Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RTC Video PnP Listener - REMOVAL request ;)

Started by philon8 , Feb 11 2018 04:55 AM
RTC Video PnP Listener

  • Please log in to reply

#1
philon8
Posted 11 February 2018 - 04:55 AM

philon8

    Member

  • Member
  • PipPip
  • 10 posts

Hi!  :)

I just shut down my computer when a screen informed me that programs were preventing shut down. The other was irrelaevant yet "RTC Video PnP Listener" caught my attention.
Although I do find it questionable whether someone who wants to spy on you was to name the program "listener",but  I just feel very uncomfortable with it - especially not being able to detect it (neither avast, nor malware bites detected anything harmful in today's scan) &  want it to be gone as soon as possible.

Thank you so much for your help!

Here's the log:

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2018 02
durchgeführt von Youlia (Administrator) auf YOULIAS (11-02-2018 11:41:08)
Gestartet von C:\Users\Youlia\Desktop
Geladene Profile: Youlia & defaultuser1 & Administrator (Verfügbare Profile: Youlia & defaultuser1 & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\asulaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401888 2016-11-30] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23602864 2018-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2386392 2018-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Youlia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk [2018-02-11]
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{15415cb6-9391-4bc2-b415-97f180b29217}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7bdd3788-405f-47e1-90b2-8afd0285beda}: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{de2e7dd9-da57-4c1e-8cdb-75f84360391c}: [DhcpNameServer] 195.34.133.21 212.186.211.21

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10107__170128__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302 [2018-02-11]
FF NewTab: Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302 -> about:home
FF Extension: (AdBlocker Ultimate) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-12-13]
FF Extension: (Perapera Chinese) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-01-19] [Legacy]
FF Extension: (German Dictionary, extended for Austria) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-07-30] [Legacy]
FF Extension: (Simple YouTube to MP3/MP4 Converter) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-09-19]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2018-01-25]
FF Extension: (Avast SafePrice) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-12-05]
FF Extension: (Avast Online Security) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-10-12]
FF SearchPlugin: C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\searchplugins\google-lavasoft.xml [2017-01-28]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default [2018-02-11]
CHR Extension: (Slides) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-19]
CHR Extension: (YouTube) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-19]
CHR Extension: (Avast SafePrice) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-25]
CHR Extension: (Sheets) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
CHR Extension: (Avast Online Security) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-17]
CHR Extension: (Perapera Chinese Popup Dictionary) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcddplhfenagbaipfjhhcjmebhkkaif [2017-10-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-19]
CHR Extension: (Gmail) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-19]
CHR Extension: (Chrome Media Router) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-12-23] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [402960 2016-01-15] (F5 Networks, Inc.)
R2 F5FltSrv; C:\WINDOWS\SysWOW64\F5FltSrv.exe [340496 2016-01-15] (F5 Networks, Inc.)
R2 F5TrafficSrv; C:\WINDOWS\SysWOW64\F5TrafficSrv.exe [217104 2016-01-15] (F5 Networks, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [Datei ist nicht signiert]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [124928 2017-03-09] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [47848 2016-01-15] (F5 Networks, Inc.)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2015-08-14] (F5 Networks, Inc.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 urvpndrv; C:\WINDOWS\System32\drivers\covpnv64.sys [45776 2015-08-14] (F5 Networks, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-02-11 11:46 - 2018-02-11 11:46 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-02-11 11:46 - 2018-02-11 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-02-11 11:41 - 2018-02-11 11:44 - 000030371 _____ C:\Users\Youlia\Desktop\FRST.txt
2018-02-11 11:39 - 2018-02-11 11:39 - 002404864 _____ (Farbar) C:\Users\Youlia\Desktop\FRST64.exe
2018-02-11 11:28 - 2018-02-11 11:28 - 000000000 ____D C:\Users\Public\Foxit Software
2018-02-11 11:27 - 2018-02-11 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-02-11 11:27 - 2018-02-11 11:27 - 000000000 ____D C:\ProgramData\Foxit Software
2018-02-11 11:27 - 2018-02-11 11:27 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2018-02-11 11:24 - 2018-02-11 11:41 - 000000000 ____D C:\FRST
2018-02-11 10:38 - 2018-02-11 11:08 - 000000000 ____D C:\Users\Youlia\AppData\Local\PlaceholderTileLogoFolder
2018-02-11 10:36 - 2018-02-11 10:36 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-09 12:38 - 2018-02-09 12:38 - 000000000 ____D C:\Users\Youlia\Documents\Benutzerdefinierte Office-Vorlagen
2018-02-09 11:20 - 2018-02-09 11:28 - 000000000 ____D C:\Users\Youlia\Documents\PVA+Steuern
2018-02-09 11:17 - 2018-02-09 11:20 - 000000000 ____D C:\Users\Youlia\Documents\bank
2018-02-08 09:57 - 2018-02-08 09:57 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 09:57 - 2018-02-08 09:57 - 000002209 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-08 09:57 - 2018-02-08 09:57 - 000000000 ____D C:\Program Files\Google
2018-02-06 14:50 - 2018-02-06 14:50 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\Grammarly
2018-02-04 18:08 - 2018-02-04 18:08 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-02-04 18:08 - 2018-02-04 18:08 - 000001292 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-02-02 20:38 - 2018-02-03 17:24 - 000000000 ____D C:\Users\Youlia\Desktop\Rosengarten_Theseustempel
2018-01-31 19:58 - 2018-01-31 19:58 - 000003606 _____ C:\WINDOWS\System32\Tasks\[email protected]
2018-01-29 21:54 - 2018-01-29 21:54 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\Packages
2018-01-29 21:53 - 2018-01-29 21:53 - 000000020 ___SH C:\Users\defaultuser1\ntuser.ini
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Vorlagen
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Startmenü
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Netzwerkumgebung
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Lokale Einstellungen
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Eigene Dateien
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Druckumgebung
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Documents\Eigene Videos
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Documents\Eigene Musik
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Documents\Eigene Bilder
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\AppData\Local\Verlauf
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\AppData\Local\Anwendungsdaten
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Anwendungsdaten
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 __SHD C:\Users\defaultuser1\IntelGraphicsProfiles
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\VirtualStore
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\ConnectedDevicesPlatform
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\ASUS
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1
2018-01-22 17:21 - 2016-03-26 11:09 - 302389543 _____ C:\Users\Youlia\Documents\Werdeverrückt.Wiedubekommstwasduwirklich-wirklichwillst_ep9_SN2Pajk21ikYyWunm7aLa4T4xhWlX25RQi_VcCiNZLLaxNKYxUFc6Z0MImZSdw.aax
2018-01-18 12:55 - 2018-01-18 12:55 - 000000000 ____D C:\Users\Youlia\Documents\HpReg_Backup
2018-01-18 12:43 - 2018-01-18 12:43 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\HPPSDr
2018-01-17 19:59 - 2018-01-17 20:16 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\WindSolutions
2018-01-17 19:59 - 2018-01-17 20:00 - 000000000 ____D C:\ProgramData\WindSolutions
2018-01-17 13:04 - 2018-01-17 13:04 - 000081198 _____ C:\Users\Youlia\Desktop\Rechnung_SF0003271_at.pdf
2018-01-16 20:09 - 2018-01-16 20:09 - 000401059 _____ C:\Users\Youlia\Desktop\Ticket_2_Eivør (Färöer)_Freie Platzwahl.pdf
2018-01-16 20:03 - 2018-01-16 20:04 - 000398740 _____ C:\Users\Youlia\Desktop\Ticket_1_Eivør (Färöer)_Freie Platzwahl.pdf
2018-01-15 17:37 - 2018-01-15 17:41 - 000340320 _____ C:\Users\Youlia\Desktop\Kalkulation Einzelunternehmen_PhiloWr.xlsx

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-02-11 11:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-11 11:29 - 2017-01-28 12:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 11:29 - 2016-12-04 11:21 - 000000000 ____D C:\Users\Youlia\AppData\LocalLow\Mozilla
2018-02-11 11:29 - 2015-05-24 23:37 - 000001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-11 11:28 - 2015-05-24 19:30 - 000001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-11 11:27 - 2015-05-25 18:49 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\Foxit Software
2018-02-11 11:03 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-11 11:03 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-11 11:00 - 2017-12-08 19:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-11 10:41 - 2015-05-24 19:22 - 000000074 _____ C:\Users\Youlia\AppData\Roaming\sp_data.sys
2018-02-11 10:40 - 2017-08-18 14:11 - 000000000 ___RD C:\Users\Youlia\Creative Cloud Files
2018-02-11 10:39 - 2015-05-25 18:05 - 000000000 ____D C:\Users\Youlia\AppData\Local\Adobe
2018-02-11 10:36 - 2017-04-13 17:25 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-02-11 10:32 - 2017-12-27 14:34 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-11 10:32 - 2017-12-08 19:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-11 10:32 - 2017-08-06 14:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-11 10:32 - 2017-03-12 11:52 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForYoulia.job
2018-02-11 10:32 - 2016-01-07 14:32 - 000000000 __SHD C:\Users\Youlia\IntelGraphicsProfiles
2018-02-11 10:31 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-11 10:29 - 2015-08-14 07:20 - 000000000 ____D C:\Users\Youlia\Documents\Sonstiges
2018-02-10 23:34 - 2015-05-25 17:38 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\Audacity
2018-02-10 17:27 - 2017-12-08 19:45 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForYoulia
2018-02-10 14:56 - 2014-10-31 21:04 - 000000000 ____D C:\Users\Youlia\Documents\CV & Co
2018-02-10 14:37 - 2017-12-08 19:45 - 000003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-02-10 14:37 - 2017-12-08 19:45 - 000003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-02-09 13:21 - 2017-08-29 21:51 - 000000000 ____D C:\Users\Youlia\Desktop\Unbenannter Export
2018-02-09 11:25 - 2017-03-23 08:14 - 000000000 ____D C:\Users\Youlia\Documents\AMS
2018-02-09 11:25 - 2015-08-09 04:00 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\vlc
2018-02-08 14:33 - 2017-07-06 14:41 - 000000000 ____D C:\Users\Youlia\Documents\#BSP_Aut
2018-02-07 20:28 - 2017-12-08 19:09 - 000000000 ____D C:\Users\Youlia\AppData\Local\Packages
2018-02-07 18:42 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-07 11:14 - 2017-09-19 16:56 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-07 11:14 - 2017-09-19 16:56 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-06 14:50 - 2017-10-19 12:07 - 000000000 ____D C:\Users\Youlia\AppData\Local\Package Cache
2018-02-06 03:49 - 2018-01-10 17:46 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-06 03:49 - 2018-01-10 17:46 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-04 18:08 - 2015-05-25 18:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-04 18:07 - 2017-03-15 19:14 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-04 17:19 - 2014-08-11 20:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-04 17:18 - 2017-12-08 19:08 - 000000000 ____D C:\Users\Youlia
2018-02-02 19:38 - 2015-06-14 19:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-31 10:18 - 2017-12-08 19:45 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4044158651-1248895399-1107232148-1001
2018-01-31 10:17 - 2016-01-07 14:38 - 000002392 _____ C:\Users\Youlia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 10:17 - 2014-08-11 15:41 - 000000000 __RDO C:\Users\Youlia\SkyDrive
2018-01-30 18:21 - 2015-05-24 19:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 21:56 - 2017-12-05 21:29 - 000000000 ____D C:\Users\Youlia\Desktop\VIE 2go
2018-01-25 11:37 - 2017-12-08 19:34 - 002182554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-25 11:37 - 2017-09-30 15:35 - 000961228 _____ C:\WINDOWS\system32\perfh007.dat
2018-01-25 11:37 - 2017-09-30 15:35 - 000214528 _____ C:\WINDOWS\system32\perfc007.dat
2018-01-23 09:55 - 2013-12-13 05:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-21 16:22 - 2017-12-08 19:45 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-21 16:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-18 12:47 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-18 12:43 - 2015-11-06 17:46 - 000000000 ____D C:\ProgramData\HP
2018-01-18 12:42 - 2015-11-06 17:46 - 000000000 ____D C:\Users\Youlia\AppData\Local\HP
2018-01-18 12:41 - 2015-11-06 17:46 - 000000000 ____D C:\Program Files (x86)\HP
2018-01-18 12:12 - 2015-11-06 17:51 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\Hewlett-Packard
2018-01-15 21:51 - 2017-11-23 18:43 - 000000000 ____D C:\Users\Youlia\Desktop\PhiloW~
2018-01-14 18:24 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-24 19:22 - 2018-02-11 10:41 - 000000074 _____ () C:\Users\Youlia\AppData\Roaming\sp_data.sys
2017-12-06 14:56 - 2017-12-06 14:56 - 000010506 _____ () C:\Users\Youlia\AppData\Local\recently-used.xbel
2015-07-28 11:57 - 2015-07-28 11:57 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{19C194C1-FAC0-483C-88DB-FBF56112579A}
2015-07-30 14:59 - 2015-07-30 14:59 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{400A3B5D-7BFF-4919-A0AA-306CD17AF180}
2015-08-03 12:04 - 2015-08-03 12:04 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{70860BD2-9364-4317-80E1-A5FCF73B69A5}
2015-07-25 15:05 - 2015-07-25 15:05 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{801CA561-3A4A-44D0-8499-CA26687640FB}

Einige Dateien in TEMP:
====================
2018-02-11 11:26 - 2015-09-28 10:45 - 004990656 _____ (Foxit Corporation) C:\Users\Youlia\AppData\Local\Temp\FoxitUpdater.exe
2018-02-09 11:22 - 2018-02-09 11:23 - 012951552 _____ () C:\Users\Youlia\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-02-08 23:39

==================== Ende von FRST.txt ============================

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 10.02.2018 02
durchgeführt von Youlia (11-02-2018 11:47:13)
Gestartet von C:\Users\Youlia\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-08 18:52:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4044158651-1248895399-1107232148-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4044158651-1248895399-1107232148-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-4044158651-1248895399-1107232148-1004 - Limited - Enabled) => C:\Users\defaultuser1
Gast (S-1-5-21-4044158651-1248895399-1107232148-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044158651-1248895399-1107232148-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4044158651-1248895399-1107232148-504 - Limited - Disabled)
Youlia (S-1-5-21-4044158651-1248895399-1107232148-1001 - Administrator - Enabled) => C:\Users\Youlia

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.0.294 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.12 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 71.2015.0815.0150 - F5 Networks, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2015.0815.0150 - F5 Networks, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{B443A4BE-E688-43BD-B152-6724A38437B1}) (Version: 6.6.129 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\{da7635e6-2ab8-496a-b5b5-8f82fb640c16}) (Version: 6.6.129 - Grammarly)
HappyFoto-Designer 5.4 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
HP Photosmart 5510 series - Grundlegende Software für das Gerät (HKLM\...\{8133D9DE-F412-4CFB-A359-5E3EE38A9A19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Hilfe (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{1A63A05F-AC57-47A2-B94C-CEACBB65A7C2}) (Version: 12.7.2.58 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
Malwarebytes Version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.0.6592 - Mozilla)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
PDF24 Creator 8.0.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plan4You Easy (HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\3526547238.plan4youeasy.haude.at) (Version:  - plan4youeasy.haude.at)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Subtitle Edit 3.5.0 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.5.0.0 - Nikse)
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.4.0.3 - ) <==== ACHTUNG
Update for CHS Microsoft IME HAP Dictionary (HKLM\...\{50822466-5571-4B7A-B3FC-A58760DDAEE9}) (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C567DFDEC351}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Youlia\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.129\22152B6ACD\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02A58704-8361-4625-88A5-1F8389113B9B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-09] (Microsoft Corporation)
Task: {0AE9797D-2C12-4951-AF70-BA6F38FB3370} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0AF1CE32-D940-4C9B-9266-36F8AC953ED3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\ASUS InstantOn Config" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\ASUS Live Update1" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\ASUS Live Update2" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\ASUS P4G" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\ASUS Smart Gesture Launcher" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\ASUS Splendid ACMON" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\ASUS Splendid ColorU" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\ASUS USB Charger Plus" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AsusVibeSchedule" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVGPCTuneUp_Task_BkGndMaintenance" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\HP AR Program Upload - 98845e3370a34c5aabe75c2437b220b7ffe63c6d9a5f4ee4a6cf6df1b53b57d1" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\HP AR Program Upload - b29874c1857f4471b2907872543f4baa32095ef77b6a4c33bcfc6f886f6a95e2" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\HP AR Program Upload - fe0a7de4538f4110834cc1ed6e58857e490f5901ceeb410d9c382e4fe4be349e" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\HPCeeScheduleForYoulia" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4044158651-1248895399-1107232148-1001" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\Optimize Start Menu Cache Files-S-1-5-21-4044158651-1248895399-1107232148-500" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN "\P4GIntlCtrl" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(23): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1458681407" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(24): schtasks.exe -> /Change /TN "\Update Checker" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(25): schtasks.exe -> /Change /TN "\{F811C68C-28A1-47D2-92A3-B93611A8A96A}" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(26): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {11822DC4-88C1-4628-81C8-F40960D79731} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {1D588A65-4CB3-4E29-99AE-31FC21808256} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {1F918198-FC97-453E-A536-96DA24EBFED6} - System32\Tasks\HPCeeScheduleForYoulia => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1FD13054-35BC-4D21-B732-E01DFE936750} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {22FE3DAB-4595-4977-9D1B-1C578E891CB7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {2B8EB4FF-5F94-4E10-983A-68C437577D33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {2DE89E42-F488-429F-9DF5-CC2919B39A45} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {2E6FCC44-4103-4514-B525-DB8619563654} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {303D9414-AB72-4916-A09B-29CD5618BF8B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {309E8FD0-94AB-4094-908C-9B7076A27A80} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {31839ABE-0287-42F6-A5F1-E1ED54B8DB22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {322B86CB-734C-4683-989F-4FCDF333B2FB} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {341F482A-2F67-41CA-B8AD-EC156B4830B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {353AA3BC-A62C-42CC-BB58-3DD7D851997F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {35EE15F5-FC9C-49FE-919D-815FA2B232F6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {3B2A0D2D-6E32-4B86-81CD-26BA8DD1A1C9} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {426FA741-A500-4AF2-9B9A-95D589D7B879} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {464B1EF3-7BEE-4FD3-A8EA-3E604BAB294B} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {47180A09-7A82-4384-ABA1-B66088CC9E38} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {4B3C0153-AAAD-41C8-8967-B0FDA36C7AC1} - System32\Tasks\{F811C68C-28A1-47D2-92A3-B93611A8A96A} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Youlia\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=obw
Task: {51ACE621-F5F8-4DB8-ADA3-514A5BB65B8F} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {5A5360FC-775F-45E4-A0B9-6325C92311EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {5A6F040D-CBA2-4747-BD02-539A927F7510} - System32\Tasks\SafeZone scheduled Autoupdate 1458681407 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {5D3CE5FE-0125-4296-98BE-F5EFFECF8373} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {66479732-FFD3-4B8F-A497-348F69350567} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6A60AD1B-DD9A-498C-B0D0-758B209EEF99} - System32\Tasks\HP AR Program Upload - fe0a7de4538f4110834cc1ed6e58857e490f5901ceeb410d9c382e4fe4be349e => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6DE04A00-908A-4B68-85FA-D6340873936D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {7144A95E-09A1-4408-95FB-39E9D55A3F5A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {728120B0-889C-466D-8D9C-C1989AAF6A74} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7892EACD-926C-4FD3-9BEC-1135E407D44E} - System32\Tasks\HP AR Program Upload - b29874c1857f4471b2907872543f4baa32095ef77b6a4c33bcfc6f886f6a95e2 => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {83FD9510-6861-41B0-8C0F-BDF7CB0D7D07} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
Task: {88FCABD6-82D8-46DD-898E-44804B4EF3A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-19] (Microsoft Corporation)
Task: {93754BF0-9D12-4C51-A565-1B16776AFC0A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {955AA6FE-FADB-4EAA-9B34-51F63C35953D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {A113D874-E2CD-4BF7-B486-7257640DBE14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)
Task: {A55AB514-A863-459A-BA14-F92EF6C68A78} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A78A8E05-711F-4C1B-BEAB-93109FB65B5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A951099C-47CD-4A6A-9BF8-6B73375CE669} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {AD9CCC7A-6A2A-45CF-B339-021B174903AA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {ADDCE688-CA45-4A3D-845D-6BC78EB0DCEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {B95CBBB6-846A-4821-81AE-7748BB473EEF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {BC902AC2-E5BD-4D18-B20C-5536F08ABFEB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {BE9E7C4A-AF6E-4CD8-8308-EFBA3B672D32} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {C33FBEFB-BA33-4630-988C-147302840D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C400B561-A703-48D0-80BD-C93AEFC5E035} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C4D2CC01-D8C1-4BD4-8FFB-DBE79B3C8D47} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E1FC8871-B8B4-43ED-9631-6C11AED5918E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {E9EF8C59-1977-42C9-98E2-81F826421224} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {EAFF4068-A047-4098-A5E7-27D4D0565DDA} - System32\Tasks\HP AR Program Upload - 98845e3370a34c5aabe75c2437b220b7ffe63c6d9a5f4ee4a6cf6df1b53b57d1 => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {F7EE0A23-1DE5-400C-95C7-F16CC86FCD18} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {FCB83B34-D86B-4CB1-9294-D1FCA9AF9A64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForYoulia.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-06 14:35 - 2016-08-01 13:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-27 14:33 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-08-29 17:01 - 2013-08-29 17:01 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2018-01-04 09:04 - 2018-01-04 09:04 - 000649672 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-11-30 21:57 - 2016-11-30 21:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-12-13 10:52 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 10:51 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-21 18:49 - 2016-12-21 18:49 - 000065536 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-30 14:37 - 2018-01-30 14:38 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 000667136 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-04 09:04 - 2018-01-04 09:04 - 035292104 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2017-12-14 09:59 - 2017-12-14 09:59 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-12-14 09:59 - 2017-12-14 09:59 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-09-30 10:49 - 2017-09-30 10:50 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-11 15:38 - 2017-11-12 10:35 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-09-30 10:49 - 2017-09-30 10:50 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 10:20 - 2017-08-29 10:20 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-12-14 09:59 - 2017-12-14 09:59 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-08 21:41 - 2013-10-08 21:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 19:23 - 2013-09-09 19:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-07-10 09:31 - 2017-07-10 09:31 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 11:24 - 2017-12-22 11:24 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-01-30 21:28 - 2018-01-30 21:28 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-07-31 23:31 - 2017-07-31 23:31 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-01-30 08:39 - 2018-01-30 08:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-01-30 21:53 - 2018-01-30 21:53 - 000099792 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2018-01-30 21:47 - 2018-01-30 21:47 - 000125912 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-01-30 21:47 - 2018-01-30 21:47 - 000125392 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2018-01-30 21:47 - 2018-01-30 21:47 - 000133072 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-01-30 21:47 - 2018-01-30 21:47 - 000222168 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-01-30 21:47 - 2018-01-30 21:47 - 000099792 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-01-30 21:47 - 2018-01-30 21:47 - 000106456 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2018-01-30 21:47 - 2018-01-30 21:47 - 000094168 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2014-03-03 11:54 - 2013-10-23 14:44 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Youlia\Documents\Werdeverrückt.Wiedubekommstwasduwirklich-wirklichwillst_ep9_SN2Pajk21ikYyWunm7aLa4T4xhWlX25RQi_VcCiNZLLaxNKYxUFc6Z0MImZSdw.aax:com.dropbox.attributes [220]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\sharepoint.com -> hxxps://univie-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\univie.ac.at -> hxxps://vpn.univie.ac.at
IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\Control Panel\Desktop\\Wallpaper -> D:\#BILDER\ART\desktop\DSC03101 (2).JPG
HKU\S-1-5-21-4044158651-1248895399-1107232148-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\Control Panel\Desktop\\Wallpaper -> C:\windows\asus\wallpapers\asus.jpg
DNS Servers: 195.34.133.21 - 212.186.211.21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_83F8AB2A88589303BB46D582CAF2367C"
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{EAFA4184-0A79-462C-85C5-DB81E3163B6E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EF79B694-5E64-40D2-8F94-2AD285F84B34}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BB069C27-6B8F-4576-9B1C-951B9694BBEA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{AB751026-F8EA-43CD-96FA-11483E1FF9A7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{E5B31CB5-77E0-4B62-B598-397A2EB0916A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{30DDCD14-70BA-449D-848C-237375101812}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6706E3D3-9BC2-4EEC-9D8A-ECC28A3A9559}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FF52E790-9FF2-4A57-879C-0B0EF8F32CC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6E5A7C8B-1F81-4C29-83B5-74E91A279516}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC3597B1-3370-4ED2-B901-754B65661155}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F2A4FB3-C57E-48B6-9AC6-30E56D39CD1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65F960CB-D65A-485F-BFFD-50F56C7E065E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38FF7F21-E163-435C-9A95-01B4DF60DE90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{FDCF489C-DAB7-42B7-B4BF-E0E01D3DC77D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{403EE3F8-5A8E-4E99-AA84-7CFA2F751D69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F0D522F0-17E4-4C22-B4BD-447B0EFF7B9D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B12A6ACD-9514-4340-9BB1-014C5E61E05C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4DE8AF9F-7B33-45DA-B20D-55D01ED3E071}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{720F8B52-F1E4-491E-86E7-5CA40208B326}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49DF9283-2D08-4D73-BFF8-1293AF60D8BE}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{6536186A-51E7-496F-A54C-E583C5809345}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A60AE355-AFC3-4813-8D74-5F20A1761678}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{B6B0CC0C-5C8C-4776-A904-AB45DB43D5E4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{68983AAB-C2AC-4323-A8D1-9779B9116E31}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5C4E00ED-E156-4DF9-9844-355EC77C79ED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA6E6A1F-77E5-4ED7-BF69-E32CF8A5DA90}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BA393B52-BF65-4FC6-BB02-E93F3FEB442A}] => (Allow) C:\Users\Youlia\AppData\Local\Temp\7zS2D11\HPDiagnosticCoreUI.exe
FirewallRules: [{A499A4D7-F580-4708-A548-10A9D74EBB9C}] => (Allow) C:\Users\Youlia\AppData\Local\Temp\7zS2D11\HPDiagnosticCoreUI.exe
FirewallRules: [{AED95513-9673-4D27-A8CF-B9069FE211C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E8A04AAF-6DB5-4733-8A50-D94D1E981136}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E3FEEAB3-6D71-426F-A63F-90741BE1331F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{BA0BF004-BF50-474C-ADC4-4B722CD7991B}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

25-01-2018 17:44:07 Geplanter Prüfpunkt
31-01-2018 14:42:52 Windows Modules Installer
04-02-2018 18:03:11 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
07-02-2018 18:41:07 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/11/2018 11:39:30 AM) (Source: MsiInstaller) (EventID: 1002) (User: YOULIAS)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (02/11/2018 11:36:23 AM) (Source: MsiInstaller) (EventID: 1002) (User: YOULIAS)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (02/11/2018 11:32:32 AM) (Source: MsiInstaller) (EventID: 1002) (User: YOULIAS)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (02/11/2018 11:30:01 AM) (Source: MsiInstaller) (EventID: 1002) (User: YOULIAS)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (02/11/2018 10:57:48 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (02/11/2018 10:03:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453

Error: (02/11/2018 10:03:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1453

Error: (02/11/2018 12:45:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2018 02:45:38 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (02/10/2018 02:44:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (02/11/2018 11:27:52 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Foxit Reader Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/11/2018 11:08:48 AM) (Source: DCOM) (EventID: 10016) (User: YOULIAS)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/11/2018 11:06:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/11/2018 10:52:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/11/2018 10:47:21 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/11/2018 10:43:28 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel® Management and Security Application Local Management Service" wurde nicht richtig gestartet.

Error: (02/11/2018 10:39:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde nicht richtig gestartet.

Error: (02/11/2018 10:36:41 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Error: (02/11/2018 10:35:53 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/11/2018 10:32:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PDF24" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


CodeIntegrity:
===================================
  Date: 2018-02-11 11:35:55.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:35:55.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:35:16.397
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:35:16.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:18:50.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:18:50.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:05:54.865
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:05:54.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:03:26.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-11 11:03:26.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 8075.4 MB
Verfügbarer physikalischer RAM: 3518.66 MB
Summe virtueller Speicher: 11275.4 MB
Verfügbarer virtueller Speicher: 6519 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:183.24 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:39.77 GB) NTFS

\\?\Volume{82993164-463b-4e7a-b6fa-2d0b20b1f117}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{3d1b02a0-61db-4c35-8939-fdb74cc91cc2}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.48 GB) NTFS
\\?\Volume{0985e722-1ad4-44dc-add7-bb6a2e789b54}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.85 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2E04B146)

Partition: GPT.

==================== Ende von Addition.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 16 February 2018 - 06:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 


  • 0

#3
philon8
Posted 17 February 2018 - 02:42 PM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi RKinner!

Thx for taking the time.. Here's the results:

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    84.90    52 K    8 K    0            
System    4.67    212 K    16.796 K    4            
 Interrupts    0.75    0 K    0 K    n/a    Hardware Interrupts and DPCs        
 smss.exe        540 K    280 K    420            
 Memory Compression        1.016 K    290.520 K    1724            
csrss.exe    < 0.01    1.956 K    2.580 K    652            
wininit.exe        1.456 K    2.220 K    760            
 services.exe    < 0.01    6.340 K    6.284 K    820            
  svchost.exe        1.012 K    576 K    932    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        13.252 K    19.260 K    952    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
   WmiPrvSE.exe        17.388 K    22.004 K    5496            
   ShellExperienceHost.exe    Suspended    28.640 K    59.232 K    14004    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
   SearchUI.exe    Suspended    45.712 K    48.892 K    3368    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
   RuntimeBroker.exe        6.100 K    16.552 K    7316    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
   RuntimeBroker.exe        5.692 K    6.436 K    10544    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
   ChsIME.exe        11.204 K    24.180 K    16204            
   SettingSyncHost.exe        22.572 K    3.568 K    16320    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
   HPNetworkCommunicatorCom.exe    0.13    4.384 K    11.432 K    22272    HPNetworkCommunicatorCom    Hewlett-Packard Co.    (Verified) Hewlett Packard
   SkypeHost.exe    Suspended    13.872 K    10.504 K    32872    Microsoft Skype    Microsoft Corporation    (Es war keine Signatur im Antragsteller vorhanden) Microsoft Corporation
   RuntimeBroker.exe        3.960 K    2.460 K    36132    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    0.05    7.832 K    9.920 K    1020    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe    0.01    2.956 K    4.288 K    8    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.308 K    3.896 K    1132    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.184 K    3.876 K    1152    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        7.324 K    9.336 K    1184    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
   ACMON.exe        2.164 K    556 K    54124    ACMON     ASUS    (Verified) ASUSTeK Computer Inc.
   USBChargerPlus.exe        2.156 K    1.000 K    47436            
   ColorUService.exe        2.460 K    548 K    53696    ASUS Color Engine    ASUSTeK Computer Inc.    (Verified) ASUSTeK Computer Inc.
   taskhostw.exe        5.620 K    12.596 K    55524    Hostprozess für Windows-Aufgaben    Microsoft Corporation    (Verified) Microsoft Windows
   BatteryLife.exe    0.01    4.656 K    824 K    54972            
   LiveUpdate.exe    0.32    73.308 K    8.272 K    23680            
  svchost.exe        2.592 K    4.568 K    1248    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe    < 0.01    14.872 K    10.960 K    1296    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe    < 0.01    11.280 K    11.784 K    1316    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.756 K    5.820 K    1368    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
   sihost.exe        5.760 K    21.348 K    47596    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        6.420 K    3.696 K    1396    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.496 K    3.640 K    1476    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  nvvsvc.exe        2.600 K    4.676 K    1596    NVIDIA Driver Helper Service, Version 369.09    NVIDIA Corporation    (Verified) NVIDIA Corporation
   nvxdsync.exe    < 0.01    9.212 K    18.500 K    10932            
  svchost.exe        1.408 K    1.512 K    1652    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        4.768 K    7.224 K    1660    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.164 K    4.104 K    1668    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.244 K    4.016 K    1780    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        3.380 K    5.272 K    1832    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  igfxCUIService.exe        2.080 K    3.424 K    1852    igfxCUIService Module    Intel Corporation    (Verified) Intel® pGFX
  svchost.exe        1.876 K    2.228 K    1912    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.180 K    3.836 K    1920    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe    < 0.01    8.076 K    12.744 K    2012    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        3.044 K    6.324 K    1148    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        5.096 K    9.792 K    2080    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        3.512 K    4.360 K    2088    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        1.792 K    2.212 K    2096    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        3.860 K    5.712 K    2108    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.496 K    5.848 K    2216    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        6.220 K    8.156 K    2288    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        1.432 K    2.196 K    2328    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  AsLdrSrv.exe        1.032 K    1.864 K    2352    ASLDR Service    ASUSTek Computer Inc.    (Verified) ASUSTeK Computer Inc.
   HControl.exe        2.064 K    7.712 K    39320            
    KBFiltr.exe        1.484 K    5.012 K    52132            
  AvastSvc.exe    0.04    242.584 K    41.312 K    2360    Avast Service    AVAST Software    (Verified) AVAST Software s.r.o.
  svchost.exe    < 0.01    2.844 K    5.764 K    2372    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  GFNEXSrv.exe        808 K    976 K    2448    GFNEXSrv    ASUS    (Verified) ASUSTeK Computer Inc.
  spoolsv.exe    0.12    7.416 K    5.660 K    2720    Spoolersubsystem-Anwendung    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        2.064 K    2.632 K    2808    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        1.728 K    2.356 K    2936    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
   dasHost.exe    < 0.01    3.492 K    4.792 K    3504            
  DptfPolicyConfigTDPService.exe        1.080 K    880 K    2944    Intel® Dynamic Platform and Thermal Framework Config TDP Policy Service    Intel Corporation    (Verified) Intel® Software
  DptfParticipantProcessorService.exe        1.072 K    884 K    2952    Intel® Dynamic Platform and Thermal Framework Processor Participant Service    Intel Corporation    (Verified) Intel® Software
  svchost.exe        26.832 K    25.780 K    2960    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  DptfPolicyCriticalService.exe        1.088 K    880 K    2968    Intel® Dynamic Platform and Thermal Framework Criticial Policy Service    Intel Corporation    (Verified) Intel® Software
  InsOnSrv.exe    < 0.01    1.776 K    2.660 K    2976    ASUS InstantOn Program    ASUS    (Verified) ASUSTeK Computer Inc.
   InsOnWMI.exe    < 0.01    2.616 K    9.316 K    52472            
  mDNSResponder.exe        2.048 K    2.852 K    2984    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
  DptfPolicyLpmService.exe        1.076 K    872 K    3004    Intel® Dynamic Platform and Thermal Framework LPM Policy Service    Intel Corporation    (Verified) Intel® Software
  OfficeClickToRun.exe        41.280 K    25.508 K    3012    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
  svchost.exe        18.828 K    12.440 K    3020    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        1.756 K    2.224 K    3028    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        10.028 K    18.116 K    3040    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  F5InstallerService.exe        1.112 K    1.180 K    3056    F5 Networks Component Installer Service    F5 Networks, Inc.    (Verified) F5 Networks
  F5FltSrv.exe        2.084 K    548 K    2344    F5 Networks DNS Relay Proxy for Windows    F5 Networks, Inc.    (Verified) F5 Networks
  F5TrafficSrv.exe        716 K    532 K    2212    F5 Networks Shaping Server for Windows    F5 Networks, Inc.    (Verified) F5 Networks
  svchost.exe        4.660 K    7.728 K    2696    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  MBAMService.exe    < 0.01    49.644 K    15.636 K    3100    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
   mbamtray.exe    < 0.01    17.340 K    22.412 K    4704    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
  svchost.exe        2.460 K    3.552 K    3144    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  AdobeUpdateService.exe    < 0.01    2.060 K    2.960 K    3152    Adobe Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
  svchost.exe        1.640 K    1.184 K    3184    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  SecurityHealthService.exe        4.516 K    8.260 K    3216    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.932 K    3.332 K    3240    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        1.404 K    1.540 K    3260    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        4.736 K    11.748 K    3272    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  AGSService.exe    0.02    4.492 K    6.892 K    3396    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Systems Incorporated
  svchost.exe        3.776 K    8.032 K    3492    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.144 K    2.424 K    3820    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.336 K    3.048 K    3996    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe    < 0.01    32.188 K    27.344 K    4024    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        6.032 K    9.704 K    2184    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  PresentationFontCache.exe        27.300 K    2.132 K    5580    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
  svchost.exe        4.060 K    12.408 K    5688    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        1.832 K    2.120 K    5928    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
   ctfmon.exe        5.288 K    16.740 K    1460            
  svchost.exe        6.520 K    14.624 K    7552    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        4.892 K    5.128 K    8512    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.288 K    2.476 K    8772    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.620 K    4.180 K    8968    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  aswidsagenta.exe    0.01    30.788 K    40.336 K    8992    Avast Behavior Shield    AVAST Software    (Verified) AVAST Software s.r.o.
  HPSupportSolutionsFrameworkService.exe        37.088 K    14.260 K    10220    HP Support Solutions Framework Service    HP Inc.    (Verified) HP Inc.
  TouchpointAnalyticsClientService.exe        44.000 K    16.376 K    2524    HP Touchpoint Analytics Client Service    HP Inc.    (Verified) HP Inc.
  IntelMeFWService.exe        1.224 K    1.012 K    10160    Intel® ME Service    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
  jhi_service.exe        1.468 K    1.296 K    844    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
  LMS.exe        3.276 K    2.356 K    10984    Intel® Local Management Service    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
  svchost.exe        4.196 K    9.348 K    10844    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        3.100 K    5.468 K    9576    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  FoxitConnectedPDFService.exe    0.05    4.488 K    4.340 K    11928    Foxit Reader ConnectedPDF Windows Service.    Foxit Software Inc.    (Verified) Foxit Software Incorporated
  AppleMobileDeviceService.exe    0.01    9.976 K    3.980 K    9528    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
  iPodService.exe    0.02    2.548 K    2.916 K    11376    iPod Service    Apple Inc.    (Verified) Apple Inc.
  svchost.exe        7.156 K    2.820 K    18260    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe    0.03    112.192 K    102.572 K    38136    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.704 K    4.652 K    25424    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        2.124 K    4.168 K    41196    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe    0.03    41.972 K    13.952 K    56772    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        5.676 K    17.820 K    48952    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        6.672 K    25.444 K    46600    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        9.564 K    23.652 K    22336    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  svchost.exe        1.600 K    3.944 K    35528    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
  SearchIndexer.exe        27.844 K    28.340 K    13636    Microsoft Windows Search-Indexerstellung    Microsoft Corporation    (Verified) Microsoft Windows
  armsvc.exe        1.512 K    5.708 K    23384    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
  svchost.exe        1.524 K    4.408 K    27196    Hostprozess für Windows-Dienste    Microsoft Corporation    (Verified) Microsoft Windows Publisher
 lsass.exe        8.504 K    11.100 K    832    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
 fontdrvhost.exe        1.892 K    836 K    944            
csrss.exe    0.49    2.328 K    4.240 K    54212            
winlogon.exe        2.324 K    6.228 K    53836            
 fontdrvhost.exe        6.912 K    18.476 K    55124            
 dwm.exe    0.91    43.428 K    53.424 K    45712            
ATKOSD2.exe        2.192 K    7.320 K    44220            
DMedia.exe        1.612 K    5.940 K    10636            
igfxEM.exe        3.628 K    9.224 K    5152    igfxEM Module    Intel Corporation    (Verified) Intel® pGFX
igfxHK.exe        2.524 K    6.660 K    4076    igfxHK Module    Intel Corporation    (Verified) Intel® pGFX
igfxTray.exe        3.160 K    8.644 K    7436            (Verified) Intel® pGFX
explorer.exe    0.12    35.636 K    76.276 K    9728    Windows-Explorer    Microsoft Corporation    (Verified) Microsoft Windows
 MSASCuiL.exe        2.148 K    6.648 K    14452    Windows Defender notification icon    Microsoft Corporation    (Verified) Microsoft Windows
 RAVCpl64.exe        4.092 K    8.716 K    17216    Realtek HD Audio-Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
 RAVBg64.exe        6.460 K    8.684 K    19208    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
 DptfPolicyLpmServiceHelper.exe        1.344 K    3.784 K    17308    Intel® Dynamic Platform and Thermal Framework LPM Policy Service Helper    Intel Corporation    (Verified) Intel® Software
 ScanToPCActivationApp.exe        3.248 K    10.264 K    18628    ScanToPCActivationApp    Hewlett-Packard Co.    (Verified) Hewlett Packard
 lync.exe    < 0.01    89.124 K    60.220 K    7320    Skype for Business    Microsoft Corporation    (Verified) Microsoft Corporation
 rundll32.exe    0.13    4.536 K    13.504 K    23160    Windows-Hostprozess (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
 firefox.exe    0.06    272.652 K    291.688 K    12408    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe        97.440 K    96.544 K    10828    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe    0.60    360.084 K    343.332 K    12456    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe        274.440 K    236.232 K    15216    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe    0.50    512.860 K    500.740 K    2916    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe    0.17    106.784 K    108.852 K    6992    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe        112.500 K    130.008 K    11056    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
 procexp.exe        3.288 K    10.676 K    18824    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
  procexp64.exe    4.80    30.672 K    65.248 K    31084    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
AvastUI.exe    0.10    21.636 K    37.048 K    18116    Avast Antivirus    AVAST Software    (Verified) AVAST Software s.r.o.
PDVD10Serv.exe        1.720 K    6.888 K    21916    PowerDVD RC Service    CyberLink Corp.    (Verified) CyberLink Corp.
pdf24.exe        3.364 K    11.320 K    4820    PDF24 Creator    Geek Software GmbH    (Verified) Geek Software GmbH
Creative Cloud.exe    0.51    17.352 K    50.016 K    23024    Adobe Creative Cloud    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
 AdobeIPCBroker.exe        4.140 K    9.056 K    20704    Adobe IPC Broker    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
 Adobe Desktop Service.exe    0.09    79.132 K    40.240 K    40036    Creative Cloud    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
  CoreSync.exe    < 0.01    15.184 K    20.792 K    41048    Core Sync        (Verified) Adobe Systems Incorporated
  CCXProcess.exe        916 K    2.804 K    49304    CCXProcess    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
   node.exe    < 0.01    48.372 K    29.208 K    52216    Node.js: Server-side JavaScript    Node.js    (Verified) Node.js Foundation
    conhost.exe        1.596 K    4.156 K    55500    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
 Adobe CEF Helper.exe        58.560 K    28.488 K    36220    Adobe CEF Helper    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
 Adobe CEF Helper.exe    0.20    27.572 K    31.748 K    41772    Adobe CEF Helper    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
CCleaner64.exe    0.01    7.244 K    10.148 K    11596            
AsusTPLoader.exe    0.01    2.788 K    712 K    36724    ASUS Smart Gesture Loader    AsusTek    (Verified) ASUSTeK Computer Inc.
 AsusTPCenter.exe    0.08    4.220 K    1.008 K    43252    ASUS Smart Gesture Center    AsusTek    (Verified) ASUSTeK Computer Inc.
  AsusTPHelper.exe    < 0.01    1.532 K    260 K    13596            

 

Abbildname                     PID Dienste                                     
========================= ======== ============================================
System Idle Process              0 Nicht zutreffend                            
System                           4 Nicht zutreffend                            
smss.exe                       420 Nicht zutreffend                            
csrss.exe                      652 Nicht zutreffend                            
wininit.exe                    760 Nicht zutreffend                            
services.exe                   820 Nicht zutreffend                            
lsass.exe                      832 KeyIso, SamSs, VaultSvc                     
svchost.exe                    932 PlugPlay                                    
fontdrvhost.exe                944 Nicht zutreffend                            
svchost.exe                    952 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                   1020 RpcEptMapper, RpcSs                         
svchost.exe                      8 LSM                                         
svchost.exe                   1132 NcbService                                  
svchost.exe                   1152 TimeBrokerSvc                               
svchost.exe                   1184 Schedule                                    
svchost.exe                   1248 ProfSvc                                     
svchost.exe                   1296 EventLog                                    
svchost.exe                   1316 BFE, CoreMessagingRegistrar, MpsSvc         
svchost.exe                   1368 UserManager                                 
svchost.exe                   1396 nsi                                         
svchost.exe                   1476 Dhcp                                        
nvvsvc.exe                    1596 nvsvc                                       
svchost.exe                   1652 Themes                                      
svchost.exe                   1660 NlaSvc                                      
svchost.exe                   1668 EventSystem                                 
Memory Compression            1724 Nicht zutreffend                            
svchost.exe                   1780 SENS                                        
svchost.exe                   1832 netprofm                                    
igfxCUIService.exe            1852 igfxCUIService2.0.0.0                       
svchost.exe                   1912 AudioEndpointBuilder                        
svchost.exe                   1920 FontCache                                   
svchost.exe                   2012 Winmgmt                                     
svchost.exe                   1148 Audiosrv                                    
svchost.exe                   2080 StateRepository                             
svchost.exe                   2088 Dnscache                                    
svchost.exe                   2096 DusmSvc                                     
svchost.exe                   2108 Wcmsvc                                      
svchost.exe                   2216 WinHttpAutoProxySvc                         
svchost.exe                   2288 WlanSvc                                     
svchost.exe                   2328 Appinfo                                     
AsLdrSrv.exe                  2352 ASLDRService                                
AvastSvc.exe                  2360 avast! Antivirus                            
svchost.exe                   2372 ShellHWDetection                            
GFNEXSrv.exe                  2448 ATKGFNEXSrv                                 
spoolsv.exe                   2720 Spooler                                     
svchost.exe                   2808 LanmanWorkstation                           
svchost.exe                   2936 DeviceAssociationService                    
DptfPolicyConfigTDPServic     2944 DptfPolicyConfigTDPService                  
DptfParticipantProcessorS     2952 DptfParticipantProcessorService             
svchost.exe                   2960 DPS                                         
DptfPolicyCriticalService     2968 DptfPolicyCriticalService                   
InsOnSrv.exe                  2976 ASUS InstantOn                              
mDNSResponder.exe             2984 Bonjour Service                             
DptfPolicyLpmService.exe      3004 DptfPolicyLpmService                        
OfficeClickToRun.exe          3012 ClickToRunSvc                               
svchost.exe                   3020 CryptSvc                                    
svchost.exe                   3028 CertPropSvc                                 
svchost.exe                   3040 DiagTrack                                   
F5InstallerService.exe        3056 F5 Networks Component Installer             
F5FltSrv.exe                  2344 F5FltSrv                                    
F5TrafficSrv.exe              2212 F5TrafficSrv                                
svchost.exe                   2696 iphlpsvc                                    
MBAMService.exe               3100 MBAMService                                 
svchost.exe                   3144 LanmanServer                                
AdobeUpdateService.exe        3152 AdobeUpdateService                          
svchost.exe                   3184 SstpSvc                                     
SecurityHealthService.exe     3216 SecurityHealthService                       
svchost.exe                   3240 stisvc                                      
svchost.exe                   3260 TrkWks                                      
svchost.exe                   3272 WpnService                                  
AGSService.exe                3396 AGSService                                  
svchost.exe                   3492 WdiServiceHost                              
dasHost.exe                   3504 Nicht zutreffend                            
svchost.exe                   3820 TapiSrv                                     
svchost.exe                   3996 SSDPSRV                                     
svchost.exe                   4024 RasMan, wuauserv                            
svchost.exe                   2184 CDPSvc                                      
WmiPrvSE.exe                  5496 Nicht zutreffend                            
PresentationFontCache.exe     5580 FontCache3.0.0.0                            
svchost.exe                   5688 TokenBroker                                 
svchost.exe                   5928 TabletInputService                          
svchost.exe                   7552 LicenseManager                              
svchost.exe                   8512 PcaSvc                                      
svchost.exe                   8772 Netman                                      
svchost.exe                   8968 wscsvc                                      
aswidsagenta.exe              8992 aswbIDSAgent                                
HPSupportSolutionsFramewo    10220 HPSupportSolutionsFrameworkService          
TouchpointAnalyticsClient     2524 HPTouchpointAnalyticsService                
IntelMeFWService.exe         10160 Intel® ME Service                         
jhi_service.exe                844 jhi_service                                 
LMS.exe                      10984 LMS                                         
svchost.exe                  10844 StorSvc                                     
svchost.exe                   9576 lfsvc                                       
FoxitConnectedPDFService.    11928 FoxitReaderService                          
AppleMobileDeviceService.     9528 Apple Mobile Device Service                 
iPodService.exe              11376 iPod Service                                
svchost.exe                  18260 DsSvc                                       
svchost.exe                  38136 SysMain                                     
svchost.exe                  25424 upnphost                                    
svchost.exe                  41196 W32Time                                     
svchost.exe                  56772 DoSvc                                       
csrss.exe                    54212 Nicht zutreffend                            
winlogon.exe                 53836 Nicht zutreffend                            
fontdrvhost.exe              55124 Nicht zutreffend                            
dwm.exe                      45712 Nicht zutreffend                            
nvxdsync.exe                 10932 Nicht zutreffend                            
InsOnWMI.exe                 52472 Nicht zutreffend                            
HControl.exe                 39320 Nicht zutreffend                            
sihost.exe                   47596 Nicht zutreffend                            
svchost.exe                  48952 CDPUserSvc_6648f62                          
KBFiltr.exe                  52132 Nicht zutreffend                            
ATKOSD2.exe                  44220 Nicht zutreffend                            
svchost.exe                  46600 WpnUserService_6648f62                      
ACMON.exe                    54124 Nicht zutreffend                            
USBChargerPlus.exe           47436 Nicht zutreffend                            
ColorUService.exe            53696 Nicht zutreffend                            
taskhostw.exe                55524 Nicht zutreffend                            
DMedia.exe                   10636 Nicht zutreffend                            
BatteryLife.exe              54972 Nicht zutreffend                            
igfxEM.exe                    5152 Nicht zutreffend                            
igfxHK.exe                    4076 Nicht zutreffend                            
igfxTray.exe                  7436 Nicht zutreffend                            
explorer.exe                  9728 Nicht zutreffend                            
mbamtray.exe                  4704 Nicht zutreffend                            
ShellExperienceHost.exe      14004 Nicht zutreffend                            
SearchUI.exe                  3368 Nicht zutreffend                            
RuntimeBroker.exe             7316 Nicht zutreffend                            
RuntimeBroker.exe            10544 Nicht zutreffend                            
ctfmon.exe                    1460 Nicht zutreffend                            
ChsIME.exe                   16204 Nicht zutreffend                            
SettingSyncHost.exe          16320 Nicht zutreffend                            
MSASCuiL.exe                 14452 Nicht zutreffend                            
RAVCpl64.exe                 17216 Nicht zutreffend                            
RAVBg64.exe                  19208 Nicht zutreffend                            
AvastUI.exe                  18116 Nicht zutreffend                            
DptfPolicyLpmServiceHelpe    17308 Nicht zutreffend                            
ScanToPCActivationApp.exe    18628 Nicht zutreffend                            
lync.exe                      7320 Nicht zutreffend                            
svchost.exe                  22336 OneSyncSvc_6648f62,                         
                                   PimIndexMaintenanceSvc_6648f62,             
                                   UnistoreSvc_6648f62, UserDataSvc_6648f62    
rundll32.exe                 23160 Nicht zutreffend                            
PDVD10Serv.exe               21916 Nicht zutreffend                            
pdf24.exe                     4820 Nicht zutreffend                            
Creative Cloud.exe           23024 Nicht zutreffend                            
CCleaner64.exe               11596 Nicht zutreffend                            
AdobeIPCBroker.exe           20704 Nicht zutreffend                            
HPNetworkCommunicatorCom.    22272 Nicht zutreffend                            
LiveUpdate.exe               23680 Nicht zutreffend                            
svchost.exe                  35528 lmhosts                                     
AsusTPLoader.exe             36724 Nicht zutreffend                            
SkypeHost.exe                32872 Nicht zutreffend                            
Adobe Desktop Service.exe    40036 Nicht zutreffend                            
Adobe CEF Helper.exe         36220 Nicht zutreffend                            
RuntimeBroker.exe            36132 Nicht zutreffend                            
CoreSync.exe                 41048 Nicht zutreffend                            
Adobe CEF Helper.exe         41772 Nicht zutreffend                            
AsusTPCenter.exe             43252 Nicht zutreffend                            
CCXProcess.exe               49304 Nicht zutreffend                            
node.exe                     52216 Nicht zutreffend                            
conhost.exe                  55500 Nicht zutreffend                            
AsusTPHelper.exe             13596 Nicht zutreffend                            
firefox.exe                  12408 Nicht zutreffend                            
firefox.exe                  10828 Nicht zutreffend                            
firefox.exe                  12456 Nicht zutreffend                            
firefox.exe                  15216 Nicht zutreffend                            
firefox.exe                   2916 Nicht zutreffend                            
SearchIndexer.exe            13636 WSearch                                     
armsvc.exe                   23384 AdobeARMservice                             
svchost.exe                  27196 seclogon                                    
firefox.exe                   6992 Nicht zutreffend                            
firefox.exe                  11056 Nicht zutreffend                            
procexp.exe                  18824 Nicht zutreffend                            
procexp64.exe                31084 Nicht zutreffend                            
smartscreen.exe              36308 Nicht zutreffend                            
notepad.exe                  43600 Nicht zutreffend                            
audiodg.exe                  49968 Nicht zutreffend                            
powershell.exe               48592 Nicht zutreffend                            
conhost.exe                   5032 Nicht zutreffend                            
ApplicationFrameHost.exe     43128 Nicht zutreffend                            
RuntimeBroker.exe            55948 Nicht zutreffend                            
backgroundTaskHost.exe       55972 Nicht zutreffend                            
svchost.exe                  38480 WbioSrvc                                    
svchost.exe                  51732 wlidsvc                                     
WmiPrvSE.exe                  5508 Nicht zutreffend                            
tasklist.exe                  3488 Nicht zutreffend                            
 

 


  • 0

#4
RKinner
Posted 17 February 2018 - 04:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Doesn't appear to be running now.

 

Were you able to get Speccy to run?

 

Let's see if we can find how it starts and where it comes from:

 

Put

 

listener

 

in the FRST search box and  hit Search Files

 

You will get one file.  Please post it.  Repeat for Search Registry.


  • 0

#5
philon8
Posted 17 February 2018 - 06:16 PM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Were you able to get Speccy to run?
 
yes, i attached the file earier - didn't that work?

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
durchgeführt von Youlia (Administrator) auf YOULIAS (18-02-2018 00:54:28)
Gestartet von C:\Users\Youlia\Desktop
Geladene Profile: Youlia & defaultuser1 & Administrator (Verfügbare Profile: Youlia & defaultuser1 & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401888 2016-11-30] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23602864 2018-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2386392 2018-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4044158651-1248895399-1107232148-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Youlia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk [2018-02-17]
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{15415cb6-9391-4bc2-b415-97f180b29217}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7bdd3788-405f-47e1-90b2-8afd0285beda}: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{de2e7dd9-da57-4c1e-8cdb-75f84360391c}: [DhcpNameServer] 195.34.133.21 212.186.211.21

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10107__170128__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302 [2018-02-18]
FF NewTab: Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302 -> about:home
FF Extension: (AdBlocker Ultimate) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-12-13]
FF Extension: (Perapera Chinese) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-01-19] [Legacy]
FF Extension: (German Dictionary, extended for Austria) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-07-30] [Legacy]
FF Extension: (Simple YouTube to MP3/MP4 Converter) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-09-19]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2018-01-25]
FF Extension: (Avast SafePrice) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-12-05]
FF Extension: (Avast Online Security) - C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\Extensions\[email protected] [2017-10-12]
FF SearchPlugin: C:\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\14ld0zfz.default-1484763492302\searchplugins\google-lavasoft.xml [2017-01-28]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default [2018-02-13]
CHR Extension: (Slides) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-19]
CHR Extension: (YouTube) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-19]
CHR Extension: (Avast SafePrice) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-25]
CHR Extension: (Sheets) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
CHR Extension: (Avast Online Security) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-17]
CHR Extension: (Perapera Chinese Popup Dictionary) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcddplhfenagbaipfjhhcjmebhkkaif [2017-10-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-19]
CHR Extension: (Gmail) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-19]
CHR Extension: (Chrome Media Router) - C:\Users\Youlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-12-23] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [402960 2016-01-15] (F5 Networks, Inc.)
R2 F5FltSrv; C:\WINDOWS\SysWOW64\F5FltSrv.exe [340496 2016-01-15] (F5 Networks, Inc.)
R2 F5TrafficSrv; C:\WINDOWS\SysWOW64\F5TrafficSrv.exe [217104 2016-01-15] (F5 Networks, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [Datei ist nicht signiert]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [124928 2017-03-09] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
R3 cpuz143; C:\Users\Youlia\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2018-02-18] (CPUID) <==== ACHTUNG
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [47848 2016-01-15] (F5 Networks, Inc.)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2015-08-14] (F5 Networks, Inc.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 urvpndrv; C:\WINDOWS\System32\drivers\covpnv64.sys [45776 2015-08-14] (F5 Networks, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-02-18 00:54 - 2018-02-18 00:54 - 000000000 ____D C:\Users\Youlia\Desktop\FRST-OlderVersion
2018-02-17 21:39 - 2018-02-17 21:39 - 000115058 _____ C:\Users\Youlia\Desktop\YOULIAS_.txt
2018-02-17 21:38 - 2018-02-17 21:38 - 000115082 _____ C:\Users\Youlia\Desktop\YOULIAS.txt
2018-02-17 21:36 - 2018-02-17 21:36 - 000000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-02-17 21:36 - 2018-02-17 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-02-17 21:36 - 2018-02-17 21:36 - 000000000 ____D C:\Program Files\Speccy
2018-02-17 21:35 - 2018-02-17 21:35 - 006299336 _____ (Piriform Ltd) C:\Users\Youlia\Desktop\spsetup131.exe
2018-02-17 21:32 - 2018-02-17 21:32 - 000030624 _____ C:\junk.txt
2018-02-17 21:25 - 2018-02-17 21:25 - 000019744 _____ C:\Users\Youlia\Desktop\System Idle Process.txt
2018-02-17 21:14 - 2018-02-17 21:14 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Youlia\Desktop\procexp.exe
2018-02-11 11:47 - 2018-02-11 11:49 - 000060596 _____ C:\Users\Youlia\Desktop\Addition.txt
2018-02-11 11:46 - 2018-02-11 11:46 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-02-11 11:46 - 2018-02-11 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-02-11 11:46 - 2018-02-11 11:46 - 000000000 ____D C:\Program Files\iPod
2018-02-11 11:44 - 2018-02-11 11:46 - 000000000 ____D C:\Program Files\iTunes
2018-02-11 11:41 - 2018-02-18 00:56 - 000029779 _____ C:\Users\Youlia\Desktop\FRST.txt
2018-02-11 11:39 - 2018-02-18 00:54 - 002403840 _____ (Farbar) C:\Users\Youlia\Desktop\FRST64.exe
2018-02-11 11:28 - 2018-02-11 23:35 - 000000000 ____D C:\Users\Public\Foxit Software
2018-02-11 11:27 - 2018-02-11 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-02-11 11:27 - 2018-02-11 11:27 - 000000000 ____D C:\ProgramData\Foxit Software
2018-02-11 11:27 - 2018-02-11 11:27 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2018-02-11 11:24 - 2018-02-18 00:54 - 000000000 ____D C:\FRST
2018-02-11 10:38 - 2018-02-11 11:08 - 000000000 ____D C:\Users\Youlia\AppData\Local\PlaceholderTileLogoFolder
2018-02-11 10:36 - 2018-02-11 10:36 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-09 12:38 - 2018-02-09 12:38 - 000000000 ____D C:\Users\Youlia\Documents\Benutzerdefinierte Office-Vorlagen
2018-02-09 11:20 - 2018-02-09 11:28 - 000000000 ____D C:\Users\Youlia\Documents\PVA+Steuern
2018-02-09 11:17 - 2018-02-09 11:20 - 000000000 ____D C:\Users\Youlia\Documents\bank
2018-02-08 09:57 - 2018-02-08 09:57 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 09:57 - 2018-02-08 09:57 - 000002209 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-08 09:57 - 2018-02-08 09:57 - 000000000 ____D C:\Program Files\Google
2018-02-06 14:50 - 2018-02-06 14:50 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\Grammarly
2018-02-04 18:08 - 2018-02-04 18:08 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-02-04 18:08 - 2018-02-04 18:08 - 000001292 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-02-02 20:38 - 2018-02-03 17:24 - 000000000 ____D C:\Users\Youlia\Desktop\Rosengarten_Theseustempel
2018-01-31 19:58 - 2018-01-31 19:58 - 000003606 _____ C:\WINDOWS\System32\Tasks\[email protected]
2018-01-29 21:54 - 2018-01-29 21:54 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\Packages
2018-01-29 21:53 - 2018-01-29 21:53 - 000000020 ___SH C:\Users\defaultuser1\ntuser.ini
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Vorlagen
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Startmenü
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Netzwerkumgebung
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Lokale Einstellungen
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Eigene Dateien
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Druckumgebung
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Documents\Eigene Videos
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Documents\Eigene Musik
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Documents\Eigene Bilder
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\AppData\Local\Verlauf
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\AppData\Local\Anwendungsdaten
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 _SHDL C:\Users\defaultuser1\Anwendungsdaten
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 __SHD C:\Users\defaultuser1\IntelGraphicsProfiles
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\VirtualStore
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\ConnectedDevicesPlatform
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\ASUS
2018-01-29 21:53 - 2018-01-29 21:53 - 000000000 ____D C:\Users\defaultuser1
2018-01-22 17:21 - 2016-03-26 11:09 - 302389543 _____ C:\Users\Youlia\Documents\Werdeverrückt.Wiedubekommstwasduwirklich-wirklichwillst_ep9_SN2Pajk21ikYyWunm7aLa4T4xhWlX25RQi_VcCiNZLLaxNKYxUFc6Z0MImZSdw.aax

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-02-18 00:37 - 2017-12-08 19:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-17 23:27 - 2017-12-08 19:45 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForYoulia
2018-02-17 23:27 - 2017-03-12 11:52 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForYoulia.job
2018-02-17 21:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-17 20:42 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-17 20:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-17 20:40 - 2017-12-08 19:45 - 000003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-02-17 20:40 - 2017-12-08 19:45 - 000003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-02-17 20:39 - 2017-12-08 19:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-17 20:37 - 2015-11-20 17:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-17 20:37 - 2015-05-25 12:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-17 20:34 - 2016-12-04 11:21 - 000000000 ____D C:\Users\Youlia\AppData\LocalLow\Mozilla
2018-02-17 20:30 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-17 20:30 - 2015-05-25 18:05 - 000000000 ____D C:\Users\Youlia\AppData\Local\Adobe
2018-02-17 20:30 - 2015-05-24 19:22 - 000000074 _____ C:\Users\Youlia\AppData\Roaming\sp_data.sys
2018-02-17 20:29 - 2017-04-13 17:25 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-02-17 20:24 - 2017-08-06 14:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-17 20:24 - 2016-01-07 14:32 - 000000000 __SHD C:\Users\Youlia\IntelGraphicsProfiles
2018-02-14 10:16 - 2017-10-11 10:43 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 10:15 - 2015-05-25 12:37 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-14 10:11 - 2017-08-29 21:51 - 000000000 ____D C:\Users\Youlia\Desktop\Unbenannter Export
2018-02-14 10:08 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-14 10:04 - 2015-08-14 07:20 - 000000000 ____D C:\Users\Youlia\Documents\Sonstiges
2018-02-14 09:15 - 2017-09-19 16:56 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-14 09:15 - 2017-09-19 16:56 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-13 11:50 - 2017-03-23 08:14 - 000000000 ____D C:\Users\Youlia\Documents\AMS
2018-02-11 11:29 - 2017-01-28 12:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 11:29 - 2015-05-24 23:37 - 000001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-11 11:28 - 2015-05-24 19:30 - 000001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-11 11:27 - 2015-05-25 18:49 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\Foxit Software
2018-02-11 10:40 - 2017-08-18 14:11 - 000000000 ___RD C:\Users\Youlia\Creative Cloud Files
2018-02-11 10:32 - 2017-12-27 14:34 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-11 10:32 - 2017-12-08 19:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-11 10:31 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-10 23:34 - 2015-05-25 17:38 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\Audacity
2018-02-10 14:56 - 2014-10-31 21:04 - 000000000 ____D C:\Users\Youlia\Documents\CV & Co
2018-02-09 11:25 - 2015-08-09 04:00 - 000000000 ____D C:\Users\Youlia\AppData\Roaming\vlc
2018-02-08 14:33 - 2017-07-06 14:41 - 000000000 ____D C:\Users\Youlia\Documents\#BSP_Aut
2018-02-07 20:28 - 2017-12-08 19:09 - 000000000 ____D C:\Users\Youlia\AppData\Local\Packages
2018-02-06 14:50 - 2017-10-19 12:07 - 000000000 ____D C:\Users\Youlia\AppData\Local\Package Cache
2018-02-06 03:49 - 2018-01-10 17:46 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-06 03:49 - 2018-01-10 17:46 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-04 18:08 - 2015-05-25 18:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-04 18:07 - 2017-03-15 19:14 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-04 17:19 - 2014-08-11 20:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-04 17:18 - 2017-12-08 19:08 - 000000000 ____D C:\Users\Youlia
2018-02-02 19:38 - 2015-06-14 19:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-31 10:18 - 2017-12-08 19:45 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4044158651-1248895399-1107232148-1001
2018-01-31 10:17 - 2016-01-07 14:38 - 000002392 _____ C:\Users\Youlia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 10:17 - 2014-08-11 15:41 - 000000000 __RDO C:\Users\Youlia\SkyDrive
2018-01-30 18:21 - 2015-05-24 19:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 21:56 - 2017-12-05 21:29 - 000000000 ____D C:\Users\Youlia\Desktop\VIE 2go
2018-01-25 11:37 - 2017-12-08 19:34 - 002182554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-25 11:37 - 2017-09-30 15:35 - 000961228 _____ C:\WINDOWS\system32\perfh007.dat
2018-01-25 11:37 - 2017-09-30 15:35 - 000214528 _____ C:\WINDOWS\system32\perfc007.dat
2018-01-23 09:55 - 2013-12-13 05:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-21 16:22 - 2017-12-08 19:45 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-21 16:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-24 19:22 - 2018-02-17 20:30 - 000000074 _____ () C:\Users\Youlia\AppData\Roaming\sp_data.sys
2017-12-06 14:56 - 2017-12-06 14:56 - 000010506 _____ () C:\Users\Youlia\AppData\Local\recently-used.xbel
2015-07-28 11:57 - 2015-07-28 11:57 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{19C194C1-FAC0-483C-88DB-FBF56112579A}
2015-07-30 14:59 - 2015-07-30 14:59 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{400A3B5D-7BFF-4919-A0AA-306CD17AF180}
2015-08-03 12:04 - 2015-08-03 12:04 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{70860BD2-9364-4317-80E1-A5FCF73B69A5}
2015-07-25 15:05 - 2015-07-25 15:05 - 000000000 _____ () C:\Users\Youlia\AppData\Local\{801CA561-3A4A-44D0-8499-CA26687640FB}

Einige Dateien in TEMP:
====================
2018-02-11 11:26 - 2015-09-28 10:45 - 004990656 _____ (Foxit Corporation) C:\Users\Youlia\AppData\Local\Temp\FoxitUpdater.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-02-08 23:39

==================== Ende von FRST.txt ============================

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17.02.2018
durchgeführt von Youlia (18-02-2018 00:57:34)
Gestartet von C:\Users\Youlia\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-08 18:52:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4044158651-1248895399-1107232148-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4044158651-1248895399-1107232148-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-4044158651-1248895399-1107232148-1004 - Limited - Enabled) => C:\Users\defaultuser1
Gast (S-1-5-21-4044158651-1248895399-1107232148-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044158651-1248895399-1107232148-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4044158651-1248895399-1107232148-504 - Limited - Disabled)
Youlia (S-1-5-21-4044158651-1248895399-1107232148-1001 - Administrator - Enabled) => C:\Users\Youlia

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.0.294 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.12 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 71.2015.0815.0150 - F5 Networks, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2015.0815.0150 - F5 Networks, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{B443A4BE-E688-43BD-B152-6724A38437B1}) (Version: 6.6.129 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\{da7635e6-2ab8-496a-b5b5-8f82fb640c16}) (Version: 6.6.129 - Grammarly)
HappyFoto-Designer 5.4 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
HP Photosmart 5510 series - Grundlegende Software für das Gerät (HKLM\...\{8133D9DE-F412-4CFB-A359-5E3EE38A9A19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Hilfe (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{1A63A05F-AC57-47A2-B94C-CEACBB65A7C2}) (Version: 12.7.2.58 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
Malwarebytes Version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.0.6592 - Mozilla)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
PDF24 Creator 8.0.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plan4You Easy (HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\3526547238.plan4youeasy.haude.at) (Version:  - plan4youeasy.haude.at)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Subtitle Edit 3.5.0 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.5.0.0 - Nikse)
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.4.0.3 - ) <==== ACHTUNG
Update for CHS Microsoft IME HAP Dictionary (HKLM\...\{50822466-5571-4B7A-B3FC-A58760DDAEE9}) (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C567DFDEC351}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Youlia\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.129\22152B6ACD\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02A58704-8361-4625-88A5-1F8389113B9B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-02-14] (Microsoft Corporation)
Task: {0AE9797D-2C12-4951-AF70-BA6F38FB3370} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0AF1CE32-D940-4C9B-9266-36F8AC953ED3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\ASUS InstantOn Config" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\ASUS Live Update1" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\ASUS Live Update2" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\ASUS P4G" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\ASUS Smart Gesture Launcher" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\ASUS Splendid ACMON" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\ASUS Splendid ColorU" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\ASUS USB Charger Plus" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AsusVibeSchedule" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVGPCTuneUp_Task_BkGndMaintenance" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\HP AR Program Upload - 98845e3370a34c5aabe75c2437b220b7ffe63c6d9a5f4ee4a6cf6df1b53b57d1" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\HP AR Program Upload - b29874c1857f4471b2907872543f4baa32095ef77b6a4c33bcfc6f886f6a95e2" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\HP AR Program Upload - fe0a7de4538f4110834cc1ed6e58857e490f5901ceeb410d9c382e4fe4be349e" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\HPCeeScheduleForYoulia" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4044158651-1248895399-1107232148-1001" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\Optimize Start Menu Cache Files-S-1-5-21-4044158651-1248895399-1107232148-500" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN "\P4GIntlCtrl" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(23): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1458681407" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(24): schtasks.exe -> /Change /TN "\Update Checker" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(25): schtasks.exe -> /Change /TN "\{F811C68C-28A1-47D2-92A3-B93611A8A96A}" /ENABLE
Task: {0FE887AD-A0DB-404A-85BC-1D02BC9846AB} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(26): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {11822DC4-88C1-4628-81C8-F40960D79731} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {1605E077-5E3E-462B-97D6-DF6233B1EAF7} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {1D588A65-4CB3-4E29-99AE-31FC21808256} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {1F918198-FC97-453E-A536-96DA24EBFED6} - System32\Tasks\HPCeeScheduleForYoulia => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1FD13054-35BC-4D21-B732-E01DFE936750} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {22FE3DAB-4595-4977-9D1B-1C578E891CB7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {2B8EB4FF-5F94-4E10-983A-68C437577D33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {2DE89E42-F488-429F-9DF5-CC2919B39A45} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {2E6FCC44-4103-4514-B525-DB8619563654} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {303D9414-AB72-4916-A09B-29CD5618BF8B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {309E8FD0-94AB-4094-908C-9B7076A27A80} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {31839ABE-0287-42F6-A5F1-E1ED54B8DB22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {322B86CB-734C-4683-989F-4FCDF333B2FB} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {341F482A-2F67-41CA-B8AD-EC156B4830B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {353AA3BC-A62C-42CC-BB58-3DD7D851997F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {35EE15F5-FC9C-49FE-919D-815FA2B232F6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {3B2A0D2D-6E32-4B86-81CD-26BA8DD1A1C9} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {426FA741-A500-4AF2-9B9A-95D589D7B879} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {464B1EF3-7BEE-4FD3-A8EA-3E604BAB294B} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {47180A09-7A82-4384-ABA1-B66088CC9E38} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {4B3C0153-AAAD-41C8-8967-B0FDA36C7AC1} - System32\Tasks\{F811C68C-28A1-47D2-92A3-B93611A8A96A} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Youlia\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=obw
Task: {5A5360FC-775F-45E4-A0B9-6325C92311EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {5A6F040D-CBA2-4747-BD02-539A927F7510} - System32\Tasks\SafeZone scheduled Autoupdate 1458681407 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {5D3CE5FE-0125-4296-98BE-F5EFFECF8373} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {66479732-FFD3-4B8F-A497-348F69350567} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6A60AD1B-DD9A-498C-B0D0-758B209EEF99} - System32\Tasks\HP AR Program Upload - fe0a7de4538f4110834cc1ed6e58857e490f5901ceeb410d9c382e4fe4be349e => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6DE04A00-908A-4B68-85FA-D6340873936D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {7144A95E-09A1-4408-95FB-39E9D55A3F5A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {728120B0-889C-466D-8D9C-C1989AAF6A74} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7892EACD-926C-4FD3-9BEC-1135E407D44E} - System32\Tasks\HP AR Program Upload - b29874c1857f4471b2907872543f4baa32095ef77b6a4c33bcfc6f886f6a95e2 => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {83FD9510-6861-41B0-8C0F-BDF7CB0D7D07} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
Task: {88FCABD6-82D8-46DD-898E-44804B4EF3A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-19] (Microsoft Corporation)
Task: {93754BF0-9D12-4C51-A565-1B16776AFC0A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {955AA6FE-FADB-4EAA-9B34-51F63C35953D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {A113D874-E2CD-4BF7-B486-7257640DBE14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)
Task: {A55AB514-A863-459A-BA14-F92EF6C68A78} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A951099C-47CD-4A6A-9BF8-6B73375CE669} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {AD9CCC7A-6A2A-45CF-B339-021B174903AA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {ADDCE688-CA45-4A3D-845D-6BC78EB0DCEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {B185F85D-7686-4B86-8106-597D3A084D69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {B95CBBB6-846A-4821-81AE-7748BB473EEF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {BC902AC2-E5BD-4D18-B20C-5536F08ABFEB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {BE9E7C4A-AF6E-4CD8-8308-EFBA3B672D32} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {BEC671D5-BFB2-4B34-9FFA-12CD4F6FFE19} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {C33FBEFB-BA33-4630-988C-147302840D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C400B561-A703-48D0-80BD-C93AEFC5E035} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C4D2CC01-D8C1-4BD4-8FFB-DBE79B3C8D47} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E1FC8871-B8B4-43ED-9631-6C11AED5918E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {EAFF4068-A047-4098-A5E7-27D4D0565DDA} - System32\Tasks\HP AR Program Upload - 98845e3370a34c5aabe75c2437b220b7ffe63c6d9a5f4ee4a6cf6df1b53b57d1 => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {F7EE0A23-1DE5-400C-95C7-F16CC86FCD18} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {FCB83B34-D86B-4CB1-9294-D1FCA9AF9A64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForYoulia.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-12-27 14:33 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-06 14:35 - 2016-08-01 13:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-29 17:01 - 2013-08-29 17:01 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-11-30 21:57 - 2016-11-30 21:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-01-04 09:04 - 2018-01-04 09:04 - 000649672 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-12-13 10:52 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 10:51 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-21 18:49 - 2016-12-21 18:49 - 000065536 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-30 14:37 - 2018-01-30 14:38 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-30 14:37 - 2018-01-30 14:38 - 000667136 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-04 09:04 - 2018-01-04 09:04 - 035292104 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2017-12-22 11:25 - 2017-12-22 11:25 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000067920 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2014-03-03 11:54 - 2013-10-23 14:44 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-10-08 21:41 - 2013-10-08 21:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 19:23 - 2013-09-09 19:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-07-10 09:31 - 2017-07-10 09:31 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 11:25 - 2017-12-22 11:25 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 11:24 - 2017-12-22 11:24 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-08-06 15:51 - 2017-08-06 15:51 - 001754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll
2017-08-06 15:52 - 2018-01-19 11:40 - 000039112 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll
2018-01-30 21:28 - 2018-01-30 21:28 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2013-04-27 09:24 - 2013-04-27 09:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-01-30 08:39 - 2018-01-30 08:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-01-30 21:53 - 2018-01-30 21:53 - 000099792 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Youlia\Documents\Werdeverrückt.Wiedubekommstwasduwirklich-wirklichwillst_ep9_SN2Pajk21ikYyWunm7aLa4T4xhWlX25RQi_VcCiNZLLaxNKYxUFc6Z0MImZSdw.aax:com.dropbox.attributes [220]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\sharepoint.com -> hxxps://univie-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\univie.ac.at -> hxxps://vpn.univie.ac.at
IE trusted site: HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\Control Panel\Desktop\\Wallpaper -> D:\#BILDER\ART\desktop\DSC03101 (2).JPG
HKU\S-1-5-21-4044158651-1248895399-1107232148-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4044158651-1248895399-1107232148-500\Control Panel\Desktop\\Wallpaper -> C:\windows\asus\wallpapers\asus.jpg
DNS Servers: 195.34.133.21 - 212.186.211.21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_83F8AB2A88589303BB46D582CAF2367C"
HKU\S-1-5-21-4044158651-1248895399-1107232148-1001\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{EAFA4184-0A79-462C-85C5-DB81E3163B6E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EF79B694-5E64-40D2-8F94-2AD285F84B34}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BB069C27-6B8F-4576-9B1C-951B9694BBEA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{AB751026-F8EA-43CD-96FA-11483E1FF9A7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{E5B31CB5-77E0-4B62-B598-397A2EB0916A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{30DDCD14-70BA-449D-848C-237375101812}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6706E3D3-9BC2-4EEC-9D8A-ECC28A3A9559}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FF52E790-9FF2-4A57-879C-0B0EF8F32CC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6E5A7C8B-1F81-4C29-83B5-74E91A279516}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC3597B1-3370-4ED2-B901-754B65661155}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F2A4FB3-C57E-48B6-9AC6-30E56D39CD1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65F960CB-D65A-485F-BFFD-50F56C7E065E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38FF7F21-E163-435C-9A95-01B4DF60DE90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{FDCF489C-DAB7-42B7-B4BF-E0E01D3DC77D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{403EE3F8-5A8E-4E99-AA84-7CFA2F751D69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F0D522F0-17E4-4C22-B4BD-447B0EFF7B9D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B12A6ACD-9514-4340-9BB1-014C5E61E05C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4DE8AF9F-7B33-45DA-B20D-55D01ED3E071}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{720F8B52-F1E4-491E-86E7-5CA40208B326}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49DF9283-2D08-4D73-BFF8-1293AF60D8BE}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{6536186A-51E7-496F-A54C-E583C5809345}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A60AE355-AFC3-4813-8D74-5F20A1761678}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{B6B0CC0C-5C8C-4776-A904-AB45DB43D5E4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{68983AAB-C2AC-4323-A8D1-9779B9116E31}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5C4E00ED-E156-4DF9-9844-355EC77C79ED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA6E6A1F-77E5-4ED7-BF69-E32CF8A5DA90}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BA393B52-BF65-4FC6-BB02-E93F3FEB442A}] => (Allow) C:\Users\Youlia\AppData\Local\Temp\7zS2D11\HPDiagnosticCoreUI.exe
FirewallRules: [{A499A4D7-F580-4708-A548-10A9D74EBB9C}] => (Allow) C:\Users\Youlia\AppData\Local\Temp\7zS2D11\HPDiagnosticCoreUI.exe
FirewallRules: [{AED95513-9673-4D27-A8CF-B9069FE211C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E3FEEAB3-6D71-426F-A63F-90741BE1331F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{BA0BF004-BF50-474C-ADC4-4B722CD7991B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7F13C948-E27D-448B-B901-5BA78182910F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

04-02-2018 18:03:11 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
07-02-2018 18:41:07 Windows Update
14-02-2018 09:52:04 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/17/2018 09:20:16 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst ".NETFramework" in der DLL "C:\WINDOWS\system32\mscoree.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/17/2018 08:39:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/17/2018 08:32:47 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (02/17/2018 08:32:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UpdateChecker.exe, Version: 0.0.0.0, Zeitstempel: 0x54dc4378
Name des fehlerhaften Moduls: alvupdt.dll, Version: 1.0.0.10, Zeitstempel: 0x5510b8fc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000110ad
ID des fehlerhaften Prozesses: 0x9af8
Startzeit der fehlerhaften Anwendung: 0x01d3a82598535e49
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
Berichtskennung: 75dab75d-5b51-4fe6-89d4-d8fe4611042e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/14/2018 01:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (02/14/2018 01:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250

Error: (02/14/2018 01:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2018 08:20:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7653922


Systemfehler:
=============
Error: (02/17/2018 09:03:28 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{F3B4E234-7A68-4E43-B813-E4BA55A065F6}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/17/2018 09:01:27 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2018 08:40:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2018 08:31:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2018 08:28:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2018 08:26:50 PM) (Source: DCOM) (EventID: 10010) (User: YOULIAS)
Description: Der Server "Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/14/2018 09:32:29 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/14/2018 09:16:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================

Date: 2018-02-18 00:50:04.817
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-18 00:50:04.812
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-18 00:39:04.294
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-18 00:39:04.288
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-18 00:38:56.294
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-18 00:38:56.290
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-18 00:24:03.874
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-18 00:24:03.869
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 8075.4 MB
Verfügbarer physikalischer RAM: 3511.84 MB
Summe virtueller Speicher: 11275.4 MB
Verfügbarer virtueller Speicher: 5455.94 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:182.4 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:39.72 GB) NTFS

\\?\Volume{82993164-463b-4e7a-b6fa-2d0b20b1f117}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{3d1b02a0-61db-4c35-8939-fdb74cc91cc2}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.48 GB) NTFS
\\?\Volume{0985e722-1ad4-44dc-add7-bb6a2e789b54}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.85 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2E04B146)

Partition: GPT.

==================== Ende von Addition.txt ============================

 

 

Farbar Recovery Scan Tool (x64) Version: 17.02.2018
durchgeführt von Youlia (18-02-2018 00:59:16)
Gestartet von C:\Users\Youlia\Desktop
Start-Modus: Normal

================== Datei-Suche: "listener" =============


====== Ende von Suche ======

 

 

Farbar Recovery Scan Tool (x64) Version: 17.02.2018
durchgeführt von Youlia (18-02-2018 01:13:45)
Gestartet von C:\Users\Youlia\Desktop
Start-Modus: Normal

================== Registry-Suche: "listener" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C4CDC408-581C-4480-9FFE-3B1C78D5C20D}]
""="HomeGroup Listener Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C4CDC408-581C-4480-9FFE-3B1C78D5C20D}]
"LocalSystem"="HomeGroupListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01F3E95C-7D8F-46e6-A408-9BA5D1FA5067}]
""="Alpha Listener XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{125B0F61-0EC3-4f07-9A49-AFB340D9E57F}]
""="File History Listener CLSID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A9C5D-36F4-4e3e-BD47-F5F207425085}]
""="HomeGroup Printing Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}]
""="CTrkEvntListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}\ProgID]
""="COMEXPS.CTrkEvntListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}]
""="HomeGroup Security Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5255EFED-103A-4444-B124-F88F99E4EF8D}]
""="HomeGroup Printer Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A2A9381-5A92-4296-9397-564673AE1FDD}]
""="CLSID_HomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}]
""="Windows.Internal.Management.AlertListener.DeviceManagementOperationMessageReceivedStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}\InProcServer32]
""="C:\Windows\System32\\DMAlertListener.ProxyStub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DD062C7-B6E6-4702-98B0-6E6AB46C877D}]
""="Security Listener XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AAE5B4F-488C-419b-95E2-923F2AA70FFD}]
""="Sharing Listener XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}]
""="HomeGroup Alpha Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{956FADED-2450-4ABB-9F8C-4629FAFEBB92}]
""="HomeGroup Listener Encryption"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCA7305F-56F7-43A4-BF2C-BFD674E7BBE8}]
""="AppSpatialInformationListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}]
""="Idenity Listener CLSID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}]
""="HomeGroup Sharing Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc3-7f19-11d2-978e-0000f8757e2a}]
""="QC Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc4-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.ListenerHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}]
""="COM+ QC Dead Letter Queue Listener Starter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.DLQListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3d41391-58aa-4590-83bd-c119b6882a20}]
""="Device Directory Client WNS Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMEXPS.CTrkEvntListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMEXPS.CTrkEvntListener]
""="CTrkEvntListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03F8C745-6420-49DF-A9F4-F05FD7D1C940}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIFileActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08F4003F-BC71-49E1-874A-31DDFF9A27B9}]
""="__x_Windows_CSystem_CRemoteSystems_CIRemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0fbad8c7-086f-5bf9-81e2-8d79e7184803}]
""="IAsyncOperation_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10242902-b897-5507-9922-2c0a7d34464d}]
""="ITypedEventHandler_2_Windows__CUI__CNotifications__CManagement__CUserNotificationListener_Windows__CUI__CNotifications__CUserNotificationChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12025C48-E604-4AF0-AA8B-DC449EC7A9D3}]
""="IMyPeopleSettingsListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{123C8CAC-27D7-4C83-989E-787CC26B90A3}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppActivitySessionListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{127592FB-9CAF-4411-BD99-A62B924A5D39}]
""="IHomeGroupListenerManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{137E6A4E-E7C5-451C-BD05-095CFD45AD54}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIIHMListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14EB7F37-5973-400A-AE89-8B1C6702E10A}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CILockActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18A242BB-D338-56C4-9559-568D5C2C3E93}]
""="__FITypedEventHandler_2_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationListener_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{269FBB13-5213-45A0-82C3-B4AA2F2A8871}]
""="__x_Windows_CStorage_CPickers_CInternal_CICachedFileUpdatePolicyListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2EC6FEAC-B62E-4499-A136-FFCBA5E05F0B}]
""="ITabletModeAvailabilityChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33d00d41-c94f-5a61-9ab7-280dcefa0b08}]
""="ITypedEventHandler_2_Windows__CNetworking__CSockets__CStreamSocketListener_Windows__CNetworking__CSockets__CStreamSocketListenerConnectionReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3886CFAC-D6C4-4AF1-8B2C-00885F428E86}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewTitleChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42C5BB25-1F0E-43C4-B5BF-3C94BE37CD85}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIUserPresenceListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44BCCA94-FD00-4782-8068-847E18ED552D}]
""="IHomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46B7F8B4-7994-436D-9454-7966BB126D03}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIThemeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5615569D-04E8-42B6-A632-5E5738E81DF1}]
""="IRpcObjectEventListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B2AE522-F16F-40CE-A7CA-FF6D78AEA699}]
""="IDownloadListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C616ABC-7341-4100-950B-69F3B00F548C}]
""="ILauncherTipContextMenuSettingChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62553e41-8a06-4cef-8215-6033a5be4b03}]
""="IUserNotificationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{631128E4-0022-449E-ACCC-DDB2A2CC046B}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppActivitySessionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{647A61B2-1338-468E-A372-32E0271185C2}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewTitleChangeListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6701AB9F-04B6-5993-9F10-721046A2FF9C}]
""="__FITypedEventHandler_2_DevicesFlowInteraction__CConnection__CIDeviceConnectionListener_DevicesFlowInteraction__CConnection__CIConnectionStateChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{67AA6DE9-E367-4622-AD00-F436B1980E17}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{699C1B0D-8D13-4EE9-B9EC-9C72F8251F7D}]
""="Windows.Devices.WiFiDirect.IWiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F725C18-6C52-4466-9671-5C17E2E3885F}]
""="IPackageServicingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{727F9E97-76EE-497B-A942-B6371328485C}]
""="IApplicationViewChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{751BF136-B53E-46F0-AEF0-253A91AB8DED}]
""="IContinuousReadingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AD2B172-99D4-4B40-88F6-CD2422C362F7}]
""="IAppSpatialInformationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C0FFAB2-CD84-11D0-949A-00A0C91110ED}]
""="DataSourceListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CB6F89A-29CE-484F-BB9C-146919112235}]
""="__x_Windows_CUI_CWebUI_CPrivate_CIWebUIActivationEventListenersPrivate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86FB57A6-3C81-4F40-A971-6280BE4E526E}]
""="ITabletModeChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B78226F-0431-4F5D-9AE1-5040C0215993}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E249E31-FD7A-4FB0-9A23-721B68E5318F}]
""="__x_DevicesFlowInteraction_CConnection_CIDeviceConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E4ACADC-549F-40BD-AEA2-27D09522D7BC}]
""="__x_SttProxy_CIProxyMessageReceivedListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230203-D6A7-11D8-B9FD-000BDBD1F198}]
""="IWTSListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230206-9A39-4D58-8674-CDB4DFF4E73B}]
""="IWTSListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF61E1BC-1BCA-45EC-8563-F557A9B8EF68}]
""="IPublicationServicesListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC51F0FC-48D9-4E33-A38C-85546B542FE7}]
""="__x_Windows_CInternal_CSecurity_CAuthentication_CWeb_CITokenBrokerListenerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE8BCA0A-3E6F-4E15-915D-AA5EB8D14040}]
""="IWalletBackgroundAgentListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{d04b0403-1fe2-532f-8e47-4823a14e624f}]
""="__FITypedEventHandler_2_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionListener_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionRequestedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D26FC0D8-8F86-49BA-ABB5-54E1F60F2639}]
""="IWalletItemListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{dd06f943-6e3d-4baf-ab06-39a8aa31e94f}]
""="IDockConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3F6E60-F7CA-48CF-8B1C-52CF3138EC77}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CIBioFeedbackListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF82CA6C-F3B0-4584-8158-8E072E4417E7}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIFileActivityListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0E270C1-C0BE-11D0-8FE4-00A0C90A6341}]
""="OLEDBSimpleProviderListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E13B9A7F-EC39-4E7F-9970-12F348C89FD0}]
""="IStateEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E25EA085-8F3A-4CA5-86A9-5FD4A743E43D}]
""="AsyncIStateEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3AFD5FD-3B03-453D-91CE-EBBDA9B8BEA1}]
""="ICbsSessionObserverListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9821DD9-A9B2-47C8-9AAC-7B6B042EF0B0}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CITaskDataListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED0D9BCC-073A-4034-90BC-8663D4AFE12C}]
""="IPrintDocumentPackageStatusEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EEE09C07-2734-4CC1-A6F4-696BF5CFBC5E}]
""="ICmiLogListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f09e843a-13cb-559b-a9fc-015722c2cd57}]
""="IAsyncOperationCompletedHandler_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ff6123cf-4386-4aa3-b73d-b804e5b63b23}]
""="IUserNotificationListenerStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.DLQListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.DLQListener]
""="QC Dead Letter Queue Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.ListenerHelper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.ListenerHelper]
""="QCListener Helper Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}]
""="CTrkEvntListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}\ProgID]
""="COMEXPS.CTrkEvntListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}]
""="HomeGroup Security Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5255EFED-103A-4444-B124-F88F99E4EF8D}]
""="HomeGroup Printer Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6A2A9381-5A92-4296-9397-564673AE1FDD}]
""="CLSID_HomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}]
""="Windows.Internal.Management.AlertListener.DeviceManagementOperationMessageReceivedStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}\InProcServer32]
""="C:\Windows\SysWOW64\\DMAlertListener.ProxyStub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}]
""="HomeGroup Alpha Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{956FADED-2450-4ABB-9F8C-4629FAFEBB92}]
""="HomeGroup Listener Encryption"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCA7305F-56F7-43A4-BF2C-BFD674E7BBE8}]
""="AppSpatialInformationListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}]
""="Idenity Listener CLSID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}]
""="HomeGroup Sharing Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafc3-7f19-11d2-978e-0000f8757e2a}]
""="QC Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafc4-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.ListenerHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}]
""="COM+ QC Dead Letter Queue Listener Starter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.DLQListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08F4003F-BC71-49E1-874A-31DDFF9A27B9}]
""="__x_Windows_CSystem_CRemoteSystems_CIRemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0fbad8c7-086f-5bf9-81e2-8d79e7184803}]
""="IAsyncOperation_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10242902-b897-5507-9922-2c0a7d34464d}]
""="ITypedEventHandler_2_Windows__CUI__CNotifications__CManagement__CUserNotificationListener_Windows__CUI__CNotifications__CUserNotificationChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12025C48-E604-4AF0-AA8B-DC449EC7A9D3}]
""="IMyPeopleSettingsListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{127592FB-9CAF-4411-BD99-A62B924A5D39}]
""="IHomeGroupListenerManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{137E6A4E-E7C5-451C-BD05-095CFD45AD54}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIIHMListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14EB7F37-5973-400A-AE89-8B1C6702E10A}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CILockActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18A242BB-D338-56C4-9559-568D5C2C3E93}]
""="__FITypedEventHandler_2_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationListener_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{269FBB13-5213-45A0-82C3-B4AA2F2A8871}]
""="__x_Windows_CStorage_CPickers_CInternal_CICachedFileUpdatePolicyListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC6FEAC-B62E-4499-A136-FFCBA5E05F0B}]
""="ITabletModeAvailabilityChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{33d00d41-c94f-5a61-9ab7-280dcefa0b08}]
""="ITypedEventHandler_2_Windows__CNetworking__CSockets__CStreamSocketListener_Windows__CNetworking__CSockets__CStreamSocketListenerConnectionReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44BCCA94-FD00-4782-8068-847E18ED552D}]
""="IHomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46B7F8B4-7994-436D-9454-7966BB126D03}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIThemeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5615569D-04E8-42B6-A632-5E5738E81DF1}]
""="IRpcObjectEventListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B2AE522-F16F-40CE-A7CA-FF6D78AEA699}]
""="IDownloadListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C616ABC-7341-4100-950B-69F3B00F548C}]
""="ILauncherTipContextMenuSettingChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{62553e41-8a06-4cef-8215-6033a5be4b03}]
""="IUserNotificationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6701AB9F-04B6-5993-9F10-721046A2FF9C}]
""="__FITypedEventHandler_2_DevicesFlowInteraction__CConnection__CIDeviceConnectionListener_DevicesFlowInteraction__CConnection__CIConnectionStateChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{699C1B0D-8D13-4EE9-B9EC-9C72F8251F7D}]
""="Windows.Devices.WiFiDirect.IWiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6F725C18-6C52-4466-9671-5C17E2E3885F}]
""="IPackageServicingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{727F9E97-76EE-497B-A942-B6371328485C}]
""="IApplicationViewChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{751BF136-B53E-46F0-AEF0-253A91AB8DED}]
""="IContinuousReadingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AD2B172-99D4-4B40-88F6-CD2422C362F7}]
""="IAppSpatialInformationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C0FFAB2-CD84-11D0-949A-00A0C91110ED}]
""="DataSourceListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB6F89A-29CE-484F-BB9C-146919112235}]
""="__x_Windows_CUI_CWebUI_CPrivate_CIWebUIActivationEventListenersPrivate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{86FB57A6-3C81-4F40-A971-6280BE4E526E}]
""="ITabletModeChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E249E31-FD7A-4FB0-9A23-721B68E5318F}]
""="__x_DevicesFlowInteraction_CConnection_CIDeviceConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9E4ACADC-549F-40BD-AEA2-27D09522D7BC}]
""="__x_SttProxy_CIProxyMessageReceivedListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A1230203-D6A7-11D8-B9FD-000BDBD1F198}]
""="IWTSListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A1230206-9A39-4D58-8674-CDB4DFF4E73B}]
""="IWTSListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF61E1BC-1BCA-45EC-8563-F557A9B8EF68}]
""="IPublicationServicesListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CC51F0FC-48D9-4E33-A38C-85546B542FE7}]
""="__x_Windows_CInternal_CSecurity_CAuthentication_CWeb_CITokenBrokerListenerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE8BCA0A-3E6F-4E15-915D-AA5EB8D14040}]
""="IWalletBackgroundAgentListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{d04b0403-1fe2-532f-8e47-4823a14e624f}]
""="__FITypedEventHandler_2_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionListener_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionRequestedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D26FC0D8-8F86-49BA-ABB5-54E1F60F2639}]
""="IWalletItemListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD3F6E60-F7CA-48CF-8B1C-52CF3138EC77}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CIBioFeedbackListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E0E270C1-C0BE-11D0-8FE4-00A0C90A6341}]
""="OLEDBSimpleProviderListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED0D9BCC-073A-4034-90BC-8663D4AFE12C}]
""="IPrintDocumentPackageStatusEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EEE09C07-2734-4CC1-A6F4-696BF5CFBC5E}]
""="ICmiLogListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{f09e843a-13cb-559b-a9fc-015722c2cd57}]
""="IAsyncOperationCompletedHandler_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ff6123cf-4386-4aa3-b73d-b804e5b63b23}]
""="IUserNotificationListenerStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\Servicing\Microsoft.Owin.Host.HttpListener, Version=0.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\158005EA-772E-4B2D-BE19-2722FB92004C\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\158005EA-772E-4B2D-BE19-2722FB92004C\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\268C43E1-AA2B-4036-86EF-8CDA98A0C2FE\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\268C43E1-AA2B-4036-86EF-8CDA98A0C2FE\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\38B68314-F095-4971-BB55-2C3677FC4FDE\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\38B68314-F095-4971-BB55-2C3677FC4FDE\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\460EADEA-60F7-4367-93EA-4AF425068B30\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\460EADEA-60F7-4367-93EA-4AF425068B30\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\5C004900-6566-4576-9635-50A85C23713D\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\5C004900-6566-4576-9635-50A85C23713D\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\615C9938-6BE5-49B8-AED4-86781612F3B7\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\615C9938-6BE5-49B8-AED4-86781612F3B7\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\8D196D7F-3EEF-48AD-8BEA-BE749F12D3AD\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\8D196D7F-3EEF-48AD-8BEA-BE749F12D3AD\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\ABC8EA1D-E5E9-430F-9854-2010A66B5140\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\ABC8EA1D-E5E9-430F-9854-2010A66B5140\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\BC8D6FBF-2417-4873-B72D-B0ED2022AE3E\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\BC8D6FBF-2417-4873-B72D-B0ED2022AE3E\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\D955F735-014F-4E22-BBDE-7B58FF9F3E2A\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\D955F735-014F-4E22-BBDE-7B58FF9F3E2A\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\E525943C-F974-483F-B52E-14A302F8E7DB\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\E525943C-F974-483F-B52E-14A302F8E7DB\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\FC01E91F-914C-45AF-9D7C-0B2E5FBEDF62\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\FC01E91F-914C-45AF-9D7C-0B2E5FBEDF62\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default]
"System.Diagnostics.TextWriterTraceListener,4.0.0.0,,b03f5f7f11d50a3a,msil"="0x81A688E02839D301"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPListener]
"RegValueNameRedirect"="HttpCompatibilityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPSListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPSListener]
"RegValueNameRedirect"="HttpsCompatibilityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\CapabilityMappings\UserNotificationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\TriggerListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\InstallEventHandlers]
"CuratedTileCollections.StoreEventListener"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\InstallEventHandlers]
"TileDataModel.StoreEventListener"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..ty-identitylistener_31bf3856ad364e35_none_9bf9db44533a012f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_de-de_e8e5a3c6d0491559]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_netfx4-system.diagn..writertracelistener_b03f5f7f11d50a3a_none_ceb841a889d5b79e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\msil_system.diagnostics...writertracelistener_b03f5f7f11d50a3a_none_7d3f4184f86e7d09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-s..ty-identitylistener_31bf3856ad364e35_none_a64e8596879ac32a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_de-de_f33a4e1904a9d754]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-EventListener/Analytic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-EventListener/Debug]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup Listener Service/Operational]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup-ListenerService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-IdentityListener/Operational]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3c6c422b-019b-4f48-b67b-f79a3fa8b4ed}]
""="Microsoft-Windows-Security-IdentityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3c6c422b-019b-4f48-b67b-f79a3fa8b4ed}\ChannelReferences\0]
""="Microsoft-Windows-Security-IdentityListener/Operational"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{af0a5a6d-e009-46d4-8867-42f2240f8a72}]
""="Microsoft-Windows-HomeGroup-ListenerService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{af0a5a6d-e009-46d4-8867-42f2240f8a72}\ChannelReferences\0]
""="Microsoft-Windows-HomeGroup-ListenerService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{af0a5a6d-e009-46d4-8867-42f2240f8a72}\ChannelReferences\1]
""="Microsoft-Windows-HomeGroup Listener Service/Operational"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{b447b4df-7780-11e0-ada3-18a90531a85a}]
""="Microsoft-Windows-FileHistory-EventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{b447b4df-7780-11e0-ada3-18a90531a85a}\ChannelReferences\0]
""="Microsoft-Windows-FileHistory-EventListener/Debug"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{b447b4df-7780-11e0-ada3-18a90531a85a}\ChannelReferences\1]
""="Microsoft-Windows-FileHistory-EventListener/Analytic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"LocalSystemNetworkRestricted"="HvHost
WdiSystemHost
ScDeviceEnum
WiaRpc
trkwks
AudioEndpointBuilder
hidserv
dot3svc
DsSvc
WPDBusEnum
fhsvc
irmon
EmbeddedMode
DeviceAssociationService
svsvc
Netman
SensorService
TabletInputService
PcaSvc
DevQueryBroker
IPxlatCfgSvc
SmsRouter
homegrouplistener
wlansvc
vmicvss
vmickvpexchange
vmicshutdown
vmicguestinterface
vmicvmsession
NgcSvc
NcbService
StorSvc
sysmain
UmRdpService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\CuratedTileCollections.StoreEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\TileDataModel.StoreEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Devices.WiFiDirect.WiFiDirectConnectionListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Management.AlertListener.ProvAlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.AppActivitySessionListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.AppViewListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.AppViewTitleChangeListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.FileActivityListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.UserPresenceListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Media.Audio.AudioNodeListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Sockets.StreamSocketListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Internal.Text.Core.CoreTextKeyEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.Management.UserNotificationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{2c91b11d-61eb-38df-9c87-65557ffb2bbe}]
"ActivatableClassId"="TileDataModel.StoreEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{3b42e24c-8f2d-376b-aa7a-5fdea13acb41}]
"ActivatableClassId"="Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{45042a37-15fa-3c75-b5e6-3fe5098760fa}]
"ActivatableClassId"="CuratedTileCollections.StoreEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{46e40646-c702-3804-8d18-cfacad7321cf}]
"ActivatableClassId"="Windows.Networking.Sockets.StreamSocketListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{67f8b7ab-4e13-3b8f-805c-2aa551305c6b}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.AppViewListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{6b014466-719d-3a66-9436-f07109aeb3f3}]
"ActivatableClassId"="Windows.Media.Audio.AudioNodeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{6eec8328-5e54-32a6-b017-49dfd05f4ec5}]
"ActivatableClassId"="Windows.UI.Internal.Text.Core.CoreTextKeyEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{820e4451-0f82-3ad1-aa07-d0293949194a}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.UserPresenceListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{83642061-d20f-3788-90f4-04f20f669e8d}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.AppActivitySessionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{8d379629-5aeb-323e-92b1-2c91396082f9}]
"ActivatableClassId"="Windows.Devices.WiFiDirect.WiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{b0d28589-04ad-36b4-a289-f48b5e87ef05}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.FileActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{ce55c106-0058-32c2-9ef2-3d49a15599e0}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.AppViewTitleChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{dcfd05a4-c857-3aa8-9bea-d036110f7193}]
"ActivatableClassId"="Windows.UI.Notifications.Management.UserNotificationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{fdb6a77e-0aa1-3f12-94d5-759f084b8a00}]
"ActivatableClassId"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Diagnostics.TextWriterTraceListener, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Listener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Devices.WiFiDirect.WiFiDirectConnectionListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Management.AlertListener.ProvAlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Media.Audio.AudioNodeListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Sockets.StreamSocketListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Internal.Text.Core.CoreTextKeyEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.Management.UserNotificationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{50bf22f0-3b37-3bd2-b044-284e6f117f3f}]
"ActivatableClassId"="Windows.Networking.Sockets.StreamSocketListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{5425e69b-cc6e-34c8-b27f-4f61cf3435a9}]
"ActivatableClassId"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{5a5354c8-2563-3633-8598-3637e7fc2973}]
"ActivatableClassId"="Windows.Devices.WiFiDirect.WiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{7f6a241b-e9a9-3084-809b-de1b8a3a3c91}]
"ActivatableClassId"="Windows.Media.Audio.AudioNodeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{c0b53237-40f5-33a5-a3b4-d75c14fb3c4e}]
"ActivatableClassId"="Windows.UI.Internal.Text.Core.CoreTextKeyEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{c6f66ea0-fa90-332b-8180-b29107581a8e}]
"ActivatableClassId"="Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{dc04e319-42e7-30c8-b3ab-731e2fe21b29}]
"ActivatableClassId"="Windows.UI.Notifications.Management.UserNotificationListener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener]
"FileName"="%systemroot%\System32\LogFiles\WMI\AutoLogger-Diagtrack-Listener.etl"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{125B0F61-0EC3-4f07-9A49-AFB340D9E57F}]
""="File History Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{125B0F61-0EC3-4f07-9A49-AFB340D9E57F}\SupportedRecordTypes]
"GUID_DPListenerRecordType"="{ADBCFEA5-D8FC-4a46-B12B-EB1FFE39BF17}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}]
""="Security Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}\SupportedRecordTypes]
"GUID_SecurityListener_SigningKeys"="{CA328F46-E759-4399-82AB-FA92651D1ED2}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{5255EFED-103A-4444-B124-F88F99E4EF8D}]
""="Printer Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}]
""="Alpha Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}\SupportedRecordTypes]
"GUID_AlphaListener_AlphaAccount"="{929CB323-C5EA-48E7-A6D0-193DD432E769}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}]
""="Identity Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}\SupportedRecordTypes]
"GUID_IdentityListenerRecordType"="{07004F5D-93A5-4b6c-B851-E2C9BBFD923D}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}]
""="Sharing Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}\SupportedRecordTypes]
"GUID_SharingListener_MACAddresses"="{A7BC622E-8238-4E38-9C88-34153B7D9AB1}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters]
"ServiceMain"="ListenerServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"HomeGroup Listener Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all incoming|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"HomeGroup Listener Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all outgoing|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters]
"ListenerPort"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters\ConfigStore]
"ListenerPort"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\7bf7f519-2c1b-439d-b296-0878bd5c4991]
"Setting"="c:cloud,c:internet,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\FamilySafety_Settings]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.LanguageComponentsInstaller]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.PushToInstall]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.UniversalTelemetryClientSettings_cw5n1h2txyewy!OneSettingsPushChannel]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\S-1-15-2-2922268314-1930440196-3917253608-4275534170-1613359250-253686406-2516286921]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.Continuum]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.MiracastReceiver]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AudioTroubleshooter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AutoPlay]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BackgroundAccess]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BdeUnlock]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Bthprops]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Calling]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Compat]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceConsent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceEnrollmentActivity]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Devices]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtection]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtectionReAuth]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Explorer]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.HelloFace]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LocationManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LowDisk]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppAcquire]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppLaunch]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpDevicePairing]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpReceiveContent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Print.Notification]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.RasToastNotifier]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Share]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SoftLanding]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Usb.Notification]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WiFiNetworkManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy!Microsoft.Windows.FilePicker]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\26968APPLYF.InstaPic_4502q87ac11em!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\57678SumitDutta.Watermark_xng0dy58tj892!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\63099Moonlighting.SuperPhotoFree_hths5t1tmnj8m!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\9E2F88E3.Twitter_wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\9FD20106.ExtractorforZIPandRAR_nwhm06f2kfry2!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\AD2F1837.HPPrinterControl_v10z8vjag6ke6!AD2F1837.HPPrinterControl]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\ASUSCloudCorporation.MobileFileExplorer_wk4d32h0cvhem!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\AudibleInc.AudibleforWindowsPhone_xns73kv1ymhp2!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\B9ECED6F.ASUSWelcome_qmba6cd70vzyy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy!Microsoft.Windows.AppResolverUX]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\FamilySafety_Settings]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\InputApp_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\MAGIX.MusicMakerJam_a2t3txkz9j1jw!MAGIX.MusicMakerJam.App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.3DBuilder_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.AccountsControl_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Appconnector_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.BingWeather_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.BioEnrollment_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ConnectedDevicePlatform]
"Setting"="c:cloud,c:internet,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ConnectedDevicePlatform.M8TO7cIOaFDskACSKYe8BQwxZ2wIu5ZRyRfFIoH3gJc=]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ConnectivityStore_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.CredDialogHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ECApp_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.FreshPaint_8wekyb3d8bbwe!Microsoft.FreshPaint]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.GetHelp_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Getstarted_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!BCHost]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:stopCloud,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!PdfReader]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.OneConnect_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.PPIProjection_cw5n1h2txyewy!Microsoft.PPIProjection]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Print3D_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Reader_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.SkypeApp_kzf8qxf38zg5c!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:toast,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.StorePurchaseApp_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Wallet_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout1.1]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout1.2]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout1.3]
"Setting"="c:toast,c:cloud,c:internet,c:storage:tile,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout2.1]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout2.2]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Cortana_cw5n1h2txyewy!RemindersShareTargetApp]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.LanguageComponentsInstaller]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Photos_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsAlarms_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsCalculator_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsCamera_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.manageaccounts]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsFeedback_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsScan_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsStore_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Xbox.TCUI_8wekyb3d8bbwe!Microsoft.Xbox.TCUI]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxGameCallableUI_cw5n1h2txyewy!Microsoft.XboxGameCallableUI]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe!Microsoft.XboxIdentityProvider]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxIdentityProvider_cw5n1h2txyewy!Microsoft.XboxIdentityProvider]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\ThumbmunkeysLtd.PhototasticCollage_nfy108tqq3p12!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender]
"Setting"="c:toast,c:ringing,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel]
"Setting"="c:toast,c:storage:tile,c:storage:toast,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.PurchaseDialog_cw5n1h2txyewy!Microsoft.Windows.PurchaseDialog]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.AppInitiatedDownload]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.Continuum]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.MiracastReceiver]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AudioTroubleshooter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AutoPlay]
"Setting"="c:toast,c:ringing,c:storage:tile,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BackgroundAccess]
"Setting"="c:toast,c:ringing,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BdeUnlock]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Bthprops]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Calling]
"Setting"="c:toast,c:ringing,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Compat]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceConsent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceEnrollmentActivity]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Devices]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtection]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtectionReAuth]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Explorer]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.FodHelper]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Hello]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.HelloFace]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LocationManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LowDisk]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.MobilityExperience]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppAcquire]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppLaunch]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpDevicePairing]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpReceiveContent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.OpenWith]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Print.Notification]
"Setting"="c:toast,c:ringing,c:storage:tile,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.RasToastNotifier]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance]
"Setting"="c:toast,c:ringing,c:storage:tile,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Share]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SoftLanding]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Suggested]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Usb.Notification]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WiFiNetworkManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WindowsTip]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest]
"Setting"="c:cloud,c:internet,c:storage:tile,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest_00037FFED0B7EBFA]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings]
"Setting"="c:cloud,c:internet,c:storage:tile,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings_00037FFED0B7EBFA]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile]
"Setting"="c:cloud,c:internet,c:storage:tile,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile_00037FFED0B7EBFA]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\ZinioLLC.Zinio_0q6dqzpp40p2e!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Classes\Local Settings\MuiCache\2c\67BDC06]
"@%Systemroot%\system32\wsmsvc.dll,-102"="Der Windows-Remoteverwaltungsdienst (WinRM) implementiert das WS-Verwaltungsprotokoll für die Remoteverwaltung. Die WS-Verwaltung ist ein Webdienstprotokoll für die Remoteverwaltung von Software und Hardware. Der WinRM-Dienst hört das Netzwerk auf WS-Verwaltungsanforderungen ab und verarbeitet diese. Er muss dafür mit dem Befehlszeilentool "winrm" oder über Gruppenrichtlinien mit einem Listener konfiguriert werden. Er bietet Zugriff auf WMI-Daten und ermöglicht die Ereigniserfassung. Die Erfassung und Abonnierung von Ereignissen setzt voraus, dass der Dienst ausgeführt wird. WinRM-Nachrichten verwenden HTTP und HTTPS als Transportprotokoll. Der WinRM-Dienst ist nicht von IIS abhängig, ist jedoch zur Freigabe eines Anschlusses mit IIS auf demselben Computer vorkonfiguriert. Das URL-Präfix "/wsman" ist für den WinRM-Dienst reserviert. Um Konflikte mit IIS zu vermeiden, sollten Administratoren sicherstellen, dass für in IIS gehostete Websites nicht das URL-Präfix "/wsman" verwendet wird."
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\FamilySafety_Settings]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.LanguageComponentsInstaller]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.AppInitiatedDownload]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.Continuum]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.MiracastReceiver]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.ShareExperience]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AudioTroubleshooter]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AutoPlay]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BackgroundAccess]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BdeUnlock]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BitLockerPolicyRefresh]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Bthprops]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Calling]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Compat]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceConsent]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceEnrollmentActivity]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceManagement]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Devices]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtection]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Explorer]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.FodHelper]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.HelloFace]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LocationManager]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LowDisk]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.MobilityExperience]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppAcquire]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppLaunch]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpDevicePairing]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpReceiveContent]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Print.Notification]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.RasToastNotifier]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Share]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SoftLanding]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Suggested]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Usb.Notification]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WiFiNetworkManager]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WindowsTip]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WindowsUpdate.Notification]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Wwansvc]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"

====== Ende von Suche ======

 


  • 0

#6
philon8
Posted 17 February 2018 - 06:24 PM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Farbar Recovery Scan Tool (x64) Version: 17.02.2018
durchgeführt von Youlia (18-02-2018 01:24:06)
Gestartet von C:\Users\Youlia\Desktop
Start-Modus: Normal

================== Registry-Suche: "listener" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C4CDC408-581C-4480-9FFE-3B1C78D5C20D}]
""="HomeGroup Listener Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C4CDC408-581C-4480-9FFE-3B1C78D5C20D}]
"LocalSystem"="HomeGroupListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01F3E95C-7D8F-46e6-A408-9BA5D1FA5067}]
""="Alpha Listener XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{125B0F61-0EC3-4f07-9A49-AFB340D9E57F}]
""="File History Listener CLSID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A9C5D-36F4-4e3e-BD47-F5F207425085}]
""="HomeGroup Printing Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}]
""="CTrkEvntListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}\ProgID]
""="COMEXPS.CTrkEvntListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}]
""="HomeGroup Security Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5255EFED-103A-4444-B124-F88F99E4EF8D}]
""="HomeGroup Printer Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A2A9381-5A92-4296-9397-564673AE1FDD}]
""="CLSID_HomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}]
""="Windows.Internal.Management.AlertListener.DeviceManagementOperationMessageReceivedStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}\InProcServer32]
""="C:\Windows\System32\\DMAlertListener.ProxyStub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DD062C7-B6E6-4702-98B0-6E6AB46C877D}]
""="Security Listener XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AAE5B4F-488C-419b-95E2-923F2AA70FFD}]
""="Sharing Listener XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}]
""="HomeGroup Alpha Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{956FADED-2450-4ABB-9F8C-4629FAFEBB92}]
""="HomeGroup Listener Encryption"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCA7305F-56F7-43A4-BF2C-BFD674E7BBE8}]
""="AppSpatialInformationListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}]
""="Idenity Listener CLSID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}]
""="HomeGroup Sharing Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc3-7f19-11d2-978e-0000f8757e2a}]
""="QC Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc4-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.ListenerHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}]
""="COM+ QC Dead Letter Queue Listener Starter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.DLQListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3d41391-58aa-4590-83bd-c119b6882a20}]
""="Device Directory Client WNS Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMEXPS.CTrkEvntListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMEXPS.CTrkEvntListener]
""="CTrkEvntListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03F8C745-6420-49DF-A9F4-F05FD7D1C940}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIFileActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08F4003F-BC71-49E1-874A-31DDFF9A27B9}]
""="__x_Windows_CSystem_CRemoteSystems_CIRemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0fbad8c7-086f-5bf9-81e2-8d79e7184803}]
""="IAsyncOperation_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10242902-b897-5507-9922-2c0a7d34464d}]
""="ITypedEventHandler_2_Windows__CUI__CNotifications__CManagement__CUserNotificationListener_Windows__CUI__CNotifications__CUserNotificationChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12025C48-E604-4AF0-AA8B-DC449EC7A9D3}]
""="IMyPeopleSettingsListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{123C8CAC-27D7-4C83-989E-787CC26B90A3}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppActivitySessionListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{127592FB-9CAF-4411-BD99-A62B924A5D39}]
""="IHomeGroupListenerManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{137E6A4E-E7C5-451C-BD05-095CFD45AD54}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIIHMListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14EB7F37-5973-400A-AE89-8B1C6702E10A}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CILockActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18A242BB-D338-56C4-9559-568D5C2C3E93}]
""="__FITypedEventHandler_2_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationListener_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{269FBB13-5213-45A0-82C3-B4AA2F2A8871}]
""="__x_Windows_CStorage_CPickers_CInternal_CICachedFileUpdatePolicyListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2EC6FEAC-B62E-4499-A136-FFCBA5E05F0B}]
""="ITabletModeAvailabilityChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33d00d41-c94f-5a61-9ab7-280dcefa0b08}]
""="ITypedEventHandler_2_Windows__CNetworking__CSockets__CStreamSocketListener_Windows__CNetworking__CSockets__CStreamSocketListenerConnectionReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3886CFAC-D6C4-4AF1-8B2C-00885F428E86}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewTitleChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42C5BB25-1F0E-43C4-B5BF-3C94BE37CD85}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIUserPresenceListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44BCCA94-FD00-4782-8068-847E18ED552D}]
""="IHomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46B7F8B4-7994-436D-9454-7966BB126D03}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIThemeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5615569D-04E8-42B6-A632-5E5738E81DF1}]
""="IRpcObjectEventListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B2AE522-F16F-40CE-A7CA-FF6D78AEA699}]
""="IDownloadListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C616ABC-7341-4100-950B-69F3B00F548C}]
""="ILauncherTipContextMenuSettingChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62553e41-8a06-4cef-8215-6033a5be4b03}]
""="IUserNotificationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{631128E4-0022-449E-ACCC-DDB2A2CC046B}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppActivitySessionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{647A61B2-1338-468E-A372-32E0271185C2}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewTitleChangeListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6701AB9F-04B6-5993-9F10-721046A2FF9C}]
""="__FITypedEventHandler_2_DevicesFlowInteraction__CConnection__CIDeviceConnectionListener_DevicesFlowInteraction__CConnection__CIConnectionStateChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{67AA6DE9-E367-4622-AD00-F436B1980E17}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{699C1B0D-8D13-4EE9-B9EC-9C72F8251F7D}]
""="Windows.Devices.WiFiDirect.IWiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F725C18-6C52-4466-9671-5C17E2E3885F}]
""="IPackageServicingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{727F9E97-76EE-497B-A942-B6371328485C}]
""="IApplicationViewChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{751BF136-B53E-46F0-AEF0-253A91AB8DED}]
""="IContinuousReadingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AD2B172-99D4-4B40-88F6-CD2422C362F7}]
""="IAppSpatialInformationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C0FFAB2-CD84-11D0-949A-00A0C91110ED}]
""="DataSourceListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CB6F89A-29CE-484F-BB9C-146919112235}]
""="__x_Windows_CUI_CWebUI_CPrivate_CIWebUIActivationEventListenersPrivate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86FB57A6-3C81-4F40-A971-6280BE4E526E}]
""="ITabletModeChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B78226F-0431-4F5D-9AE1-5040C0215993}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIAppViewListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E249E31-FD7A-4FB0-9A23-721B68E5318F}]
""="__x_DevicesFlowInteraction_CConnection_CIDeviceConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E4ACADC-549F-40BD-AEA2-27D09522D7BC}]
""="__x_SttProxy_CIProxyMessageReceivedListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230203-D6A7-11D8-B9FD-000BDBD1F198}]
""="IWTSListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230206-9A39-4D58-8674-CDB4DFF4E73B}]
""="IWTSListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF61E1BC-1BCA-45EC-8563-F557A9B8EF68}]
""="IPublicationServicesListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC51F0FC-48D9-4E33-A38C-85546B542FE7}]
""="__x_Windows_CInternal_CSecurity_CAuthentication_CWeb_CITokenBrokerListenerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE8BCA0A-3E6F-4E15-915D-AA5EB8D14040}]
""="IWalletBackgroundAgentListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{d04b0403-1fe2-532f-8e47-4823a14e624f}]
""="__FITypedEventHandler_2_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionListener_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionRequestedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D26FC0D8-8F86-49BA-ABB5-54E1F60F2639}]
""="IWalletItemListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{dd06f943-6e3d-4baf-ab06-39a8aa31e94f}]
""="IDockConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3F6E60-F7CA-48CF-8B1C-52CF3138EC77}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CIBioFeedbackListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF82CA6C-F3B0-4584-8158-8E072E4417E7}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CIFileActivityListenerFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0E270C1-C0BE-11D0-8FE4-00A0C90A6341}]
""="OLEDBSimpleProviderListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E13B9A7F-EC39-4E7F-9970-12F348C89FD0}]
""="IStateEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E25EA085-8F3A-4CA5-86A9-5FD4A743E43D}]
""="AsyncIStateEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3AFD5FD-3B03-453D-91CE-EBBDA9B8BEA1}]
""="ICbsSessionObserverListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9821DD9-A9B2-47C8-9AAC-7B6B042EF0B0}]
""="__x_Windows_CInternal_CShell_CTaskFlow_CDataEngine_CITaskDataListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED0D9BCC-073A-4034-90BC-8663D4AFE12C}]
""="IPrintDocumentPackageStatusEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EEE09C07-2734-4CC1-A6F4-696BF5CFBC5E}]
""="ICmiLogListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f09e843a-13cb-559b-a9fc-015722c2cd57}]
""="IAsyncOperationCompletedHandler_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ff6123cf-4386-4aa3-b73d-b804e5b63b23}]
""="IUserNotificationListenerStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.DLQListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.DLQListener]
""="QC Dead Letter Queue Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.ListenerHelper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QC.ListenerHelper]
""="QCListener Helper Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}]
""="CTrkEvntListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}\ProgID]
""="COMEXPS.CTrkEvntListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}]
""="HomeGroup Security Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5255EFED-103A-4444-B124-F88F99E4EF8D}]
""="HomeGroup Printer Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6A2A9381-5A92-4296-9397-564673AE1FDD}]
""="CLSID_HomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}]
""="Windows.Internal.Management.AlertListener.DeviceManagementOperationMessageReceivedStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6DC25420-C66D-44B5-B3D3-78EECFFA6DB0}\InProcServer32]
""="C:\Windows\SysWOW64\\DMAlertListener.ProxyStub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}]
""="HomeGroup Alpha Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{956FADED-2450-4ABB-9F8C-4629FAFEBB92}]
""="HomeGroup Listener Encryption"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCA7305F-56F7-43A4-BF2C-BFD674E7BBE8}]
""="AppSpatialInformationListener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}]
""="Idenity Listener CLSID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}]
""="HomeGroup Sharing Hosted Listener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafc3-7f19-11d2-978e-0000f8757e2a}]
""="QC Listener Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafc4-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.ListenerHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}]
""="COM+ QC Dead Letter Queue Listener Starter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}\ProgID]
""="QC.DLQListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08F4003F-BC71-49E1-874A-31DDFF9A27B9}]
""="__x_Windows_CSystem_CRemoteSystems_CIRemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0fbad8c7-086f-5bf9-81e2-8d79e7184803}]
""="IAsyncOperation_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10242902-b897-5507-9922-2c0a7d34464d}]
""="ITypedEventHandler_2_Windows__CUI__CNotifications__CManagement__CUserNotificationListener_Windows__CUI__CNotifications__CUserNotificationChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12025C48-E604-4AF0-AA8B-DC449EC7A9D3}]
""="IMyPeopleSettingsListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{127592FB-9CAF-4411-BD99-A62B924A5D39}]
""="IHomeGroupListenerManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{137E6A4E-E7C5-451C-BD05-095CFD45AD54}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIIHMListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14EB7F37-5973-400A-AE89-8B1C6702E10A}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CILockActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18A242BB-D338-56C4-9559-568D5C2C3E93}]
""="__FITypedEventHandler_2_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationListener_Windows__CSystem__CRemoteSystems__CRemoteSystemSessionInvitationReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{269FBB13-5213-45A0-82C3-B4AA2F2A8871}]
""="__x_Windows_CStorage_CPickers_CInternal_CICachedFileUpdatePolicyListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC6FEAC-B62E-4499-A136-FFCBA5E05F0B}]
""="ITabletModeAvailabilityChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{33d00d41-c94f-5a61-9ab7-280dcefa0b08}]
""="ITypedEventHandler_2_Windows__CNetworking__CSockets__CStreamSocketListener_Windows__CNetworking__CSockets__CStreamSocketListenerConnectionReceivedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44BCCA94-FD00-4782-8068-847E18ED552D}]
""="IHomeGroupListenerNotify"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46B7F8B4-7994-436D-9454-7966BB126D03}]
""="__x_Windows_CUI_CSearch_CInternal_CCommon_CIThemeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5615569D-04E8-42B6-A632-5E5738E81DF1}]
""="IRpcObjectEventListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B2AE522-F16F-40CE-A7CA-FF6D78AEA699}]
""="IDownloadListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C616ABC-7341-4100-950B-69F3B00F548C}]
""="ILauncherTipContextMenuSettingChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{62553e41-8a06-4cef-8215-6033a5be4b03}]
""="IUserNotificationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6701AB9F-04B6-5993-9F10-721046A2FF9C}]
""="__FITypedEventHandler_2_DevicesFlowInteraction__CConnection__CIDeviceConnectionListener_DevicesFlowInteraction__CConnection__CIConnectionStateChangedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{699C1B0D-8D13-4EE9-B9EC-9C72F8251F7D}]
""="Windows.Devices.WiFiDirect.IWiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6F725C18-6C52-4466-9671-5C17E2E3885F}]
""="IPackageServicingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{727F9E97-76EE-497B-A942-B6371328485C}]
""="IApplicationViewChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{751BF136-B53E-46F0-AEF0-253A91AB8DED}]
""="IContinuousReadingListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AD2B172-99D4-4B40-88F6-CD2422C362F7}]
""="IAppSpatialInformationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C0FFAB2-CD84-11D0-949A-00A0C91110ED}]
""="DataSourceListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB6F89A-29CE-484F-BB9C-146919112235}]
""="__x_Windows_CUI_CWebUI_CPrivate_CIWebUIActivationEventListenersPrivate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{86FB57A6-3C81-4F40-A971-6280BE4E526E}]
""="ITabletModeChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E249E31-FD7A-4FB0-9A23-721B68E5318F}]
""="__x_DevicesFlowInteraction_CConnection_CIDeviceConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9E4ACADC-549F-40BD-AEA2-27D09522D7BC}]
""="__x_SttProxy_CIProxyMessageReceivedListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A1230203-D6A7-11D8-B9FD-000BDBD1F198}]
""="IWTSListenerCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A1230206-9A39-4D58-8674-CDB4DFF4E73B}]
""="IWTSListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF61E1BC-1BCA-45EC-8563-F557A9B8EF68}]
""="IPublicationServicesListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CC51F0FC-48D9-4E33-A38C-85546B542FE7}]
""="__x_Windows_CInternal_CSecurity_CAuthentication_CWeb_CITokenBrokerListenerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE8BCA0A-3E6F-4E15-915D-AA5EB8D14040}]
""="IWalletBackgroundAgentListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{d04b0403-1fe2-532f-8e47-4823a14e624f}]
""="__FITypedEventHandler_2_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionListener_Windows__CDevices__CWiFiDirect__CWiFiDirectConnectionRequestedEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D26FC0D8-8F86-49BA-ABB5-54E1F60F2639}]
""="IWalletItemListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD3F6E60-F7CA-48CF-8B1C-52CF3138EC77}]
""="__x_Windows_CInternal_CUI_CLogon_CController_CIBioFeedbackListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E0E270C1-C0BE-11D0-8FE4-00A0C90A6341}]
""="OLEDBSimpleProviderListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED0D9BCC-073A-4034-90BC-8663D4AFE12C}]
""="IPrintDocumentPackageStatusEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EEE09C07-2734-4CC1-A6F4-696BF5CFBC5E}]
""="ICmiLogListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{f09e843a-13cb-559b-a9fc-015722c2cd57}]
""="IAsyncOperationCompletedHandler_1_Windows__CUI__CNotifications__CManagement__CUserNotificationListenerAccessStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ff6123cf-4386-4aa3-b73d-b804e5b63b23}]
""="IUserNotificationListenerStatics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\Servicing\Microsoft.Owin.Host.HttpListener, Version=0.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\158005EA-772E-4B2D-BE19-2722FB92004C\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\158005EA-772E-4B2D-BE19-2722FB92004C\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\268C43E1-AA2B-4036-86EF-8CDA98A0C2FE\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\268C43E1-AA2B-4036-86EF-8CDA98A0C2FE\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\38B68314-F095-4971-BB55-2C3677FC4FDE\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\38B68314-F095-4971-BB55-2C3677FC4FDE\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\460EADEA-60F7-4367-93EA-4AF425068B30\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\460EADEA-60F7-4367-93EA-4AF425068B30\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\5C004900-6566-4576-9635-50A85C23713D\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\5C004900-6566-4576-9635-50A85C23713D\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\615C9938-6BE5-49B8-AED4-86781612F3B7\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\615C9938-6BE5-49B8-AED4-86781612F3B7\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\8D196D7F-3EEF-48AD-8BEA-BE749F12D3AD\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\8D196D7F-3EEF-48AD-8BEA-BE749F12D3AD\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\ABC8EA1D-E5E9-430F-9854-2010A66B5140\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\ABC8EA1D-E5E9-430F-9854-2010A66B5140\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\BC8D6FBF-2417-4873-B72D-B0ED2022AE3E\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\BC8D6FBF-2417-4873-B72D-B0ED2022AE3E\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\D955F735-014F-4E22-BBDE-7B58FF9F3E2A\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\D955F735-014F-4E22-BBDE-7B58FF9F3E2A\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\E525943C-F974-483F-B52E-14A302F8E7DB\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\E525943C-F974-483F-B52E-14A302F8E7DB\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\FC01E91F-914C-45AF-9D7C-0B2E5FBEDF62\AlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\FC01E91F-914C-45AF-9D7C-0B2E5FBEDF62\AlertListener]
"AlertListenerClassID"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default]
"System.Diagnostics.TextWriterTraceListener,4.0.0.0,,b03f5f7f11d50a3a,msil"="0x81A688E02839D301"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPListener]
"RegValueNameRedirect"="HttpCompatibilityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPSListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\RemoteManagement\TurnOnCompatibilityHTTPSListener]
"RegValueNameRedirect"="HttpsCompatibilityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\CapabilityMappings\UserNotificationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\TriggerListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\InstallEventHandlers]
"CuratedTileCollections.StoreEventListener"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\InstallEventHandlers]
"TileDataModel.StoreEventListener"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..ty-identitylistener_31bf3856ad364e35_none_9bf9db44533a012f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_de-de_e8e5a3c6d0491559]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_netfx4-system.diagn..writertracelistener_b03f5f7f11d50a3a_none_ceb841a889d5b79e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\msil_system.diagnostics...writertracelistener_b03f5f7f11d50a3a_none_7d3f4184f86e7d09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-s..ty-identitylistener_31bf3856ad364e35_none_a64e8596879ac32a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-s..ylistener.resources_31bf3856ad364e35_de-de_f33a4e1904a9d754]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-EventListener/Analytic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-EventListener/Debug]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup Listener Service/Operational]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup-ListenerService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-IdentityListener/Operational]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3c6c422b-019b-4f48-b67b-f79a3fa8b4ed}]
""="Microsoft-Windows-Security-IdentityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3c6c422b-019b-4f48-b67b-f79a3fa8b4ed}\ChannelReferences\0]
""="Microsoft-Windows-Security-IdentityListener/Operational"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{af0a5a6d-e009-46d4-8867-42f2240f8a72}]
""="Microsoft-Windows-HomeGroup-ListenerService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{af0a5a6d-e009-46d4-8867-42f2240f8a72}\ChannelReferences\0]
""="Microsoft-Windows-HomeGroup-ListenerService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{af0a5a6d-e009-46d4-8867-42f2240f8a72}\ChannelReferences\1]
""="Microsoft-Windows-HomeGroup Listener Service/Operational"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{b447b4df-7780-11e0-ada3-18a90531a85a}]
""="Microsoft-Windows-FileHistory-EventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{b447b4df-7780-11e0-ada3-18a90531a85a}\ChannelReferences\0]
""="Microsoft-Windows-FileHistory-EventListener/Debug"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{b447b4df-7780-11e0-ada3-18a90531a85a}\ChannelReferences\1]
""="Microsoft-Windows-FileHistory-EventListener/Analytic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"LocalSystemNetworkRestricted"="HvHost
WdiSystemHost
ScDeviceEnum
WiaRpc
trkwks
AudioEndpointBuilder
hidserv
dot3svc
DsSvc
WPDBusEnum
fhsvc
irmon
EmbeddedMode
DeviceAssociationService
svsvc
Netman
SensorService
TabletInputService
PcaSvc
DevQueryBroker
IPxlatCfgSvc
SmsRouter
homegrouplistener
wlansvc
vmicvss
vmickvpexchange
vmicshutdown
vmicguestinterface
vmicvmsession
NgcSvc
NcbService
StorSvc
sysmain
UmRdpService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\CuratedTileCollections.StoreEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\TileDataModel.StoreEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Devices.WiFiDirect.WiFiDirectConnectionListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Management.AlertListener.ProvAlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.AppActivitySessionListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.AppViewListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.AppViewTitleChangeListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.FileActivityListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.TaskFlow.DataEngine.UserPresenceListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Media.Audio.AudioNodeListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Sockets.StreamSocketListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Internal.Text.Core.CoreTextKeyEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.Management.UserNotificationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{2c91b11d-61eb-38df-9c87-65557ffb2bbe}]
"ActivatableClassId"="TileDataModel.StoreEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{3b42e24c-8f2d-376b-aa7a-5fdea13acb41}]
"ActivatableClassId"="Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{45042a37-15fa-3c75-b5e6-3fe5098760fa}]
"ActivatableClassId"="CuratedTileCollections.StoreEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{46e40646-c702-3804-8d18-cfacad7321cf}]
"ActivatableClassId"="Windows.Networking.Sockets.StreamSocketListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{67f8b7ab-4e13-3b8f-805c-2aa551305c6b}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.AppViewListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{6b014466-719d-3a66-9436-f07109aeb3f3}]
"ActivatableClassId"="Windows.Media.Audio.AudioNodeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{6eec8328-5e54-32a6-b017-49dfd05f4ec5}]
"ActivatableClassId"="Windows.UI.Internal.Text.Core.CoreTextKeyEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{820e4451-0f82-3ad1-aa07-d0293949194a}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.UserPresenceListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{83642061-d20f-3788-90f4-04f20f669e8d}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.AppActivitySessionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{8d379629-5aeb-323e-92b1-2c91396082f9}]
"ActivatableClassId"="Windows.Devices.WiFiDirect.WiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{b0d28589-04ad-36b4-a289-f48b5e87ef05}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.FileActivityListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{ce55c106-0058-32c2-9ef2-3d49a15599e0}]
"ActivatableClassId"="Windows.Internal.Shell.TaskFlow.DataEngine.AppViewTitleChangeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{dcfd05a4-c857-3aa8-9bea-d036110f7193}]
"ActivatableClassId"="Windows.UI.Notifications.Management.UserNotificationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{fdb6a77e-0aa1-3f12-94d5-759f084b8a00}]
"ActivatableClassId"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Diagnostics.TextWriterTraceListener, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Listener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Devices.WiFiDirect.WiFiDirectConnectionListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Management.AlertListener.ProvAlertListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Media.Audio.AudioNodeListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Sockets.StreamSocketListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Internal.Text.Core.CoreTextKeyEventListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.Management.UserNotificationListener]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{50bf22f0-3b37-3bd2-b044-284e6f117f3f}]
"ActivatableClassId"="Windows.Networking.Sockets.StreamSocketListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{5425e69b-cc6e-34c8-b27f-4f61cf3435a9}]
"ActivatableClassId"="Windows.Internal.Management.AlertListener.ProvAlertListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{5a5354c8-2563-3633-8598-3637e7fc2973}]
"ActivatableClassId"="Windows.Devices.WiFiDirect.WiFiDirectConnectionListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{7f6a241b-e9a9-3084-809b-de1b8a3a3c91}]
"ActivatableClassId"="Windows.Media.Audio.AudioNodeListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{c0b53237-40f5-33a5-a3b4-d75c14fb3c4e}]
"ActivatableClassId"="Windows.UI.Internal.Text.Core.CoreTextKeyEventListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{c6f66ea0-fa90-332b-8180-b29107581a8e}]
"ActivatableClassId"="Windows.System.RemoteSystems.RemoteSystemSessionInvitationListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{dc04e319-42e7-30c8-b3ab-731e2fe21b29}]
"ActivatableClassId"="Windows.UI.Notifications.Management.UserNotificationListener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener]
"FileName"="%systemroot%\System32\LogFiles\WMI\AutoLogger-Diagtrack-Listener.etl"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{125B0F61-0EC3-4f07-9A49-AFB340D9E57F}]
""="File History Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{125B0F61-0EC3-4f07-9A49-AFB340D9E57F}\SupportedRecordTypes]
"GUID_DPListenerRecordType"="{ADBCFEA5-D8FC-4a46-B12B-EB1FFE39BF17}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}]
""="Security Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}\SupportedRecordTypes]
"GUID_SecurityListener_SigningKeys"="{CA328F46-E759-4399-82AB-FA92651D1ED2}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{5255EFED-103A-4444-B124-F88F99E4EF8D}]
""="Printer Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}]
""="Alpha Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}\SupportedRecordTypes]
"GUID_AlphaListener_AlphaAccount"="{929CB323-C5EA-48E7-A6D0-193DD432E769}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}]
""="Identity Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{DE9C1288-0F09-40ff-BA84-7F19279FA74B}\SupportedRecordTypes]
"GUID_IdentityListenerRecordType"="{07004F5D-93A5-4b6c-B851-E2C9BBFD923D}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}]
""="Sharing Hosted Listener"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\ApprovedListeners\{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}\SupportedRecordTypes]
"GUID_SharingListener_MACAddresses"="{A7BC622E-8238-4E38-9C88-34153B7D9AB1}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters]
"ServiceMain"="ListenerServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"HomeGroup Listener Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all incoming|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"HomeGroup Listener Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all outgoing|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters]
"ListenerPort"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters\ConfigStore]
"ListenerPort"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\7bf7f519-2c1b-439d-b296-0878bd5c4991]
"Setting"="c:cloud,c:internet,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\FamilySafety_Settings]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.LanguageComponentsInstaller]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.PushToInstall]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.UniversalTelemetryClientSettings_cw5n1h2txyewy!OneSettingsPushChannel]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\S-1-15-2-2922268314-1930440196-3917253608-4275534170-1613359250-253686406-2516286921]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.Continuum]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.MiracastReceiver]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AudioTroubleshooter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AutoPlay]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BackgroundAccess]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BdeUnlock]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Bthprops]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Calling]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Compat]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceConsent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceEnrollmentActivity]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Devices]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtection]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtectionReAuth]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Explorer]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.HelloFace]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LocationManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LowDisk]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppAcquire]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppLaunch]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpDevicePairing]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpReceiveContent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Print.Notification]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.RasToastNotifier]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Share]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SoftLanding]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Usb.Notification]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WiFiNetworkManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy!Microsoft.Windows.FilePicker]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\26968APPLYF.InstaPic_4502q87ac11em!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\57678SumitDutta.Watermark_xng0dy58tj892!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\63099Moonlighting.SuperPhotoFree_hths5t1tmnj8m!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\9E2F88E3.Twitter_wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\9FD20106.ExtractorforZIPandRAR_nwhm06f2kfry2!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\AD2F1837.HPPrinterControl_v10z8vjag6ke6!AD2F1837.HPPrinterControl]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\ASUSCloudCorporation.MobileFileExplorer_wk4d32h0cvhem!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\AudibleInc.AudibleforWindowsPhone_xns73kv1ymhp2!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\B9ECED6F.ASUSWelcome_qmba6cd70vzyy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy!Microsoft.Windows.AppResolverUX]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\FamilySafety_Settings]
"Setting"="c:cloud,c:internet,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\InputApp_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\MAGIX.MusicMakerJam_a2t3txkz9j1jw!MAGIX.MusicMakerJam.App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.3DBuilder_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.AccountsControl_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Appconnector_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.BingWeather_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.BioEnrollment_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ConnectedDevicePlatform]
"Setting"="c:cloud,c:internet,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ConnectedDevicePlatform.M8TO7cIOaFDskACSKYe8BQwxZ2wIu5ZRyRfFIoH3gJc=]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ConnectivityStore_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.CredDialogHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ECApp_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.FreshPaint_8wekyb3d8bbwe!Microsoft.FreshPaint]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.GetHelp_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Getstarted_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe!Microsoft.Microsoft3DViewer]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!BCHost]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:stopCloud,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!PdfReader]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.OneConnect_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.PPIProjection_cw5n1h2txyewy!Microsoft.PPIProjection]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Print3D_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Reader_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.SkypeApp_kzf8qxf38zg5c!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:toast,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.StorePurchaseApp_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Wallet_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout1.1]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout1.2]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout1.3]
"Setting"="c:toast,c:cloud,c:internet,c:storage:tile,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout2.1]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!PreInstalled.DefaultStartLayout2.2]
"Setting"="c:toast,c:cloud,c:internet,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Cortana_cw5n1h2txyewy!RemindersShareTargetApp]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.LanguageComponentsInstaller]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.Photos_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsAlarms_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsCalculator_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsCamera_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.manageaccounts]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsFeedback_cw5n1h2txyewy!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsScan_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.WindowsStore_8wekyb3d8bbwe!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,s:tickle,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Xbox.TCUI_8wekyb3d8bbwe!Microsoft.Xbox.TCUI]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxGameCallableUI_cw5n1h2txyewy!Microsoft.XboxGameCallableUI]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe!Microsoft.XboxIdentityProvider]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxIdentityProvider_cw5n1h2txyewy!Microsoft.XboxIdentityProvider]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\ThumbmunkeysLtd.PhototasticCollage_nfy108tqq3p12!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:storage:tile,c:storage:toast,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender]
"Setting"="c:toast,c:ringing,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel]
"Setting"="c:toast,c:storage:tile,c:storage:toast,c:tile,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.PurchaseDialog_cw5n1h2txyewy!Microsoft.Windows.PurchaseDialog]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.AppInitiatedDownload]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.Continuum]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.MiracastReceiver]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AudioTroubleshooter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AutoPlay]
"Setting"="c:toast,c:ringing,c:storage:tile,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BackgroundAccess]
"Setting"="c:toast,c:ringing,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BdeUnlock]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Bthprops]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Calling]
"Setting"="c:toast,c:ringing,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Compat]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceConsent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceEnrollmentActivity]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Devices]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtection]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtectionReAuth]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Explorer]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.FodHelper]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Hello]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.HelloFace]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LocationManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LowDisk]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.MobilityExperience]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppAcquire]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppLaunch]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpDevicePairing]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpReceiveContent]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.OpenWith]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Print.Notification]
"Setting"="c:toast,c:ringing,c:storage:tile,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.RasToastNotifier]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance]
"Setting"="c:toast,c:ringing,c:storage:tile,c:storage:toast,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Share]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SoftLanding]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Suggested]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Usb.Notification]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WiFiNetworkManager]
"Setting"="c:toast,c:ringing,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WindowsTip]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest]
"Setting"="c:cloud,c:internet,c:storage:tile,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest_00037FFED0B7EBFA]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings]
"Setting"="c:cloud,c:internet,c:storage:tile,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings_00037FFED0B7EBFA]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile]
"Setting"="c:cloud,c:internet,c:storage:tile,s:tickle,s:toast,s:badge,s:lock:badge,s:banner,s:listenerEnabled,s:lock:tile,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile_00037FFED0B7EBFA]
"Setting"="s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\ZinioLLC.Zinio_0q6dqzpp40p2e!App]
"Setting"="c:toast,c:badge,c:cloud,c:internet,c:ringing,c:tile,c:tickle,s:toast,s:badge,s:banner,s:listenerEnabled,s:tile,s:lock:toast,s:voip"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1001\Software\Classes\Local Settings\MuiCache\2c\67BDC06]
"@%Systemroot%\system32\wsmsvc.dll,-102"="Der Windows-Remoteverwaltungsdienst (WinRM) implementiert das WS-Verwaltungsprotokoll für die Remoteverwaltung. Die WS-Verwaltung ist ein Webdienstprotokoll für die Remoteverwaltung von Software und Hardware. Der WinRM-Dienst hört das Netzwerk auf WS-Verwaltungsanforderungen ab und verarbeitet diese. Er muss dafür mit dem Befehlszeilentool "winrm" oder über Gruppenrichtlinien mit einem Listener konfiguriert werden. Er bietet Zugriff auf WMI-Daten und ermöglicht die Ereigniserfassung. Die Erfassung und Abonnierung von Ereignissen setzt voraus, dass der Dienst ausgeführt wird. WinRM-Nachrichten verwenden HTTP und HTTPS als Transportprotokoll. Der WinRM-Dienst ist nicht von IIS abhängig, ist jedoch zur Freigabe eines Anschlusses mit IIS auf demselben Computer vorkonfiguriert. Das URL-Präfix "/wsman" ist für den WinRM-Dienst reserviert. Um Konflikte mit IIS zu vermeiden, sollten Administratoren sicherstellen, dass für in IIS gehostete Websites nicht das URL-Präfix "/wsman" verwendet wird."
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\FamilySafety_Settings]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.LanguageComponentsInstaller]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ParentalControls]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App]
"Setting"="c:tile,s:tile,s:lock:toast,s:banner,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:toast,c:internet,c:badge,c:ringing,c:tickle"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.AppInitiatedDownload]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.Continuum]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.MiracastReceiver]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.ShareExperience]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AudioTroubleshooter]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.AutoPlay]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BackgroundAccess]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BdeUnlock]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BitLockerPolicyRefresh]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Bthprops]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Calling]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Compat]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceConsent]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceEnrollmentActivity]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.DeviceManagement]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Devices]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.EnterpriseDataProtection]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Explorer]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.FodHelper]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.HelloFace]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LocationManager]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LowDisk]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.MobilityExperience]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppAcquire]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpAppLaunch]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpDevicePairing]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.NfpReceiveContent]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Print.Notification]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.RasToastNotifier]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Share]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SoftLanding]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Suggested]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Usb.Notification]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WiFiNetworkManager]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WindowsTip]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.WindowsUpdate.Notification]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Wwansvc]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:toast,c:ringing"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_CollectionInterest]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_Settings]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"
[HKEY_USERS\S-1-5-21-4044158651-1248895399-1107232148-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\WLRoamingSetting_UserTile]
"Setting"="s:tickle,s:tile,s:lock:toast,s:banner,s:lock:badge,s:lock:tile,s:toast,s:badge,s:audio,s:voip,s:listenerEnabled,c:cloud,c:internet"

====== Ende von Suche ======


  • 0

#7
RKinner
Posted 17 February 2018 - 10:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Don't see the speccy log attached.  It's a funny two step process.  You have to select the file first then upload it and it won't work unless it's a .txt file.

 

Looks like you posted the registry search results twice and missed the file search results.

 

Nothing in the registry looks like our target.  Is it still keeping you from shutting down?  Could you have uninstalled it?

 

Speaking of uninstalling:  Your version of Bonjour is not Win 10 compatible.  It needs to be uninstalled.

 

Also FRST flags

UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.4.0.3 - ) <==== ACHTUNG
 

 

All I know about it is that it supposedly isn't free after the first download and ESET won't let you download it.  If you haven't paid for it I would uninstall it.

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

If you open an elevated command prompt it will by default open in c:\Windows\system32

Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 


  • 0

#8
philon8
Posted 18 February 2018 - 12:11 PM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

There were actually no results in the file search (just ran it again: nothing).

I've uninstalled those two programs & do attach the speccy text file once again.

(Now continuing with the other suggestions you made:)

Attached Files


  • 0

#9
philon8
Posted 18 February 2018 - 02:47 PM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Windows did not find any integrity violations.
 

 


Vino's Event Viewer v01c run on Windows 7 in German
Report run at 18/02/2018 21:31:53

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Kritisch Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2018 16:13:33
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

Log: 'System' Date/Time: 07/01/2018 22:37:41
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

Log: 'System' Date/Time: 27/12/2017 12:08:52
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

Log: 'System' Date/Time: 12/12/2017 13:12:51
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fehler Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/02/2018 18:56:38
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:51:24
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:46:09
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:45:57
Type: Fehler Category: 0
Event: 7022 Source: Service Control Manager
Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Log: 'System' Date/Time: 18/02/2018 18:41:51
Type: Fehler Category: 0
Event: 7000 Source: Service Control Manager
Der Dienst "PDF24" wurde aufgrund folgenden Fehlers nicht gestartet:  Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Log: 'System' Date/Time: 18/02/2018 18:41:51
Type: Fehler Category: 0
Event: 7009 Source: Service Control Manager
Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PDF24 erreicht.

Log: 'System' Date/Time: 18/02/2018 18:41:39
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:41:39
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:01:44
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:51:28
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:51:10
Type: Fehler Category: 0
Event: 7022 Source: Service Control Manager
Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Log: 'System' Date/Time: 18/02/2018 17:47:04
Type: Fehler Category: 0
Event: 7000 Source: Service Control Manager
Der Dienst "PDF24" wurde aufgrund folgenden Fehlers nicht gestartet:  Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Log: 'System' Date/Time: 18/02/2018 17:47:04
Type: Fehler Category: 0
Event: 7009 Source: Service Control Manager
Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PDF24 erreicht.

Log: 'System' Date/Time: 18/02/2018 17:46:49
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:48
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:48
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:46
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:45
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:45
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:28:29
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warnung Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 17/02/2018 19:26:17
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 17/02/2018 19:26:15
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 17/02/2018 19:25:38
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 17/02/2018 19:23:58
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

=====================================================
=====================================================

Vino's Event Viewer v01c run on Windows 7 in German
Report run at 18/02/2018 21:31:53

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Kritisch Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2018 16:13:33
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

Log: 'System' Date/Time: 07/01/2018 22:37:41
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

Log: 'System' Date/Time: 27/12/2017 12:08:52
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

Log: 'System' Date/Time: 12/12/2017 13:12:51
Type: Kritisch Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fehler Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/02/2018 18:56:38
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:51:24
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:46:09
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:45:57
Type: Fehler Category: 0
Event: 7022 Source: Service Control Manager
Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Log: 'System' Date/Time: 18/02/2018 18:41:51
Type: Fehler Category: 0
Event: 7000 Source: Service Control Manager
Der Dienst "PDF24" wurde aufgrund folgenden Fehlers nicht gestartet:  Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Log: 'System' Date/Time: 18/02/2018 18:41:51
Type: Fehler Category: 0
Event: 7009 Source: Service Control Manager
Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PDF24 erreicht.

Log: 'System' Date/Time: 18/02/2018 18:41:39
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:41:39
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 18:01:44
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:51:28
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:51:10
Type: Fehler Category: 0
Event: 7022 Source: Service Control Manager
Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Log: 'System' Date/Time: 18/02/2018 17:47:04
Type: Fehler Category: 0
Event: 7000 Source: Service Control Manager
Der Dienst "PDF24" wurde aufgrund folgenden Fehlers nicht gestartet:  Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Log: 'System' Date/Time: 18/02/2018 17:47:04
Type: Fehler Category: 0
Event: 7009 Source: Service Control Manager
Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PDF24 erreicht.

Log: 'System' Date/Time: 18/02/2018 17:46:49
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:48
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:48
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:46
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "Youlias\Youlia" (SID: S-1-5-21-4044158651-1248895399-1107232148-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Start" für die COM-Serveranwendung mit der CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  und der APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:45
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:46:45
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  und der APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Log: 'System' Date/Time: 18/02/2018 17:28:29
Type: Fehler Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  und der APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warnung Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 18:42:12
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:47:25
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 18/02/2018 17:11:26
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 71 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 17/02/2018 19:26:17
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 17/02/2018 19:26:15
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 17/02/2018 19:25:38
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 17/02/2018 19:23:58
Type: Warnung Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
Aufgrund eines DNS-Auflösungsfehlers auf "time.windows.com,0x9" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 15 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angegebene Host ist unbekannt. (0x80072AF9)

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "2" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "3" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "1" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

Log: 'System' Date/Time: 13/02/2018 23:57:15
Type: Warnung Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
Die Geschwindigkeit des Prozessors "0" in der Gruppe "0" wird durch die Systemfirmware eingeschränkt. Der Prozessor befindet sich bereits 49 Sekunden (gemessen seit dem letzten Bericht) in diesem eingeschränkten Leistungszustand.

=====================================================
=====================================================
It seems to not letting me check "applications" at least the result is still (tried 3times now) the system log....




 


  • 0

#10
RKinner
Posted 18 February 2018 - 03:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Got the Speccy file that time.  No sign of the RTC thing.  It does show you have a Seagate drive.  These fail too often for my taste so make sure you back up any data.

 

VEW shows that

PDF24 Creator 8.0.4

is having problems.  If you use it get a new version or reinstall.  If not uninstall.

 

Let's see if aswMBR will run:

 


Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

 

Also if you haven't already try running MBAR:

 

https://www.malwareb...om/antirootkit/


  • 0

Advertisements

#11
philon8
Posted 19 February 2018 - 08:01 AM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thx, yeah it's not the most reliable computer (not anymore)...

i ran malwarebytes in the very beginning yet it didn't find anything.

this aswMBR just caused my computer to crash (nothing new though, it frequently shuts down all of a sudden, for almost a year now -_-!)
at the 2nd try it ran for  one and a half hours until the message popped up that it wasn't working anymore and i'd be notified when a fix for it was available....
So I unchecked traceDiskIOcalls and ran it once more:

Attached Files


  • 0

#12
philon8
Posted 19 February 2018 - 08:06 AM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

PS: the Fix button is not enabled


  • 0

#13
RKinner
Posted 19 February 2018 - 11:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

MBAR is different from MBAM so if you didn't run it before please try it now.

 

AswMBR didn't find anything.  The fact that it doesn't recognize the MBR isn't important since this is Win 10 which doesn't use the MBR.

 

Have you let Avast run a boot-time scan?

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 

Let's see if there are any dumps from your crashes:

 

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

Intel® Dynamic Platform and Thermal Framework appears to be out of date.  I know they have had to make changes to make it work right with the different flavors of Win 10.  Unfortunately intel says you have to get it from your PC maker so go to your Asus support site and see if they offer a newer version for your PC.  If they don't offer one for Win 10 see if they have one for Win 8 or 7.

 

 


  • 0

#14
philon8
Posted 21 February 2018 - 01:50 AM

philon8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

MBAR didn't find anything either

& I can't seem to get BlueScreenView started (it's supposed to start the scan by itself once you open it, right? it doesn't do anything on my end though)

Had to run the Avast boot-time scan two nights in a row (because I forgot to take note of the folder before the first start -_-!)

02/19/2018 23:00
Prüfung von C:

Prüfung von *STARTUP

Datei C:\$Recycle.Bin\S-1-5-21-4044158651-1248895399-1107232148-1001\$RSKYXPW.exe ist infiziert von Win32:Rootkit-gen [Rtk], In Container verschoben
Datei C:\AdwCleaner\Quarantine\C\Users\Youlia\AppData\Roaming\Mozilla\Firefox\Profiles\az8d174e.default\Extensions\[email protected]\chrome\content\toolbar.js.vir ist infiziert von JS:WebSearch-B [PUP], In Container verschoben
Anzahl durchsuchter Ordner: 62584
Anzahl der geprüften Dateien: 1736119
Anzahl infizierter Dateien: 2

----------------------------------------
02/20/2018 22:47
Prüfung von C:

Prüfung von *STARTUP

Anzahl durchsuchter Ordner: 62588
Anzahl der geprüften Dateien: 1735927
Anzahl infizierter Dateien: 0
 


  • 0

#15
RKinner
Posted 21 February 2018 - 06:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Avast did find a rootkit the first time through and it wasn't there on the second so that's good news.

Bluescreenview doesn't really do a scan. It just reads the minidump files. If there aren't any then there is nothing for it to read. Either the PC didn't create any when it crashed because of a hardware failure or they are not turned on. Instructions for turning minidumps on:
http://blog.nirsoft....-files-on-bsod/
Make sure yours is configured to create minidumps. If it is the the failure was probably caused by something in the underlying hardware. Usually heat related tho sometimes bad memory or failing hard drive or a low level driver. Speccy said the temps were good but it had not been on very long. Monitor your temps in real time with speedfan:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then click on the highest temp CPU or Coretemp and check Show in tray.

Once you get it running let avast do a scan or watch a movie or play a game. Watch the temps. What is the highest it gets too?

You can check the memory with the builtin memory check
https://social.techn...al-preview.aspx
or better with memtest86 https://www.memtest86.com/

For drivers go to the asus site and see if they have newer drivers or bios for you. Also check with intel for the latest

https://downloadcenter.intel.com/

You can test the hard drive with HD Tune

http://www.hdtune.co.../hdtune_255.exe

Download, save and rightclick and run as admin.

Once you get it running press Start. (Works best with nothing else running and your anti-virus paused)

You want it to look like the picture in

http://www.hdtune.com/

If the blue line has sharp drops that means a failing hard drive.

You can also do an error scan. Click on Error scan tab then Start.

Try running VEW again but just do Application.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP