPN)
R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [440616 2024-12-23] (Expressco Services LLC -> ExpressVPN)
R2 hostcontrolsvc; C:\WINDOWS\System32\HostControlService.exe [824424 2019-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 hoststoragesvc; C:\WINDOWS\System32\HostStorageService.exe [170088 2019-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [446328 2023-09-13] (Canon Inc. -> )
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123320 2024-07-11] (The Document Foundation -> The Document Foundation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9440168 2025-05-07] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-05-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530448 2024-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SwiService; C:\WINDOWS\Sierra Wireless Inc\bin\SwiService.exe [1630184 2018-01-30] (Sierra Wireless, Inc -> Sierra Wireless, Inc.)
R2 ushupgradesvc; C:\WINDOWS\System32\UshUpgradeService.exe [274536 2019-12-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\WINDOWS\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\ax88772.sys [116736 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
S3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [58632 2019-12-16] (Broadcom Corporation -> Broadcom Corporation.)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-11-23] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2024-12-23] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [56552 2023-02-06] (Express VPN International Ltd. -> ExpressVPN)
R2 googledrivefs31626; C:\Program Files\Google\Drive File Stream\Drivers\31626\googledrivefs31626.sys [384096 2024-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-15] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\Drivers\farflt11.sys [241872 2025-05-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80984 2025-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [242752 2025-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188232 2025-05-07] (Malwarebytes Inc -> Malwarebytes)
R3 swmbbser05; C:\WINDOWS\system32\DRIVERS\swmbbser05.sys [296488 2018-02-02] (Sierra Wireless, Inc -> Sierra Wireless Incorporated)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2023-02-06] (ExprsVPN LLC -> The OpenVPN Project)
S3 UsbNcm; C:\WINDOWS\System32\drivers\UsbNcm.sys [167936 2024-04-20] (Microsoft Windows -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20016 2025-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [605576 2025-04-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-15] (Microsoft Windows -> Microsoft Corporation) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2025-05-08 00:37 - 2025-05-08 00:39 - 000000000 ____D C:\Users\DELL\Desktop\Thread 2025-05-07 23:29 - 2025-05-07 23:30 - 038303808 _____ C:\Users\DELL\Downloads\RogueKiller_portable64(1).exe 2025-05-07 23:27 - 2025-05-07 23:27 - 000001657 _____ C:\Users\DELL\Downloads\Malwarebytes Scan-Bericht 2025-05-07 211429.txt 2025-05-07 23:10 - 2025-05-07 23:10 - 000241872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys 2025-05-07 23:10 - 2025-05-07 23:10 - 000188232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2025-05-07 23:09 - 2025-05-08 00:40 - 000000000 ____D C:\Users\DELL\AppData\Local\Malwarebytes 2025-05-07 23:09 - 2025-05-07 23:09 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2025-05-07 23:09 - 2025-05-07 23:09 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2025-05-07 23:07 - 2025-05-07 23:07 - 009568256 _____ (Malwarebytes) C:\Users\DELL\Downloads\adwcleaner(1).exe 2025-05-07 23:07 - 2025-05-07 23:07 - 000000000 ____D C:\ProgramData\Malwarebytes 2025-05-07 23:07 - 2025-05-07 23:07 - 000000000 ____D C:\Program Files\Malwarebytes 2025-05-07 23:06 - 2025-05-07 23:06 - 002827496 _____ (Malwarebytes) C:\Users\DELL\Downloads\MBSetup(3).exe 2025-05-06 17:39 - 2025-05-06 17:39 - 000723674 _____ C:\WINDOWS\system32\perfh007.dat 2025-05-06 17:39 - 2025-05-06 17:39 - 000149714 _____ C:\WINDOWS\system32\perfc007.dat 2025-05-06 17:28 - 2025-05-08 00:31 - 000000000 ____D C:\Users\DELL\Desktop\Bereinigung 2025-05-06 17:28 - 2025-05-06 17:28 - 000000000 ____D C:\Users\DELL\Downloads\Neuer Ordner (2) 2025-05-04 23:32 - 2025-05-04 23:32 - 000001292 _____ C:\Users\DELL\Downloads\DESKTOP-FLR7RSH.C21FAA7C-8555-2A44-BC54-43FFB5CA8CC5.mobileconfig 2025-05-04 22:56 - 2025-05-05 00:20 - 000000000 ____D C:\Users\DELL\AppData\Roaming\iMazing 2025-05-04 22:56 - 2025-05-04 23:20 - 000000000 ____D C:\Users\DELL\AppData\Local\DigiDNA 2025-05-04 22:51 - 2025-05-04 22:51 - 000000000 ____D C:\Program Files\iPod 2025-05-04 22:50 - 2025-05-04 22:50 - 000000000 ____D C:\Program Files\Bonjour 2025-05-04 22:50 - 2025-05-04 22:50 - 000000000 ____D C:\Program Files (x86)\Bonjour 2025-05-04 22:39 - 2025-05-04 22:39 - 000001870 _____ C:\Users\Public\Desktop\iMazing.lnk 2025-05-04 22:39 - 2025-05-04 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing 2025-05-04 22:39 - 2025-05-04 22:39 - 000000000 ____D C:\ProgramData\DigiDNA 2025-05-04 22:36 - 2025-05-04 22:36 - 000000000 ____D C:\Program Files\DigiDNA 2025-05-04 22:14 - 2025-05-04 22:14 - 000000000 ____D C:\Tenorshare 2025-05-04 14:44 - 2025-05-04 14:46 - 199341360 _____ (DigiDNA ) C:\Users\DELL\Downloads\iMazing3forWindows.exe 2025-05-04 14:38 - 2025-05-04 14:38 - 000000000 ____D C:\Users\DELL\Downloads\1832 2025-05-04 14:37 - 2025-05-04 23:00 - 000000000 ____D C:\Users\DELL\Downloads\183 2025-05-04 14:37 - 2025-05-04 14:37 - 000000000 ____D C:\Users\DELL\Downloads\1831 2025-05-04 13:28 - 2025-05-04 13:28 - 000000000 ____D C:\Users\DELL\.openjfx 2025-05-04 13:27 - 2025-05-04 13:27 - 000000884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\blobsaver.lnk 2025-05-04 13:27 - 2025-05-04 13:27 - 000000872 _____ C:\Users\Public\Desktop\blobsaver.lnk 2025-05-04 13:27 - 2025-05-04 13:27 - 000000000 ____D C:\Program Files\blobsaver 2025-05-04 13:26 - 2025-05-04 13:26 - 045554213 _____ (airsquared ) C:\Users\DELL\Downloads\blobsaver-3.6.0.exe 2025-05-02 23:54 - 2025-05-02 23:54 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Apple 2025-05-02 23:21 - 2025-05-04 22:57 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Apple Computer 2025-05-02 23:20 - 2025-05-02 23:20 - 000000000 ____D C:\Users\DELL\AppData\Roaming\TSMonitor 2025-05-02 23:17 - 2025-05-04 22:14 - 000000000 ____D C:\Program Files (x86)\Tenorshare ReiBoot 2025-05-02 23:15 - 2025-05-02 23:15 - 073106528 _____ (Tenorshare ) C:\Users\DELL\Downloads\reiboot_11746220508479024601.exe 2025-05-02 23:10 - 2025-05-02 23:10 - 002959824 _____ C:\Users\DELL\Downloads\wootechy-imaster_setup.exe 2025-05-02 11:07 - 2025-05-06 17:30 - 000000000 ____D C:\Program Files\Mozilla Firefox 2025-05-01 17:02 - 2025-05-01 17:02 - 000000000 ____D C:\Users\DELL\Apple 2025-04-22 19:19 - 2025-05-07 23:52 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2025-04-20 17:59 - 2025-04-20 17:59 - 000078122 _____ C:\Users\DELL\Downloads\Rechnung_Entwurf_enderle_Veranstaltungstechnik_2025-04-20-3.pdf 2025-04-20 17:58 - 2025-04-20 17:58 - 000072133 _____ C:\Users\DELL\Downloads\Rechnung_Entwurf_enderle_Veranstaltungstechnik_2025-04-20-2.pdf 2025-04-20 17:57 - 2025-04-20 17:57 - 000070817 _____ C:\Users\DELL\Downloads\Rechnung_Entwurf_enderle_Veranstaltungstechnik_2025-04-20-1.pdf 2025-04-20 17:36 - 2025-04-20 17:36 - 000061312 _____ C:\Users\DELL\Downloads\Rechnung_Entwurf_enderle_Veranstaltungstechnik_2025-04-20.pdf 2025-04-20 17:33 - 2025-04-20 17:33 - 000055081 _____ C:\Users\DELL\Downloads\vorlage_rechnung.pdf 2025-04-16 19:45 - 2025-04-16 19:45 - 000479825 _____ C:\Users\DELL\Documents\IMG_20250416_0003.pdf 2025-04-16 19:45 - 2025-04-16 19:45 - 000476751 _____ C:\Users\DELL\Documents\Erste Rechnung_20250416_0001.pdf 2025-04-16 19:22 - 2025-04-16 19:22 - 000471070 _____ C:\Users\DELL\Documents\IMG_20250416_0001.pdf 2025-04-16 19:22 - 2025-04-16 19:22 - 000468973 _____ C:\Users\DELL\Documents\Erste Rechnung unterschrieben_20250416_0001.pdf 2025-04-08 16:28 - 2025-04-08 16:28 - 000002599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSL.lnk 2025-04-08 16:28 - 2025-04-08 16:28 - 000002546 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSL Settings.lnk 2025-04-08 16:28 - 2025-04-08 16:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2025-04-08 16:27 - 2025-04-08 16:28 - 000000000 ____D C:\Program Files\WSL ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2025-05-08 00:40 - 2024-07-28 14:09 - 000000000 ____D C:\FRST 2025-05-08 00:38 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2025-05-08 00:26 - 2024-08-01 00:14 - 000016575 _____ C:\Users\DELL\Downloads\RogueKiller.txt 2025-05-07 23:58 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps 2025-05-07 23:58 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2025-05-07 23:57 - 2022-07-12 15:29 - 000000000 ___SD C:\Users\DELL\AppData\Roaming\Microsoft\Credentials 2025-05-07 23:52 - 2022-07-18 17:44 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2025-05-07 23:50 - 2022-11-22 16:41 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2025-05-07 23:50 - 2022-07-18 17:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2025-05-07 23:50 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2025-05-07 23:10 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF 2025-05-07 23:09 - 2022-07-12 15:29 - 000000000 ____D C:\Users\DELL\AppData\Local\Packages 2025-05-07 23:09 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2025-05-07 23:09 - 2020-07-24 13:35 - 000000000 ____D C:\ProgramData\Packages 2025-05-07 00:04 - 2022-11-24 00:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2025-05-06 17:43 - 2023-01-06 02:23 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2025-05-06 17:42 - 2023-01-06 02:23 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2025-05-06 17:42 - 2023-01-06 02:23 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2025-05-06 17:39 - 2022-11-24 00:44 - 001662892 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2025-05-06 17:31 - 2022-07-12 15:29 - 000000000 __SHD C:\Users\DELL\IntelGraphicsProfiles 2025-05-06 17:31 - 2021-01-19 09:10 - 000175043 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt 2025-05-06 17:31 - 2020-07-24 14:28 - 000000000 ____D C:\Program Files\Microsoft Office 2025-05-06 17:30 - 2022-11-24 00:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2025-05-06 17:30 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState 2025-05-06 17:30 - 2022-05-07 07:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2025-05-06 17:30 - 2021-01-19 09:08 - 000000000 ____D C:\Intel 2025-05-06 17:30 - 2020-07-24 13:20 - 000012288 ___SH C:\DumpStack.log.tmp 2025-05-06 17:29 - 2022-11-24 00:28 - 000000000 ____D C:\Users\DELL 2025-05-06 16:58 - 2022-07-12 16:07 - 000000000 ____D C:\Users\DELL\AppData\Local\D3DSCache 2025-05-06 01:25 - 2022-07-18 18:15 - 000000000 ____D C:\Users\DELL\AppData\Roaming\vlc 2025-05-06 01:06 - 2022-11-24 00:47 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2025-05-06 01:06 - 2022-11-24 00:47 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2025-05-04 22:51 - 2023-02-23 03:48 - 000000000 ____D C:\ProgramData\Apple Inc 2025-05-04 22:22 - 2022-07-12 16:12 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\MMC 2025-05-04 14:06 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2025-05-03 22:25 - 2024-04-18 19:24 - 000000000 ____D C:\ProgramData\CanonIJPLM 2025-05-03 14:25 - 2022-07-18 18:36 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2025-05-03 14:25 - 2022-07-18 18:36 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2025-05-03 00:52 - 2024-05-03 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2025-05-03 00:52 - 2022-07-18 17:44 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2025-05-01 17:46 - 2025-02-06 16:46 - 000003568 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-4188264911-3070158168-183260160-1002 2025-05-01 17:46 - 2022-11-24 00:47 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4188264911-3070158168-183260160-1002 2025-05-01 17:46 - 2022-11-24 00:47 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4188264911-3070158168-183260160-1002 2025-05-01 17:46 - 2022-07-12 15:34 - 000002399 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2025-05-01 16:57 - 2023-02-23 03:48 - 000000000 ____D C:\ProgramData\Apple 2025-05-01 16:57 - 2022-07-12 15:38 - 000000000 ____D C:\Users\DELL\AppData\Local\Publishers 2025-05-01 16:52 - 2022-07-12 15:35 - 000000000 ____D C:\Users\DELL\AppData\Local\PlaceholderTileLogoFolder 2025-05-01 16:51 - 2023-03-10 19:26 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2025-05-01 16:51 - 2023-03-10 19:26 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2025-04-24 00:24 - 2023-01-05 23:51 - 000000000 ____D C:\Users\DELL\AppData\Roaming\audacity 2025-04-23 14:47 - 2023-03-24 19:29 - 000002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2025-04-23 14:47 - 2023-03-24 19:29 - 000002051 _____ C:\Users\DELL\Desktop\Google Drive.lnk 2025-04-20 18:25 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth 2025-04-15 22:52 - 2020-07-24 13:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2025-04-08 15:55 - 2023-02-07 19:26 - 000000000 ____D C:\Users\DELL\AppData\Local\Zoom ==================== Files in the root of some directories ======== 2024-08-24 12:35 - 2024-08-24 12:35 - 000000477 _____ () C:\Users\DELL\AppData\Local\kdeglobals 2024-08-16 00:59 - 2024-08-16 00:59 - 000008337 _____ () C:\Users\DELL\AppData\Local\kdenlive-layoutsrc 2024-08-16 00:59 - 2025-02-19 18:41 - 000004823 _____ () C:\Users\DELL\AppData\Local\kdenliverc 2024-08-18 00:27 - 2024-08-18 00:27 - 000000052 _____ () C:\Users\DELL\AppData\Local\klanguageoverridesrc 2024-11-03 14:32 - 2024-11-03 14:32 - 000013341 _____ () C:\Users\DELL\AppData\Local\recently-used.xbel 2024-08-18 00:29 - 2024-08-18 00:29 - 000005016 _____ () C:\Users\DELL\AppData\Local\user-places.xbel 2024-08-16 00:59 - 2024-08-16 00:59 - 000004735 _____ () C:\Users\DELL\AppData\Local\user-places.xbel.bak 2024-08-18 00:29 - 2024-08-18 00:29 - 000000000 _____ () C:\Users\DELL\AppData\Local\user-places.xbel.tbcache ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2025
Ran by DELL (08-05-2025 00:42:24)
Running from C:\Users\DELL\Desktop\Thread
Microsoft Windows 11 Pro Version 22H2 22621.4317 (X64) (2022-11-23 22:47:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4188264911-3070158168-183260160-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4188264911-3070158168-183260160-503 - Limited - Disabled)
DELL (S-1-5-21-4188264911-3070158168-183260160-1002 - Administrator - Enabled) => C:\Users\DELL
Gast (S-1-5-21-4188264911-3070158168-183260160-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4188264911-3070158168-183260160-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 24.09 (x64) (HKLM\...\7-Zip) (Version: 24.09 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Audacity 3.0.0 (HKLM-x32\...\Audacity_is1) (Version: 3.0.0 - Audacity Team)
Audacity 3.6.1 (64 Bit) (HKLM\...\Audacity_is1) (Version: 3.6.1 - Audacity Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
blobsaver version 3.6.0 (HKLM\...\{F5EAE50A-1E3A-4DA5-B2F0-4D29968E59CD}_is1) (Version: 3.6.0 - airsquared)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.10.2.51 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.0.69 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.5.2 - Canon Inc.)
Canon TS6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6200_series) (Version: 1.02 - Canon Inc.)
Canon TS9500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS9500_series) (Version: 1.03 - Canon Inc.)
ChamSys MagicQ (HKLM\...\MagicQ) (Version: 1.9.6.0 - ChamSys Limited)
Charles 4.6.7 (HKLM\...\{CE0AF30E-47A4-44D2-A8E5-453A5048E26F}) (Version: 4.6.7.0 - XK72 Ltd)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.216 - ALPSALPINE CO., LTD.)
Dell WLAN Radio Switch Driver (HKLM\...\Dell WLAN Radio Switch Driver) (Version: 1.0.0.9 - Dell Inc)
Everything 1.4.1.1026 (x64) (HKLM\...\Everything) (Version: 1.4.1.1026 - voidtools)
ExpressVPN (HKLM-x32\...\{4904d2c4-f0e4-4ec2-ba32-7c8d7438ec22}) (Version: 12.88.0.36 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B89B4D7855}) (Version: 12.88.0.36 - ExpressVPN) Hidden
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreifunkMeet 2024.3.0 (HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\a8637bf9-ca4c-588c-9e85-5a4f2068a371) (Version: 2024.3.0 - Freifunk Muenchen)
GIMP 2.10.38 (HKLM\...\GIMP-2_is1) (Version: 2.10.38 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.116 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 107.0.3.0 - Google LLC)
iCloud Outlook (HKLM\...\{11727D12-D910-486F-9B36-B496F4AB334D}) (Version: 14.1.0.108 - Apple Inc.)
iMazing (HKLM\...\iMazing_is1) (Version: 3.1.2.0 - DigiDNA)
iPod-Unterstützung (HKLM\...\{5530CCC4-99F6-4198-BB1B-F1F78D6BCA76}) (Version: 12.11.3.7 - Apple Inc.)
LibreOffice 24.2.5.2 (HKLM\...\{7519E50A-1B31-4EAE-9AB3-DEB5C0F764F9}) (Version: 24.2.5.2 - The Document Foundation)
Malwarebytes version 5.3.0.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.3.0.186 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft 365 - da-dk (HKLM\...\O365HomePremRetail - da-dk) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - fi-fi (HKLM\...\O365HomePremRetail - fi-fi) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - nb-no (HKLM\...\O365HomePremRetail - nb-no) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - pt-pt (HKLM\...\O365HomePremRetail - pt-pt) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft 365 - sv-se (HKLM\...\O365HomePremRetail - sv-se) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 136.0.3240.50 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.50 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\OneDriveSetup.exe) (Version: 25.065.0406.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30156 (HKLM-x32\...\{692e16a0-c886-466d-91db-706f6f99ac96}) (Version: 14.29.30156.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30156 (HKLM-x32\...\{7ACE9888-9B5B-4041-90BA-6A5B470B21EB}) (Version: 14.29.30156 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30156 (HKLM-x32\...\{1F91919D-04A6-4A8C-8B81-FAF84FDB93F0}) (Version: 14.29.30156 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation)
MiKTeX (HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\MiKTeX) (Version: 24.1 - MiKTeX.org)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 138.0.1 (x64 de)) (Version: 138.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 125.0.3 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 128.9.2 (x64 de)) (Version: 128.9.2 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Novation USB Midi 2.27.0.66 (HKLM\...\Novation USB Midi Driver_is1) (Version: 2.27.0.66 - Novation DMS, Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18730.20122 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0406-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12527.20482 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040B-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0413-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0414-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041D-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0816-1000-0000000FF1CE}) (Version: 16.0.12527.20482 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Photo Common (HKLM-x32\...\{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
rekordbox 7.0.4 64bit (HKLM\...\Pioneer rekordbox 7.0.4) (Version: 7.0.4.0021 - AlphaTheta)
Sierra Wireless Dell Mobile Broadband INF Package (HKLM\...\SWIDellDrvInstaller) (Version: 7.54.4799.0502 - Sierra Wireless, Inc.)
Telegram Desktop (HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.5.4 - Telegram FZ-LLC)
Texmaker 6.0.0 (64-bit) (HKLM-x32\...\{BDB36DD0-C209-4716-A9AD-8EAC74C31716}) (Version: 6.0.0.0 - Texmaker)
UltraSearch V4.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 4.3 - JAM Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.92.0 - Winamp SA)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66233218-CA57-4AB2-BA43-A97AA4635960}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{FC071B45-4A5F-408F-92F8-4D9D693E866F}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Subsystem for Linux (HKLM\...\{1D48774E-EC31-48BA-ABEE-EF92019BAC42}) (Version: 2.4.13.0 - Microsoft Corporation) Hidden
Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation)
Windows Subsystem for Linux WSLg Preview (HKLM\...\{3CBDE512-7510-4F90-B1C0-7C4EB9DD7C26}) (Version: 1.0.27 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
zebNet Windows Keyfinder (HKLM\...\{BE5CE69C-C48B-4F67-8E42-BB9A41A5395B}_is1) (Version: 6.1.0.0 - zebNet Ltd)
Zoom Workplace (HKU\S-1-5-21-4188264911-3070158168-183260160-1002\...\ZoomUMX) (Version: 6.3.11 (60501) - Zoom Communications, Inc.)

Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-04-22] (INTEL CORP) [Startup Task]
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2023-03-05] (Canon Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-10-09] (Disney)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa [2025-05-06] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\www.instagram.com-3D2AAE46_42.0.23.1_neutral__ysfa6mcnwr1rw [2024-10-09] (www.instagram.com)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa [2025-05-01] (Apple Inc.) [Startup Task]
JAMSoftware.UltraSearchContextMenu -> C:\Program Files\JAM Software\UltraSearch [2024-08-13] (JAM Software)
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2025-05-07] ()
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20331.573.0_x64__8wekyb3d8bbwe [2025-04-15] (Microsoft Corporation)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_4.0.8.0_neutral__gvheqymwk6zrr [2025-04-15] (Zero Byte) [Startup Task]
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-05-06] ()
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-05-06] (Skype)
Ubuntu 22.04.5 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu22.04LTS_2204.5.10021.0_x64__79rhkp1fndgsc [2025-02-23] (Canonical Group Limited)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2517.4.0_x64__cv1g1gvanyjgm [2025-05-06] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4188264911-3070158168-183260160-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4188264911-3070158168-183260160-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationM

Stay Informed

Get the best articles every day for FREE. Cancel anytime.