2016 Std. VM - Rule out infection for slowdowns/crashes

fxbt · Sep 7, 2023

Hello,
i experience some strange issues i could not resolve yet with a VM on Server 2016 Std. Runs on a Hyper-V Server 2016 Server.

Sometimes (looks randomly) the clients in the network loose the network connection to the vm. The vm hosts the order redirection, without offline files, so it always has big impact. A restart of the vm helps for a couple of hours. The already exchanged complete hardware and moved to another server. So hardware ist not the reason so far i can see. Also replaced switch and cables. When it is happening i still can access through teamviewer onto the vm. But the shared network drives are not working anymore although they are shared from the own vm via dns name. Via localhost they are working anytime as far as i can tell.

We use sophos intercept x. Scan with sophos scan and clean was clean, so at first i thought okay no malware issue probably. I now tried MSERT and the scanner finds some things. Also i see a few strange login things in the security eventlog and that smb2/3 was deactived and tried to connect as anonymous to smb1. unfortunately i cannot find the error and am not a professional security analyst..

I would appreciate any help / steps i could do to rule out any infection as source of the problem. The impact itself is now only a few minutes with the new server but i need to find the real problem..

Thank you!

Greetings and great to have support from you guys!

PS: maybe a mod can correct the title

fxbt · Sep 7, 2023

FRST.txt Result:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2023
Ran by Administrator (administrator) on vm-rds (Microsoft Corporation Virtual Machine) (07-09-2023 13:23:45)
Running from C:\FXBT\EnglishFRST64.exe
Loaded Profiles: Remote-MK & Administrator & MSSQL$MICROSOFT##WID & MSSQL$PDATA_SQLEXPRESS
Platform: Microsoft Windows Server 2016 Standard Version 1607 14393.6167 (X64) Language: Deutsch (Deutschland)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe <3>
(C:\Program Files (x86)\PAConceptsServer\procrun.exe ->) () [File not signed] C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe
(C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STOMAWIN.EXE ->) (TEAMDEV LTD. -> The Chromium Authors) C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\chromium\WindowsX86\chromium.exe <5>
(C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe <3>
(C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe <3>
(C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe <3>
(C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe <2>
(C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNetFilter.exe
(Computer konkret AG -> Computer konkret AG) C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STOMAWIN.EXE
(DUERR DENTAL AG) [File not signed] C:\Program Files (x86)\Duerr\LogServer\DBSLOG.EXE
(explorer.exe ->) () [File not signed] C:\Program Files\rise-kim-clientmodul\rise-kim-clientmodul.exe
(explorer.exe ->) (DATEXT Beratungsges. fuer Daten- und Textverarbeitung mbH -> Datext GmbH) C:\Datext\DeLaKom\DeLaKom.exe <3>
(explorer.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos UI\Sophos UI.exe <3>
(Farbar) [File not signed] C:\FXBT\EnglishFRST64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <3>
(services.exe ->) (Apache Software Foundation) [File not signed] D:\DSSERVER\bin\httpd.exe <2>
(services.exe ->) (DUERR DENTAL AG) [File not signed] C:\Program Files (x86)\Duerr\Server\DBSSrv.exe
(services.exe ->) (Firebird Project) [File not signed] C:\Program Files (x86)\Duerr\FBS\bin\fbguard.exe
(services.exe ->) (Firebird Project) [File not signed] C:\Program Files (x86)\Duerr\FBS\bin\fbserver.exe
(services.exe ->) (MELAG Medizintechnik oHG -> MELAG Medizintechnik oHG) C:\Program Files (x86)\Melag\MELAG FTP Server\Melag.FtpServerWinService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.CKTWHEALTH\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.PDATA_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\WID\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\WID\Binn\sqlwriter.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\tssdis.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (PA-Konzepte Voice GmbH -> Apache Software Foundation) C:\Program Files (x86)\PAConceptsServer\procrun.exe
(services.exe ->) (Sophos Limited -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\File Integrity Monitoring\SophosFIMService.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (TecWare GmbH) [File not signed] C:\Program Files (x86)\praxis-upgrade\Admin\Admin.ClientSv.exe
(services.exe ->) (TecWare GmbH) [File not signed] C:\Program Files (x86)\praxis-upgrade\Admin\Admin.Cron.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TecWare GmbH) [File not signed] C:\Users\Remote-MK\AppData\Local\TecWare\Admin.Client.Cache\Admin.Client.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OfficeScanNT Monitor] => "C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe" -HideWindow (No File)
HKLM\...\Run: [Sophos UI.exe] => C:\Program Files\Sophos\Sophos UI\Sophos UI.exe [1691432 2023-09-03] (Sophos Ltd -> Sophos Limited)
HKLM-x32\...\Run: [DBSLog] => C:\Program Files (x86)\Duerr\LogServer\DBSLOG.EXE [1667072 2019-04-08] (DUERR DENTAL AG) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableLogonScriptDelay] 1
HKLM\Software\Policies\...\system: [AsyncScriptDelay] 0
HKU\S-1-5-21-3788489271-2711247836-2933129611-500\...\MountPoints2: {32ded51c-4418-11e9-b517-806e6f6e6963} - "E:\setup.exe"
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp210: C:\Windows\System32\spool\prtprocs\x64\hpcpp210.dll [769776 2017-08-23] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp270: C:\Windows\System32\spool\prtprocs\x64\hpcpp270.dll [873168 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HP c12a Status Monitor: C:\Windows\system32\hpinkstsc12aLM.dll [476336 2019-09-16] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP d211 Status Monitor: C:\Windows\system32\hpinkstsd211LM.dll [392832 2017-10-30] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW081.DLL [127728 2017-08-23] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\Windows\system32\hpmlm190.dll [310696 2017-08-23] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM225: C:\Windows\system32\hpmlm225.dll [318160 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.179\Installer\chrmstp.exe [2023-09-07] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
HKLM\Software\...\Authentication\Credential Providers: [{74E88D24-8D28-4189-A526-CED30FB1766D}] -> MSPACredentialProvider_7.00.32.202202161220_N-Central.dll
Lsa: [Notification Packages] rassfm scecli
Startup: C:\Users\Administrator.DOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rise-kim-clientmodul.lnk [2023-09-04]
ShortcutTarget: rise-kim-clientmodul.lnk -> C:\Program Files\rise-kim-clientmodul\rise-kim-clientmodul.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DeLaKom.lnk [2021-04-28]
ShortcutTarget: DeLaKom.lnk -> C:\Datext\DeLaKom\DeLaKom.exe (DATEXT Beratungsges. fuer Daten- und Textverarbeitung mbH -> Datext GmbH)
BootExecute: autocheck autochk /q /v *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6F7FEF2C-5832-457E-A883-ACBA71CA24B0} - System32\Tasks\Dampsoft Update => D:\Dampsoft-Update\WINSCP-BATCH.bat [2366 2022-03-20] () [File not signed]
Task: {0C2A7DBA-A63C-4B59-A10D-28FB4DD6E847} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-11] (Google Inc -> Google Inc.)
Task: {39559A54-BBC5-4AFC-8584-4FF7C7DF6047} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-11] (Google Inc -> Google Inc.)
Task: {E7E4742E-BFB6-442A-87C3-BC7DBEAC6593} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe  (No File)
Task: {CB22B03C-7FB1-4611-801B-8F049FD3251D} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {C32D8AF0-5A64-40B3-B95E-AAD5278F9707} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {B5459903-069E-46DC-B729-E1DB3ED48C63} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
Task: {0232AE8F-62C2-47EC-B6E0-9C79BF6CC45B} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
Task: {41600EBB-B4B7-472A-9F58-8AA04A7F8984} - System32\Tasks\Microsoft\Windows\Network Controller\SDN Diagnostics Task => {C8B67F54-D1CB-44BF-9103-A1AB9A9ED8AD} C:\Windows\System32\mscoree.dll [387072 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
Task: {18CFC687-ED43-4982-9DE7-FBC9E36BFEF6} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => C:\Windows\system32\rundll32.exe [69632 2021-01-08] (Microsoft Windows -> Microsoft Corporation) -> %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {F0240DDF-FDD2-46B9-8664-34A1B0825CD3} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => C:\Windows\system32\cscript.exe [163328 2021-09-12] (Microsoft Windows -> Microsoft Corporation) -> /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {DF1BA6A6-82D9-4DF9-A787-7804CDFA74B5} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [93696 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
Task: {E0A67649-21C8-4620-81A8-EACF01A98AC3} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => C:\Windows\system32\cmd.exe [232960 2016-07-16] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\silcollector.cmd publish <==== ATTENTION
Task: {423523CC-C7A9-46CD-B449-0C6C806C3F8D} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => C:\Windows\system32\cmd.exe [232960 2016-07-16] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\silcollector.cmd configure <==== ATTENTION
Task: {82627859-2463-4B12-BF73-E81564F22394} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [44544 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
Task: {6BFC71EC-DD2B-4DA8-946E-C6CFEFBB3455} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8b92ee3b-13c2-40f9-8a44-706d05fb9e2a}: [NameServer] 192.168.240.11,192.168.240.20
Tcpip\..\Interfaces\{f9c1748b-4b27-4ec5-b39c-56503139077a}: [NameServer] 192.168.240.11,192.168.240.20

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator.DOMAIN\AppData\Local\Google\Chrome\User Data\Default [2023-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator.DOMAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator.DOMAIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 DBSService; C:\Program Files (x86)\Duerr\Server\DBSSrv.exe [1799168 2019-04-08] (DUERR DENTAL AG) [File not signed]
R2 Dfs; C:\Windows\system32\dfssvc.exe [454144 2023-09-06] (Microsoft Windows -> Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [3888640 2023-09-06] (Microsoft Windows -> Microsoft Corporation)
R2 DSSERVER; D:\DSSERVER\bin\httpd.exe [28672 2022-02-21] (Apache Software Foundation) [File not signed]
R2 FirebirdGuardianDuerrInstance; C:\Program Files (x86)\Duerr\FBS\bin\fbguard.exe [98304 2019-06-12] (Firebird Project) [File not signed]
R3 FirebirdServerDuerrInstance; C:\Program Files (x86)\Duerr\FBS\bin\fbserver.exe [3813376 2019-06-12] (Firebird Project) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5577200 2023-09-03] (Sophos Ltd -> Sophos Limited)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [177152 2023-03-09] (Microsoft Windows -> Microsoft Corporation)
R2 MELAG.FTP-Server; C:\Program Files (x86)\Melag\MELAG FTP Server\Melag.FtpServerWinService.exe [33256 2015-05-27] (MELAG Medizintechnik oHG -> MELAG Medizintechnik oHG)
R2 MSSQL$CKTWHEALTH; C:\Program Files\Microsoft SQL Server\MSSQL12.CKTWHEALTH\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQL$MICROSOFT##WID; C:\Windows\WID\Binn\sqlservr.exe [370368 2019-03-24] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$PDATA_SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.PDATA_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2019-02-01] (HP Inc.) [File not signed]
R2 PAKonzepteService; C:\Program Files (x86)\PAConceptsServer\procrun.exe [186968 2019-03-22] (PA-Konzepte Voice GmbH -> Apache Software Foundation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2019-02-01] (HP Inc.) [File not signed]
R2 RDMS; C:\Windows\System32\RDMS.dll [736768 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [97792 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [84992 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [16896 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe [12514800 2023-09-03] (Sophos Ltd -> Sophos Limited)
R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3658856 2023-09-03] (Sophos Limited -> Sophos Limited)
R2 Sophos File Scanner Service; C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe [1290232 2023-09-03] (Sophos Ltd -> Sophos Limited)
R2 Sophos Health Service; C:\Program Files (x86)\Sophos\Health\SophosHealth.exe [2278256 2023-09-03] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [2037576 2023-09-03] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1869736 2023-09-03] (Sophos Ltd -> Sophos Limited)
R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [12623296 2023-09-03] (Sophos Ltd -> Sophos Limited)
R2 SophosFIM; C:\Program Files\Sophos\File Integrity Monitoring\SophosFIMService.exe [2974552 2023-09-03] (Sophos Ltd -> Sophos Limited)
S4 SQLAgent$CKTWHEALTH; C:\Program Files\Microsoft SQL Server\MSSQL12.CKTWHEALTH\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
S3 SQLAgent$PDATA_SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.PDATA_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [17898296 2023-08-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TermServLicensing; C:\Windows\System32\lserver.dll [728576 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
R2 TScPubRPC; C:\Windows\system32\TSCPUBSvr.dll [240128 2022-05-15] (Microsoft Windows -> Microsoft Corporation)
R2 Tssdis; C:\Windows\System32\tssdis.exe [874496 2022-12-01] (Microsoft Windows -> Microsoft Corporation)
R2 Tw_Admin_Client; C:\Program Files (x86)\praxis-upgrade\Admin\Admin.ClientSv.exe [74752 2023-05-31] (TecWare GmbH) [File not signed]
R2 Tw_Admin_Cron; C:\Program Files (x86)\praxis-upgrade\Admin\Admin.Cron.exe [25600 2023-05-31] (TecWare GmbH) [File not signed]
R2 UALSVC; C:\Windows\System32\ualsvc.dll [261632 2019-05-21] (Microsoft Windows -> Microsoft Corporation)
R3 WIDWriter; C:\Windows\WID\Binn\sqlwriter.exe [134336 2019-03-24] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2279264 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2279264 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [205152 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [536416 2016-07-16] (Microsoft Windows -> QLogic Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [56592 2023-09-06] (Microsoft Windows -> Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [67424 2023-09-06] (Microsoft Windows -> Microsoft Corporation)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [758624 2016-07-16] (Microsoft Windows -> Emulex)
R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [778264 2023-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
S3 IPsecGW; C:\Windows\System32\drivers\ipsecgw.sys [18432 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 MsLbfoProvider; C:\Windows\System32\drivers\MsLbfoProvider.sys [121344 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1632608 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S3 RasGre; C:\Windows\System32\drivers\rasgre.sys [45056 2022-09-30] (Microsoft Windows -> Microsoft Corporation)
R1 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [95072 2016-10-02] (Microsoft Windows -> Microsoft Corporation)
R1 sntp; C:\Windows\system32\DRIVERS\sntp.sys [377920 2023-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
S0 Sophos ELAM; C:\Windows\System32\DRIVERS\SophosEL.sys [28616 2023-09-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Sophos Limited)
R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [2561552 2023-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
R2 TSFairShare; C:\Windows\System32\drivers\TSFairShare.sys [74752 2021-01-08] (Microsoft Windows -> Microsoft Corporation)
S3 v40e; C:\Windows\System32\drivers\v40e64.sys [346624 2016-07-16] (Microsoft Windows -> Intel Corporation)
U4 npcap_wifi; no ImagePath
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Server-Eye\service\1014\OpenHardwareMonitorLib.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-07 13:22 - 2023-09-07 13:23 - 000000000 ____D C:\FRST
2023-09-07 11:30 - 2023-09-07 11:30 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Local\praxis-upgrade
2023-09-07 00:17 - 2023-09-07 00:17 - 000047056 ____N C:\Windows\system32\AutoMakeDisksOnline.exe
2023-09-06 08:52 - 2023-09-06 08:52 - 000016055 __RSH C:\ProgramData\ntuser.pol
2023-09-06 00:27 - 2023-09-06 00:27 - 000000000 ____D C:\Users\anmeldungmk\kimCm
2023-09-06 00:27 - 2023-09-06 00:27 - 000000000 ____D C:\Users\anmeldungmk\AppData\Local\Apps\2.0
2023-09-06 00:05 - 2023-09-06 00:05 - 000001311 _____ C:\Windows\SysWOW64\DfsMgmt.dll.config
2023-09-06 00:05 - 2023-09-06 00:05 - 000001311 _____ C:\Windows\system32\DfsMgmt.dll.config
2023-09-05 16:30 - 2023-09-05 16:30 - 000000926 _____ C:\Users\Administrator.DOMAIN\Desktop\dswin.exe - Verknüpfung (2).lnk
2023-09-04 16:45 - 2023-09-04 16:45 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RISE-KIM-Clientmodul
2023-09-04 16:42 - 2023-09-04 16:43 - 166425016 _____ (RISE) C:\Users\Administrator.DOMAIN\Downloads\RISE-KIM-Update.exe
2023-09-04 15:15 - 2023-09-04 16:42 - 000001023 _____ C:\Users\Administrator.DOMAIN\Desktop\dswin.exe - Verknüpfung.lnk
2023-09-04 00:19 - 2023-09-04 00:34 - 2660161275 _____ C:\Users\Administrator.DOMAIN\Desktop\Profile.zip
2023-09-04 00:06 - 2023-09-04 00:10 - 000000000 ___HD C:\$WINDOWS.~BT
2023-09-03 23:26 - 2023-09-06 14:19 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2023-09-03 23:26 - 2023-09-06 14:19 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2023-09-03 23:26 - 2023-09-03 23:24 - 001142960 _____ (Sophos Limited) C:\Windows\system32\hmpalert.dll
2023-09-03 23:26 - 2023-09-03 23:24 - 001072712 _____ (Sophos Limited) C:\Windows\SysWOW64\hmpalert.dll
2023-09-03 23:25 - 2023-09-03 23:25 - 000000000 ____D C:\Windows\SysWOW64\SophosED
2023-09-03 23:25 - 2023-09-03 23:25 - 000000000 ____D C:\Windows\system32\SophosED
2023-09-03 23:25 - 2023-09-03 23:24 - 000060904 _____ (Sophos Limited) C:\Windows\system32\SophosNA.exe
2023-09-03 23:25 - 2023-09-03 23:24 - 000044662 _____ C:\Windows\system32\Drivers\SophosED.man
2023-09-03 23:24 - 2023-09-03 23:26 - 000000000 ____D C:\Program Files\Sophos
2023-09-03 23:24 - 2023-09-03 23:24 - 000000000 ____D C:\Program Files\Common Files\Sophos
2023-09-03 22:50 - 2023-09-03 22:50 - 000000693 _____ C:\Users\Administrator\Desktop\DS-Win-Version auf Laufwerk Z.lnk
2023-09-03 22:50 - 2023-09-03 22:50 - 000000000 ____D C:\Users\Administrator\Desktop\DAMPSOFT auf Laufwerk Z
2023-09-03 22:50 - 2023-09-03 22:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAMPSOFT auf Laufwerk Z
2023-09-03 22:50 - 2023-09-03 22:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DAMPSOFT
2023-09-03 22:32 - 2023-09-03 22:32 - 000000000 ____D C:\Users\Administrator\WINDOWS
2023-09-03 22:32 - 2023-09-03 22:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Duerr
2023-09-03 22:32 - 2023-09-03 22:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Datext
2023-09-03 20:31 - 2023-09-03 20:31 - 013033968 _____ (Sophos Limited) C:\Users\Administrator.DOMAIN\Downloads\SophosScanAndClean_x64.exe
2023-09-03 20:22 - 2023-09-03 20:22 - 000044716 _____ C:\Users\Administrator.DOMAIN\TsAllUsr.Dat
2023-09-03 00:08 - 2023-09-03 00:08 - 000001701 _____ C:\AiOLog.txt
2023-09-03 00:07 - 2023-09-03 00:08 - 000021757 _____ C:\Windows\unins002.dat
2023-09-03 00:07 - 2023-09-03 00:07 - 001207319 _____ C:\Windows\unins001.exe
2023-09-03 00:07 - 2023-09-03 00:07 - 001199175 _____ C:\Windows\unins002.exe
2023-09-03 00:07 - 2023-09-03 00:07 - 000010836 _____ C:\Windows\unins001.dat
2023-09-03 00:07 - 2017-04-01 20:44 - 003450616 _____ (Red Hat) C:\Windows\system32\cygwin1.dll
2023-09-03 00:07 - 2017-01-26 07:25 - 001265664 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2023-09-03 00:07 - 2017-01-26 07:25 - 000274944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2023-09-03 00:07 - 2017-01-26 07:25 - 000274944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2023-09-03 00:07 - 2015-07-10 11:51 - 000456008 _____ (AutoIt Team) C:\Windows\system32\autoitx3.dll
2023-09-03 00:07 - 2014-01-31 03:14 - 001055676 _____ (Free Software Foundation) C:\Windows\system32\libiconv2.dll
2023-09-03 00:07 - 2014-01-25 14:30 - 000131072 _____ (Sereby Corporation) C:\Windows\system32\AiORuntimes.dll
2023-09-03 00:07 - 2012-06-14 15:36 - 000107520 _____ C:\Windows\system32\zlib1.dll
2023-09-03 00:07 - 2012-04-03 17:11 - 000138752 _____ C:\Windows\system32\libpng15.dll
2023-09-03 00:07 - 2011-10-12 04:09 - 004033440 _____ (Intel Corporation) C:\Windows\system32\libmmd.dll
2023-09-03 00:07 - 2011-10-01 09:16 - 000445016 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2023-09-03 00:07 - 2011-10-01 09:16 - 000109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\openal32.dll
2023-09-03 00:07 - 2011-01-12 14:36 - 001054208 _____ (Microsoft Corporation) C:\Windows\system32\mfc71u.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\mfc71DEU.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mfc71ITA.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mfc71FRA.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mfc71ESP.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\mfc71ENU.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\mfc71KOR.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\mfc71JPN.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\mfc71CHT.dll
2023-09-03 00:07 - 2011-01-12 14:25 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\mfc71CHS.dll
2023-09-03 00:07 - 2011-01-12 14:19 - 001060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2023-09-03 00:07 - 2011-01-12 13:53 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\atl71.dll
2023-09-03 00:07 - 2008-08-26 07:40 - 000162304 _____ C:\Windows\system32\libpng13.dll
2023-09-03 00:07 - 2007-02-01 23:13 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2023-09-03 00:07 - 2007-02-01 20:11 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2023-09-03 00:07 - 2007-01-30 23:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
2023-09-03 00:07 - 2006-08-26 01:28 - 001017344 _____ (Microsoft Corporation) C:\Windows\system32\mfc70u.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mfc70ITA.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mfc70FRA.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mfc70ESP.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mfc70DEU.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\mfc70ENU.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\mfc70KOR.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\mfc70JPN.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\mfc70CHT.dll
2023-09-03 00:07 - 2006-08-26 01:15 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\mfc70CHS.dll
2023-09-03 00:07 - 2006-08-26 01:07 - 001024000 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2023-09-03 00:07 - 2006-08-26 00:17 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\atl70.dll
2023-09-03 00:07 - 2005-05-06 14:52 - 000103424 _____ (GNU <www.gnu.org>) C:\Windows\system32\libintl3.dll
2023-09-03 00:07 - 2005-01-20 20:25 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\msvci70.dll
2023-09-03 00:07 - 2002-01-05 06:40 - 000487424 _____ (Microsoft Corporation) C:\Windows\system32\msvcp70.dll
2023-09-03 00:07 - 1996-01-12 04:00 - 000722192 _____ (Microsoft Corporation) C:\Windows\system32\vb40032.dll
2023-09-03 00:06 - 2023-09-03 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2023-09-03 00:06 - 2023-09-03 00:06 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2023-09-03 00:06 - 2023-09-03 00:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2023-09-03 00:02 - 2023-09-03 00:02 - 000129192 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2023-09-03 00:02 - 2023-09-03 00:02 - 000114344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2023-09-03 00:02 - 2023-09-03 00:02 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Roaming\Sun
2023-09-03 00:02 - 2023-09-03 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2023-09-03 00:02 - 2023-09-03 00:02 - 000000000 ____D C:\Program Files\Java
2023-09-03 00:01 - 2023-09-03 00:01 - 000000000 ____D C:\Program Files (x86)\Java
2023-09-02 23:55 - 2023-09-02 23:56 - 397217246 _____ (Sereby Corporation) C:\Users\Administrator.DOMAIN\Downloads\aio-runtimes_v2.5.0.exe
2023-09-02 16:14 - 2023-09-02 16:14 - 000017440 _____ C:\Users\Administrator.DOMAIN\Desktop\SFCFix.txt
2023-09-02 16:14 - 2023-09-02 16:14 - 000000000 ____D C:\SFCFix
2023-09-02 16:06 - 2023-09-02 16:14 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Local\niemiro
2023-09-02 16:04 - 2023-09-02 16:04 - 002316112 _____ (niemiro) C:\Users\Administrator.DOMAIN\Desktop\SFCFix.exe
2023-09-02 03:58 - 2023-09-02 03:58 - 000156550 _____ C:\Users\Administrator.DOMAIN\Desktop\AcronisVSSDoctorReport_2023-09-02-03-58-48.txt
2023-09-02 03:48 - 2023-09-02 03:48 - 007620320 _____ (Acronis Inc.) C:\Users\Administrator.DOMAIN\Downloads\AcronisVSSDoctor-net45.exe
2023-09-02 03:37 - 2023-09-02 03:37 - 000007109 _____ C:\Users\Administrator.DOMAIN\Desktop\diskshadow.txt
2023-09-02 03:29 - 2023-09-02 03:29 - 000461524 _____ C:\Windows\system32\29-02.09.2023-03_--_vm-rds.cab
2023-09-01 01:00 - 2023-09-01 01:40 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Local\Sysnative
2023-09-01 00:40 - 2023-09-01 00:41 - 000000000 ____D C:\Users\Administrator.DOMAIN\Downloads\windows10.0-kb4521858-x64_4660e9135b9de2ec006aee76499588d729fbbc60
2023-08-31 22:32 - 2023-08-31 22:32 - 038670744 _____ (Sysnative Forums Software Ltd) C:\Users\Administrator.DOMAIN\Downloads\ComponentsScanner.exe
2023-08-30 21:01 - 2023-08-30 22:47 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Roaming\Notepad++
2023-08-30 21:01 - 2023-08-30 21:02 - 000000885 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2023-08-30 21:01 - 2023-08-30 21:02 - 000000000 ____D C:\Program Files\Notepad++
2023-08-30 21:01 - 2023-08-30 21:01 - 004704376 _____ (Don HO don.h@free.fr) C:\Users\Administrator.DOMAIN\Downloads\npp.8.5.6.Installer.x64.exe
2023-08-30 18:28 - 2023-08-30 18:28 - 000000000 ____D C:\Users\Administrator.DOMAIN\Downloads\Wired_driver_28.2_x64
2023-08-30 18:27 - 2023-08-30 18:28 - 039624990 _____ C:\Users\Administrator.DOMAIN\Downloads\Wired_driver_28.2_x64.zip
2023-08-30 18:27 - 2023-08-30 18:28 - 034581491 _____ C:\Users\Administrator.DOMAIN\Downloads\Wired_PROSet_28.2_x64.zip
2023-08-30 18:16 - 2023-08-30 18:16 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Local\unali-4903421
2023-08-30 18:16 - 2023-08-30 18:16 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Local\unali-4902875
2023-08-30 04:26 - 2023-08-30 04:26 - 000002534 _____ C:\Users\Administrator.DOMAIN\Desktop\vm-rdsiis.PFX
2023-08-30 04:18 - 2023-08-30 04:18 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Roaming\Microsoft\WebManagement
2023-08-24 23:01 - 2023-08-24 23:06 - 1555552584 _____ (DAMPSOFT GmbH) C:\Users\Administrator.DOMAIN\Downloads\install.exe
2023-08-18 13:16 - 2023-08-18 13:16 - 000002673 _____ C:\Users\Remote-MK\Desktop\Charly - Derdau Fischer.lnk
2023-08-16 22:05 - 2023-08-16 22:05 - 000002673 _____ C:\Users\BreuerM\Desktop\Charly - Derdau Fischer.lnk
2023-08-15 13:39 - 2023-08-15 13:39 - 000000000 ____D C:\Users\Remote-MK\AppData\Roaming\Microsoft\CLR Security Config

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-07 13:23 - 2022-10-06 22:50 - 000000000 ____D C:\FXBT
2023-09-07 13:20 - 2019-03-27 10:15 - 000000000 ____D C:\Windows\system32\lserver
2023-09-07 12:32 - 2019-03-11 21:57 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-07 11:55 - 2019-03-16 19:16 - 000000128 _____ C:\Windows\system32\config\netlogon.ftl
2023-09-07 11:48 - 2019-06-27 13:40 - 000000000 ____D C:\paconceptsdata
2023-09-07 11:48 - 2019-06-26 10:12 - 000000000 ____D C:\Users\Hopps
2023-09-07 11:48 - 2019-03-13 09:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-09-07 11:48 - 2016-09-12 13:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-07 11:48 - 2016-07-16 08:04 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-07 08:08 - 2016-07-16 15:21 - 000000000 ____D C:\Windows\INF
2023-09-07 07:50 - 2022-05-19 14:56 - 000000000 ____D C:\Users\Administrator.DOMAIN\kimCm
2023-09-07 07:24 - 2019-07-01 08:18 - 000004170 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{6E112416-9E76-446C-A930-3547CB195449}
2023-09-07 01:15 - 2021-07-04 08:56 - 000007612 _____ C:\Users\Administrator.DOMAIN\AppData\Local\Resmon.ResmonCfg
2023-09-07 01:00 - 2019-03-28 10:48 - 000002270 _____ C:\Windows\VDDS_MMI.INI
2023-09-07 00:58 - 2019-09-10 20:59 - 000000000 ____D C:\Users\Administrator.DOMAIN\paConcepts
2023-09-07 00:58 - 2019-06-12 14:51 - 000000000 ____D C:\Sidexis
2023-09-07 00:45 - 2019-03-11 21:57 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-07 00:34 - 2019-06-12 13:45 - 000000000 ____D C:\ProgramData\firebird
2023-09-06 19:32 - 2019-06-12 12:44 - 000000000 ____D C:\Users\MSSQL$PDATA_SQLEXPRESS
2023-09-06 19:32 - 2019-03-24 20:43 - 000000000 ____D C:\Users\MSSQL$MICROSOFT##WID
2023-09-06 19:32 - 2019-03-16 19:17 - 000000000 ____D C:\Users\Administrator.DOMAIN
2023-09-06 18:48 - 2020-10-05 20:44 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{2AC4B93A-AEB8-4E7D-BFD4-F9A73DB80320}
2023-09-06 10:39 - 2019-06-24 10:44 - 000000000 ____D C:\Users\Remote-MK
2023-09-06 00:27 - 2020-10-05 20:31 - 000000000 ____D C:\Users\anmeldungmk\AppData\Local\TeamViewer
2023-09-06 00:27 - 2020-10-05 20:31 - 000000000 ____D C:\Users\anmeldungmk
2023-09-06 00:27 - 2016-09-12 13:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-06 00:24 - 2020-08-26 16:49 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Roaming\Microsoft\MMC
2023-09-06 00:07 - 2016-07-16 15:02 - 000000000 ____D C:\Windows\CbsTemp
2023-09-06 00:05 - 2021-12-15 16:49 - 000454144 _____ (Microsoft Corporation) C:\Windows\system32\dfssvc.exe
2023-09-06 00:05 - 2021-01-13 08:54 - 003888640 _____ (Microsoft Corporation) C:\Windows\system32\dfsrs.exe
2023-09-06 00:05 - 2021-01-13 08:54 - 002270720 _____ (Microsoft Corporation) C:\Windows\system32\dfsrmig.exe
2023-09-06 00:05 - 2021-01-13 08:47 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\DfsrHelper.dll
2023-09-06 00:05 - 2021-01-13 08:47 - 000558592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DfsrHelper.dll
2023-09-06 00:05 - 2019-03-12 12:59 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\dfsrapi.dll
2023-09-06 00:05 - 2019-03-12 12:59 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\dfsutil.exe
2023-09-06 00:05 - 2016-07-16 15:20 - 000268640 _____ C:\Windows\SysWOW64\dfsrHealthReport.xsl
2023-09-06 00:05 - 2016-07-16 15:20 - 000155741 _____ C:\Windows\SysWOW64\dfsrPropagationReport.xsl
2023-09-06 00:05 - 2016-07-16 15:20 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DfsRes.dll
2023-09-06 00:05 - 2016-07-16 15:20 - 000055953 _____ C:\Windows\SysWOW64\dfsmgmt.msc
2023-09-06 00:05 - 2016-07-16 15:20 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfsfrsHost.exe
2023-09-06 00:05 - 2016-07-16 15:19 - 000268640 _____ C:\Windows\system32\dfsrHealthReport.xsl
2023-09-06 00:05 - 2016-07-16 15:19 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\DfsDiag.exe
2023-09-06 00:05 - 2016-07-16 15:19 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\dfsncimprov.dll
2023-09-06 00:05 - 2016-07-16 15:19 - 000155741 _____ C:\Windows\system32\dfsrPropagationReport.xsl
2023-09-06 00:05 - 2016-07-16 15:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\DfsRes.dll
2023-09-06 00:05 - 2016-07-16 15:19 - 000067424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsrro.sys
2023-09-06 00:05 - 2016-07-16 15:19 - 000055953 _____ C:\Windows\system32\dfsmgmt.msc
2023-09-06 00:05 - 2016-07-16 15:19 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\dfsfrsHost.exe
2023-09-06 00:05 - 2016-07-16 15:19 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\dfscmd.exe
2023-09-04 16:47 - 2022-05-19 14:56 - 000000000 ____D C:\Program Files\rise-kim-clientmodul
2023-09-04 00:10 - 2019-03-28 10:10 - 000001908 _____ C:\Windows\diagwrn.xml
2023-09-04 00:10 - 2019-03-28 10:10 - 000001908 _____ C:\Windows\diagerr.xml
2023-09-04 00:08 - 2019-03-11 18:10 - 000000000 ____D C:\Windows\Panther
2023-09-03 23:49 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\Registration
2023-09-03 23:26 - 2020-09-21 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2023-09-03 23:26 - 2020-09-21 11:04 - 000000000 ____D C:\ProgramData\Sophos
2023-09-03 23:26 - 2020-09-21 11:04 - 000000000 ____D C:\Program Files (x86)\Sophos
2023-09-03 23:24 - 2016-07-16 15:23 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-09-03 23:19 - 2020-08-26 16:49 - 000000000 ____D C:\Users\Administrator.DOMAIN\AppData\Roaming\DAMPSOFT
2023-09-03 22:32 - 2019-03-14 22:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\TeamViewer
2023-09-03 22:32 - 2019-03-11 18:23 - 000000000 ____D C:\Users\Administrator
2023-09-03 22:32 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\AppReadiness
2023-09-03 00:07 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\System
2023-09-03 00:05 - 2019-04-01 17:48 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-02 04:04 - 2021-10-05 11:30 - 000000128 _____ C:\Users\Administrator.DOMAIN\AppData\Roaming\winscp.rnd
2023-09-01 15:23 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\rescache
2023-08-30 18:17 - 2023-03-26 23:35 - 000000000 ____D C:\Program Files (x86)\EaseUS
2023-08-29 23:17 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\system32\NDF
2023-08-29 22:40 - 2019-03-11 18:15 - 002870662 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-29 22:40 - 2016-09-12 13:28 - 001020386 _____ C:\Windows\system32\perfh007.dat
2023-08-29 22:40 - 2016-09-12 13:28 - 000298342 _____ C:\Windows\system32\perfc007.dat
2023-08-25 22:17 - 2016-09-12 04:52 - 000219240 _____ C:\Windows\system32\FNTCACHE.DAT
2023-08-25 20:40 - 2019-03-11 22:26 - 000000000 ____D C:\Windows\Cluster
2023-08-25 20:40 - 2016-07-16 15:23 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-08-25 20:40 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-08-25 20:40 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\system32\setup
2023-08-25 20:40 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-08-25 20:40 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\system32\oobe
2023-08-25 20:40 - 2016-07-16 15:23 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-08-25 20:40 - 2016-07-16 08:04 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-08-25 20:40 - 2016-07-16 08:04 - 000000000 ____D C:\Windows\system32\Dism
2023-08-25 05:28 - 2016-07-16 15:23 - 000000167 _____ C:\Windows\win.ini
2023-08-25 05:27 - 2019-03-11 21:54 - 000000000 ____D C:\Windows\system32\MRT
2023-08-25 05:17 - 2019-03-11 21:53 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-16 22:05 - 2020-08-19 08:08 - 000000000 ____D C:\Users\BreuerM
2023-08-09 13:49 - 2020-09-21 11:31 - 000000000 ____D C:\Windows\CryptoGuard

==================== Files in the root of some directories ========

2023-09-03 20:22 - 2023-09-03 20:22 - 000044716 _____ () C:\Users\Administrator.DOMAIN\TsAllUsr.Dat
2023-03-27 00:23 - 2023-03-27 00:23 - 000000039 _____ () C:\Users\Administrator.DOMAIN\AppData\Roaming\epm_user.ini
2020-08-26 16:49 - 2019-10-10 16:00 - 000000030 _____ () C:\Users\Administrator.DOMAIN\AppData\Roaming\wfbshelp.ini
2021-10-05 11:30 - 2023-09-02 04:04 - 000000128 _____ () C:\Users\Administrator.DOMAIN\AppData\Roaming\winscp.rnd
2019-06-12 13:37 - 2019-06-12 13:37 - 000402580 _____ () C:\Users\Administrator.DOMAIN\AppData\Local\dd_vcredistMSI5179.txt
2019-06-12 13:37 - 2019-06-12 13:37 - 000020492 _____ () C:\Users\Administrator.DOMAIN\AppData\Local\dd_vcredistUI5179.txt
2021-07-04 08:56 - 2023-09-07 01:15 - 000007612 _____ () C:\Users\Administrator.DOMAIN\AppData\Local\Resmon.ResmonCfg
2022-06-08 10:30 - 2022-06-08 10:30 - 000009594 _____ () C:\Users\Administrator.DOMAIN\AppData\Local\TempWER-1686917531-0.sysdata.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2023-09-07 00:54
==================== End of FRST.txt ========================

ADDITION.txt Result

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by Administrator (07-09-2023 13:24:49)
Running from C:\FXBT
Microsoft Windows Server 2016 Standard Version 1607 14393.6167 (X64) (2019-03-11 16:21:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1340496916-2443306667-3607100825-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1340496916-2443306667-3607100825-503 - Limited - Disabled)
Exa (S-1-5-21-1340496916-2443306667-3607100825-1000 - Administrator - Enabled)
Gast (S-1-5-21-1340496916-2443306667-3607100825-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{50229C72-539F-4E65-BEB5-F0491C5074B7}) (Version: 22.2.1 - HP Inc.) Hidden
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced IP Scanner 2.5 (HKLM-x32\...\{CB67C185-D2DF-455E-B9B7-00C8E505186F}) (Version: 2.5.3850 - Famatech)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.1 - Sereby Corporation)
DAISY (HKLM-x32\...\{01AD420B-8BA0-4D88-84DE-2393BCB23792}) (Version: 14.11.19 - DAISY Akademie + Verlag GmbH)
DAMPSOFT auf Laufwerk Z,R (HKLM-x32\...\Dampsoft) (Version:  - )
DAMPSOFT DS-SERVER auf Laufwerk D (HKLM-x32\...\DSServer) (Version:  - )
Datext DeLaKom Client (HKLM-x32\...\Datext.DeLaKomServiceManager_is1) (Version: 2.5.1.7 - Datext iT-Beratung GmbH)
Datext DeLaKom LIGHT (HKLM-x32\...\Datext DeLaKom LIGHT_is1) (Version: 1.4.1.2 - Datext iT-Beratung GmbH)
DBSWIN (HKLM-x32\...\DBSWIN) (Version: 5.15.1 Build 15316 - DUERR DENTAL AG)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
Driver Setup (HKLM-x32\...\VCamDigital) (Version:  - DUERR DENTAL AG)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.179 - Google LLC)
Java 8 Update 251 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
MedicalEDA (HKLM-x32\...\{8E8B2562-2459-44EF-BFC4-423918968C40}) (Version: 2.1.13.0 - Softdent)
MELAG FTP Server [FTP-Server und Serververwaltung] (HKLM-x32\...\{4F32CA2A-D049-4607-88D1-35C4F15E4232}_is1) (Version: 2.2.0.2 - MELAG Medizintechnik oHG)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Excel MUI (German) 2016 (HKLM-x32\...\{90160000-0016-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2016 (HKLM-x32\...\{90160000-00BA-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}) (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM-x32\...\{90160000-001F-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2016 (HKLM-x32\...\{90160000-00E1-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2016 (HKLM-x32\...\{90160000-00E2-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2016 (HKLM-x32\...\{90160000-002C-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2016 (HKLM\...\{90160000-002A-0407-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2016 (HKLM-x32\...\{90160000-006E-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM-x32\...\{90160000-0012-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM-x32\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneNote MUI (German) 2016 (HKLM-x32\...\{90160000-00A1-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2016 (HKLM-x32\...\{90160000-001A-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2016 (HKLM-x32\...\{90160000-0018-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2016 (HKLM-x32\...\{90160000-0019-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RsFx Driver (HKLM\...\{E62D73B2-78F3-4009-BA70-79B14B3BC4F0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.13.26020 (HKLM-x32\...\{895D5198-C5DB-375E-86AB-133F4DAA9FE2}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.13.26020 (HKLM-x32\...\{8F271F6C-6E7B-3D0A-951B-6E7B694D78BD}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Word MUI (German) 2016 (HKLM-x32\...\{90160000-001B-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.5.6 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.71 - Nmap Project)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PA-Konzepte Server Version 1.7.8 (HKLM-x32\...\PA-Concepts Server_is1) (Version: 1.7.8 - PA-Konzepte Voice GmbH)
PA-Konzepte Version 1.7.10 (HKLM-x32\...\PA-Concepts_is1) (Version: 1.7.10 - PA-Konzepte Voice GmbH)
praxis-upgrade  (HKLM-x32\...\{9C803808-9953-421C-A571-32DA6FC24B65}) (Version: 1.9.0.300 - TecWare GmbH)
RISE-KIM-Clientmodul 1.6.1-CMI-DS-PU (HKLM\...\5676-2101-3398-5821) (Version: 1.6.1-CMI-DS-PU - RISE)
Sirona SIDEXIS XG (HKLM-x32\...\{9E2FFEE1-6A38-4A33-A351-481AEE06C7BC}) (Version: 2.6.3.0 - Sirona Dental Systems GmbH)
Sophos AMSI Protection (HKLM\...\{0EA5323F-DE1B-480C-911E-7827E5EA20E9}) (Version: 1.9.2098 - Sophos Limited) Hidden
Sophos AutoUpdate (HKLM\...\{0877470A-EA34-42E2-920A-495E92386A0C}) (Version: 6.15.1417 - Sophos Limited) Hidden
Sophos Diagnostic Utility (HKLM\...\{8078549C-CFF0-48C5-9B77-6BA48A14673D}) (Version: 6.15.1417 - Sophos Limited) Hidden
Sophos Endpoint Agent (HKLM\...\{258F3C41-B03D-478A-8972-50F14E02841E}) (Version: 2.9.564 - Sophos Limited) Hidden
Sophos Endpoint Agent (HKLM\...\Sophos Endpoint Agent) (Version: 2023.1.2.3 - Sophos Limited)
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 3.1.3.2282 - Sophos Limited) Hidden
Sophos Endpoint Firewall (HKLM\...\{2831282D-8519-4910-B339-2302840ABEF3}) (Version: 2.3.93 - Sophos Limited) Hidden
Sophos Endpoint Self Help (HKLM\...\{4EFCDD15-24A2-4D89-84A4-857D1BF68FA8}) (Version: 3.4.530.0 - Sophos Limited) Hidden
Sophos Exploit Prevention (HKLM\...\{866151B2-E14E-40E0-B6D9-64B1D428F5CB}) (Version: 3.9.1.2325 - Sophos Limited) Hidden
Sophos File Integrity Monitoring (HKLM\...\{425063CE-9566-43B8-AC61-F8D182828634}) (Version: 1.0.3.449 - Sophos Limited) Hidden
Sophos File Scanner (HKLM\...\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}) (Version: 1.11.3.530 - Sophos Limited) Hidden
Sophos Health (HKLM-x32\...\{5E8436D5-3688-4007-94C7-55D017275F89}) (Version: 2.12.883 - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.19.550 - Sophos Limited) Hidden
Sophos ML Engine (HKLM\...\Sophos ML Engine) (Version: 1.8.25.1 - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{2D2A1891-4657-4E6F-9373-BFCE4C9AC5BA}) (Version: 1.17.3508 - Sophos Limited) Hidden
Sophos Standalone Engine (HKLM\...\Sophos Standalone Engine) (Version: 3.88.0.81 - Sophos Limited) Hidden
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{9E83BB26-ACD3-442A-87FE-EB3B28E06AAE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{B3FD71B4-524A-4377-BEB2-C2DB819A304F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{C8511A82-E9FD-4B6D-B1B2-378589D2B48A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{D45C3EC4-282E-4798-98C7-E7BF2362F04E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{4D261997-B65F-4141-836C-0CE3D8D93431}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM-x32\...\{90160000-001F-0410-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer Host (HKLM-x32\...\TeamViewer) (Version: 15.45.3 - TeamViewer)
TreeSize Free V4.5.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.5.2 - JAM Software)
Update for Skype for Business 2016 (KB5002106) 32-Bit Edition (HKLM-x32\...\{90160000-0012-0000-0000-0000000FF1CE}_Office16.STANDARD_{6B44CEF7-ECA7-4132-8D18-BD92DE0DC48F}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB5002106) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.STANDARD_{6B44CEF7-ECA7-4132-8D18-BD92DE0DC48F}) (Version:  - Microsoft)
VistaEasy (HKLM-x32\...\VScan) (Version: 5.15.1 Build 15316 - DUERR DENTAL AG)
VistaPano version 1.4.1.3 (HKLM-x32\...\VistaPano_is1) (Version: 1.4.1.3 - )
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinSCP 5.19.4 (HKLM-x32\...\winscp3_is1) (Version: 5.19.4 - Martin Prikryl)
Wireshark 4.0.2 64-bit (HKLM-x32\...\Wireshark) (Version: 4.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [SophosUIShellExt] -> {2F08133C-3011-427C-8F50-2914253782B1} => C:\Program Files\Sophos\Sophos UI\SophosUIShellExt.dll [2023-09-03] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [File not signed]
ContextMenuHandlers2: [SophosUIShellExt] -> {2F08133C-3011-427C-8F50-2914253782B1} => C:\Program Files\Sophos\Sophos UI\SophosUIShellExt.dll [2023-09-03] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [SophosUIShellExt] -> {2F08133C-3011-427C-8F50-2914253782B1} => C:\Program Files\Sophos\Sophos UI\SophosUIShellExt.dll [2023-09-03] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [SophosUIShellExt] -> {2F08133C-3011-427C-8F50-2914253782B1} => C:\Program Files\Sophos\Sophos UI\SophosUIShellExt.dll [2023-09-03] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [193536 2016-07-16] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [vidc.LEAD] => LCODCCMP2.DLL*

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-09-20 09:52 - 2018-09-20 09:52 - 000011264 _____ () [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Admin\Onlinedienste.Update.v1.Client.35.dll
2018-09-20 09:52 - 2018-09-20 09:52 - 000011776 _____ () [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Admin\Onlinedienste.Update.v1.Model.35.dll
2023-05-31 08:30 - 2023-05-31 08:30 - 000226304 _____ () [File not signed] [File is in use] C:\Users\Remote-MK\AppData\Local\TecWare\Admin.Client.Cache\PU.Controls.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 001328128 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CK.Ivoris.Common.Barcode.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 006397952 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CK.Ivoris.Common.iCal.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 001484288 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\Ck.ModuleHost.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 003973632 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CkExport.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 000148992 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CrashRpt1404.dll
2023-09-07 01:00 - 2023-09-07 01:00 - 000302080 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KZBV\20233\AMZ_KBR.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 000273920 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KZBV\20233\AMZ_KCH.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 000337408 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KZBV\20233\AMZ_KFO.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 000190976 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KZBV\20233\AMZ_PAR.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 000207360 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KZBV\20233\AMZ_ZE.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 000093696 _____ () [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KZBV\20233\KNR12.DLL
2019-03-13 09:18 - 2008-06-20 01:41 - 000062464 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 000504832 _____ () [File not signed] D:\DSSERVER\bin\pcre.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 000208896 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\bin\libapr-1.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 000036352 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\bin\libapriconv-1.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 000276992 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\bin\libaprutil-1.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 000436736 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\bin\libhttpd.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 000020992 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_alias.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000023552 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_authz_core.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000016896 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_authz_host.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000025600 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_cgi.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000015360 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_dir.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000013824 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_env.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000022528 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_headers.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000048128 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_include.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000028672 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_info.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000031744 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_log_config.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000022528 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_mime.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000035840 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_negotiation.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000063488 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_rewrite.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000018432 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_setenvif.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000024576 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_socache_shmcb.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000180736 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_ssl.so
2022-02-21 16:59 - 2022-02-21 16:59 - 000027136 _____ (Apache Software Foundation) [File not signed] D:\DSSERVER\modules\mod_status.so
2023-09-04 16:45 - 2023-09-04 16:44 - 001513984 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\awt.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000051200 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\fontmanager.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000531456 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\freetype.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000741376 _____ (BellSoft) [File not signed] c:\program files\rise-kim-clientmodul\jre\bin\harfbuzz.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000145920 _____ (BellSoft) [File not signed] c:\program files\rise-kim-clientmodul\jre\bin\java.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000024064 _____ (BellSoft) [File not signed] c:\program files\rise-kim-clientmodul\jre\bin\jimage.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000018432 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\management.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000025088 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\management_ext.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000083968 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\net.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000055808 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\nio.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000014848 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\prefs.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 011526656 _____ (BellSoft) [File not signed] c:\program files\rise-kim-clientmodul\jre\bin\server\jvm.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000139264 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\sunec.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000036352 _____ (BellSoft) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\sunmscapi.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000045056 _____ (BellSoft) [File not signed] c:\program files\rise-kim-clientmodul\jre\bin\verify.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000074752 _____ (BellSoft) [File not signed] c:\program files\rise-kim-clientmodul\jre\bin\zip.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 009064960 _____ (Computer konkret AG) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CkControls.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 011521024 _____ (Computer konkret AG) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CkUtils.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 000381440 _____ (Computer konkret AG) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CkXML.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 020505600 _____ (Computer konkret AG) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\DAL.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 002542080 _____ (Computer konkret AG) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\DataTypes.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 002116096 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\BASICS.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 004130304 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\BEFUND.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 001032704 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CkDBF.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 001203712 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\CkDBFTypes.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 012787200 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KATALOGE.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 009290240 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\KBR.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 008786944 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\LABOR.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 014709760 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\objects.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 010267648 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\PARO.dll
2023-09-07 01:00 - 2023-09-07 01:00 - 000079872 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\Resources\0x0407\BASICS.0x0407.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 000080384 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\Resources\0x0407\BEFUND.0x0407.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 020185088 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\Resources\CKBITMAPS.Resource.DLL
2023-09-07 01:00 - 2023-09-07 01:00 - 000769536 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\Resources\STBITMAP.Resource.DLL
2023-09-07 00:59 - 2023-09-07 00:59 - 002518016 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\Settings.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 011530240 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STATISTIK.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 010112000 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STBOOKS.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 015403520 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STCOMMON.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 017978880 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STCONTROLS.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 010554368 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STDEBIT.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 012158464 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STDENTAL.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 004256256 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STFIBU.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 011636224 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STKFO.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 008200704 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STMAWI.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 009431552 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STPRUEF.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 009675264 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STTERMIN.dll
2023-09-07 00:59 - 2023-09-07 00:59 - 023001600 _____ (Computer konkret AG) [File not signed] C:\Program Files (x86)\praxis-upgrade\Instances\CKTWHEALTH\DentalSoftware\STOMAWIN\STWINDOW.dll
2019-06-12 13:45 - 2019-04-08 15:37 - 000249856 _____ (DÜRR DENTAL SE) [File not signed] C:\Program Files (x86)\Duerr\Server\dd_tools.dll
2019-06-12 13:45 - 2019-04-08 15:37 - 000030720 _____ (DÜRR DENTAL SE) [File not signed] C:\Program Files (x86)\Duerr\Server\ddconfig.dll
2019-06-12 13:45 - 2019-04-08 15:37 - 000249856 _____ (DÜRR DENTAL SE) [File not signed] C:\Program Files (x86)\Duerr\Share\dd_tools.dll
2019-06-12 13:45 - 2019-04-08 15:37 - 000030720 _____ (DÜRR DENTAL SE) [File not signed] C:\Program Files (x86)\Duerr\Share\ddconfig.dll
2019-06-12 13:45 - 2019-06-12 13:45 - 000552960 _____ (Firebird Project) [File not signed] C:\Program Files (x86)\Duerr\FBS\bin\fbclient.dll
2019-02-01 23:42 - 2019-02-01 23:42 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2019-02-01 23:42 - 2019-02-01 23:42 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2019-06-12 13:45 - 2019-06-12 13:45 - 001568768 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\Duerr\FBS\bin\icudt30.dll
2019-06-12 13:45 - 2019-06-12 13:45 - 000675840 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\Duerr\FBS\bin\icuuc30.dll
2020-09-22 02:57 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-09-07 11:50 - 2023-09-07 11:50 - 000254464 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Administrator.DOMAIN\AppData\Local\Temp\2\jna-146731693\jna2158873207624783075.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000264704 _____ (N/A) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\glass.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000067072 _____ (N/A) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\javafx_font.dll
2023-09-04 16:45 - 2023-09-04 16:44 - 000125440 _____ (N/A) [File not signed] C:\Program Files\rise-kim-clientmodul\jre\bin\prism_d3d.dll
2018-09-20 09:52 - 2018-09-20 09:52 - 000366592 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Admin\Newtonsoft.Json.dll
2018-09-20 09:52 - 2018-09-20 09:52 - 000208896 _____ (TecWare Gesellschaft für Softwareentwicklung) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Admin\Tw.Core.dll
2018-09-20 09:52 - 2018-09-20 09:52 - 000009728 _____ (TecWare Gesellschaft für Softwareentwicklung) [File not signed] [File is in use] C:\Users\Remote-MK\AppData\Local\TecWare\Admin.Client.Cache\de\Tw.GUI.resources.dll
2018-09-20 09:52 - 2018-09-20 09:52 - 000208896 _____ (TecWare Gesellschaft für Softwareentwicklung) [File not signed] [File is in use] C:\Users\Remote-MK\AppData\Local\TecWare\Admin.Client.Cache\Tw.Core.dll
2018-09-20 09:52 - 2018-09-20 09:52 - 000458752 _____ (TecWare Gesellschaft für Softwareentwicklung) [File not signed] [File is in use] C:\Users\Remote-MK\AppData\Local\TecWare\Admin.Client.Cache\Tw.GUI.dll
2023-05-31 08:30 - 2023-05-31 08:30 - 000046592 _____ (TecWare GmbH) [File not signed] [File is in use] C:\Program Files (x86)\praxis-upgrade\Admin\Admin.ClLib.dll
2023-05-31 08:30 - 2023-05-31 08:30 - 000046592 _____ (TecWare GmbH) [File not signed] [File is in use] C:\Users\Remote-MK\AppData\Local\TecWare\Admin.Client.Cache\Admin.ClLib.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 003396608 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\DSSERVER\bin\libcrypto-1_1-x64.dll
2022-02-21 16:59 - 2022-02-21 16:59 - 000681472 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\DSSERVER\bin\libssl-1_1-x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos File Scanner Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Maintenance Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Service => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.hpe.com/info/proliantwindows
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hpe.com/info/proliantwindows
HKU\S-1-5-21-1340496916-2443306667-3607100825-500\Software\Microsoft\Internet Explorer\Main,Start Page = www.hpe.com/info/proliantwindows
HKU\S-1-5-21-1340496916-2443306667-3607100825-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hpe.com/info/proliantwindows
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2023-09-03] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 15:23 - 2019-03-15 22:24 - 000000972 _____ C:\Windows\system32\drivers\etc\hosts
192.168.235.10    zp-dc1.DOMAIN.local
192.168.235.11    zp-exc1.DOMAIN.local
192.168.235.12    zp-rds1.DOMAIN.local
192.168.235.13    zp-fs1.DOMAIN.local

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Duerr\Share;C:\ProgramData\chocolatey\bin;
HKU\S-1-5-21-1340496916-2443306667-3607100825-500\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3788489271-2711247836-2933129611-2124\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-3788489271-2711247836-2933129611-500\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-80-1184457765-4068085190-3456807688-2200952327-3769537534\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-209823048-1421131508-2570903860-1432561550-2402544937\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.240.11 - 192.168.240.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is disabled.

Network Binding:
=============
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) C:\Windows\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe => No File
FirewallRules: [{2B894F1B-8A6D-4C9A-8416-A76B8327D289}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4FFC1880-8BD0-4DA2-A630-679551867D70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4E10345F-E79C-4E23-A44A-31A31BBDE314}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A0599DEC-DE15-4F7A-A020-5CCE982E7B5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [SessionDirectoryService-In-TCP] => (Allow) C:\Windows\system32\tssdis.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SessionDirectoryService-RPCSS-In-TCP] => (Allow) C:\Windows\system32\tssdis.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SessionDirectoryService-WMI-Out-TCP] => (Allow) C:\Windows\system32\tssdis.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{67A75E15-46AA-488A-BA89-FE71CBE2AA35}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL12.CKTWHEALTH\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1BFDBC4E-1DC9-473B-9DB4-7E6B44813764}] => (Allow) LPort=3052
FirewallRules: [{9F855A3C-9D7F-4C6C-A9AD-9156B3B1F760}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL12.PDATA_SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45EF4456-0432-4A79-81FE-D8C57006D838}] => (Allow) LPort=1434
FirewallRules: [{A35B25AC-662B-4509-A777-85EDC243111C}] => (Allow) C:\Sidexis\Sidexis.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{602C658C-C40D-42C1-8E6F-7334E5411416}] => (Allow) C:\Sidexis\Sidexis.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{80B3278F-0CD0-4090-8215-52CD1649411C}] => (Allow) C:\Sidexis\SiConst\SIDEXIS.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{EB381EAD-1FE2-43FC-B5E4-ABC3DC03CCF3}] => (Allow) C:\Sidexis\SiConst\SIDEXIS.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{5EF13E67-75FB-44B3-B494-7CDDF6D94E28}] => (Allow) C:\Sidexis\SiXABCon.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{65D229DA-F5CA-4F43-9A87-1AC87E53CDD1}] => (Allow) C:\Sidexis\SiXABCon.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{9CDBADF4-27FE-42E3-B75F-858190613147}] => (Allow) C:\Sidexis\SiRescue.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{651C30CD-91F0-43B3-8B8E-0B301DD4503C}] => (Allow) C:\Sidexis\SiRescue.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{E17A3E87-8BE5-4C38-854D-9ED6779C8450}] => (Allow) C:\Sidexis\XGNetDeploy.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{6A0579E9-70E8-46B5-9BC0-A747FCA39B93}] => (Allow) C:\Sidexis\XGNetDeploy.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{3CFA7BAD-B0E6-41E0-A456-142078932BF4}] => (Allow) C:\Sidexis\NGDbMan.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{ABC76961-7DE5-4AC1-93AA-EA55B421676D}] => (Allow) C:\Sidexis\NGDbMan.exe (Sirona Dental Systems GmbH) [File not signed]
FirewallRules: [{B0D6CD30-ABED-4712-A86D-35CFDAD87366}] => (Allow) LPort=21
FirewallRules: [{21C375BD-FFAE-45A5-8F2B-1E5B6D023F5B}] => (Allow) LPort=52837
FirewallRules: [{5AF2BE0E-9143-4C49-BF8E-9D3686A50B3B}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{864A8E2A-7D8A-4D2D-BFAA-41364144C595}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{2BAA6290-DA7F-4232-A8D7-2F1BB93B2A4D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{5EA4D957-06A1-4E02-B58E-53B3658F3F5C}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{13B99BCF-7D54-4E43-B10C-A9067C2237BC}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{6BAD3AD1-0B8D-4252-8665-0116F27632BE}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{12814861-47E0-497B-A69C-460BA764FF0E}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{19C49216-0E70-43DA-B4BE-843069EC217F}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{9D6E34F4-744E-4542-A748-69181F613F05}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{F2A1AEA3-745F-4EEC-9F5D-23C8E2426FC2}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{1D90BF6E-EA82-4B41-833A-125EB00FE279}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{F6E4DF05-8BA3-419C-B709-6531A0E2BA0A}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{5D2A854E-7CD9-4EEF-9835-3C1521D1042C}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{A1181347-C673-400D-9D59-6F2746CE1A4A}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{98844147-B769-4D5A-8DE7-37A0EB8B5ECC}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{A9853A51-51D1-4ED9-9FB4-284373CB52E3}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{A9C6B5A8-0E72-496E-B8D7-008B9A848B89}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7AE50AEE-33FE-48DD-8E22-BBE841AB22AC}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{CCD5AA0C-A341-473B-A1B3-ACE7E93D8B9A}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{06B2EBC1-B8BA-4C00-81CE-7ACCFEB8754D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{539EFEEC-40B0-4DA9-99F4-CEF4FDA32901}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{E72C8C7B-28B2-4706-904A-FBEE068EA114}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{9FF66B23-CDC8-44A0-A9C4-B0AB773CB7EF}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7FAFE079-7903-4D03-B588-3305920B6BF3}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{4CBEBE5B-0CA3-4231-A26F-9B258DF2BDE5}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{324E5899-816E-4610-986A-F3D8C862590D}] => (Allow) C:\Datext\DeLaKom\DeLaKom.exe (DATEXT Beratungsges. fuer Daten- und Textverarbeitung mbH -> Datext GmbH)
FirewallRules: [{733707CB-BE3E-44F4-9E2C-DABD8B51F1CD}] => (Allow) C:\Datext\DeLaKom\DeLaKom.exe (DATEXT Beratungsges. fuer Daten- und Textverarbeitung mbH -> Datext GmbH)
FirewallRules: [{174B2B6B-0E5B-44FA-B7EA-515BBA5E6931}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{6411168B-DC4D-47FE-957D-6BA82B0167E4}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{FAF475A9-D111-4FCF-9F2F-57E7B2CFA70F}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{FF8D0250-2FE8-43DE-8578-CC6254108A75}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{92E35955-4166-47D1-BDF2-335D85A648CF}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{36AAFF7F-37DC-4FEC-94F3-E7E73FD767F8}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{E7A0CFB4-67F3-4973-9909-3A82AE6B6222}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{8BBF36FD-3AAD-4D70-BB0C-262A2E31815D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{33828D23-C66E-4443-B9B5-9F388E325483}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{931DD5CC-2535-42AC-8DD0-1037784E67F8}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{B8804671-88F3-458F-AB4D-25B766D88B5D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{3C6DC9A6-26C3-4A7E-903C-A48FE05A7FF3}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{9DFDED97-8BB1-4DB0-8690-8168CEBD81B1}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{EF3CF921-ABC7-4BB1-BE30-7E82AED15B12}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{2CE943D8-31E8-4E58-8A4C-25F14B82ED73}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{8F319DBD-C5F4-49C7-9EE5-C9A8E55BBD73}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{2FE5F03C-67FC-4DD3-80B3-FAB1F8468121}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{B2B4B3E9-DC98-44BB-85F6-F87F9EF41FA3}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{3EE00435-2DB7-4B82-B902-C9055F2C4F22}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{BCD1068D-4C19-45C0-AD0A-905A96411293}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7CF93B55-AED6-45F6-8AFB-3307AE9401C4}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{EF4C4193-77EA-4E45-8BAE-40C0AF6FE321}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{E3F3342F-6BE8-49D9-99E6-A65FD640DF6C}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{E1E5D676-E997-4821-B0B3-F16C9319B6EA}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{090DF77E-27B0-4DF0-BAAF-1CE87F54A2C5}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{4A0535D1-27FD-4520-84EE-7511C7A97C7D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{B47E6ACA-389F-49AE-8176-6374F946C1F9}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{71B52EC7-E83F-4DCD-81AD-A2EE45960A17}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{B5FE64A0-3CCD-4289-81CF-965E32E58FFF}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{BB0B2FBB-062C-4731-9A65-BC538BD82489}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{B72C6056-DA9E-49DE-BD80-E4022DCB35A1}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{85F8C847-45C9-41DF-B9BF-6B3D540F6319}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7DFB8AE7-CF45-43CE-AFAE-C2C2842FE49D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{498975D7-FF4A-4A13-B871-756B0457B405}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{CB21AEBF-0FE6-4238-B4AE-00387B8D363D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{0852A781-8EF3-483D-89F8-84809BEAEC47}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{B501C7CD-CB55-47D0-9011-9389335B6B43}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{2066428B-3E3F-41B7-B573-42712AE30451}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{C5A86C37-B21B-4E3B-B0EF-BB4B708648EC}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{FA29B363-713B-4DF2-9B41-F96E92EA6620}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{AD6028E5-D6B3-41A6-B275-DB67B26691CE}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{3ADCA2F5-55D8-4310-B8C8-D95DD5DE75A4}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{3B1AFCE6-FDF3-4014-9BF2-99A613BA77BC}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{0FA63A1A-8B40-47B8-B702-2A290D02C687}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{42EDD03D-07F1-4AC1-ABF2-8DEB16E9EEBD}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{6C9E6776-2A12-4301-9965-BCEDE4BB8A4D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{718264AC-C7D5-4A6B-919C-05878169CA56}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{C665046F-F018-4000-B632-43FABB0056D5}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{42730252-7F3D-401E-9E8C-87E8B332F350}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{FC54D308-E3B0-4265-A9A5-E8460587BE07}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{F74A5181-AF52-4A88-ACD2-893E546A26CD}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{822FC542-6984-44BB-B170-A9F50B75DDBB}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{8ECD3357-62AE-42C3-AE81-4C216A98DB8C}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{41F419F7-1A7C-45AB-AF91-3945B9BA02FB}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{9D07EB76-9427-44F0-86EB-DF007D356C74}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{502DC43F-75E1-454C-B7F1-6AB4D4A82ABB}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{54AAD969-81E4-49C6-9719-47081E29EC86}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{D06542CB-3499-4876-B548-828018672BF5}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{767ED6A2-9C9A-4971-B05F-922BF2B2A457}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{B9CB8D81-1684-4818-9673-4A6DC480AD15}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{81A6C6BB-F23C-46EB-868F-76459679D4D9}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{375F88AB-70DA-445F-A5CF-9233E966959A}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{DDE5127D-22B3-49DB-953A-49212AACBB3B}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{DF399D5F-7A29-4BAD-8CFA-F7015F6617D2}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{31B1946A-56BF-40C2-B443-9C802283DB71}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{11E815EF-DEB3-4CA6-8DFC-0FFCC9E36D72}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{9BEB8599-3D15-4885-B77F-5D7DBAC50A29}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{C720007B-A7C9-4F22-9822-2EC749E70A69}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{EB3CFB62-7805-4A5E-AD30-7C383279BA86}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{754972A2-F07A-4F12-82EC-7DB500C5115C}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7D169A8C-4E00-49AF-9973-4EBE5FA2CE95}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{F7D5B557-FDAC-4602-93A7-B7687514615F}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{DCFBE042-8691-44BC-A460-A2C8E22B6B40}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{8B0D45CD-D46D-4A61-9D75-91EC1CD8D6E7}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{DC95F8E9-FD9B-4E32-8D75-5F504AAD51D2}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{80E14768-294C-44A0-A85C-DD3CAAA4D856}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{6F0ABBD3-3BD7-45DC-9F3E-1B0B5099DB1D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{2BAD8229-BC6A-4176-9564-88B8FE0EC324}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{BC98F040-FB3E-4949-A1C0-22EED84CBF2F}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{EBE7FE3A-FE13-47A0-B997-4AB56BE80504}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{A7532658-1B92-4615-9B17-E316C462A879}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{1A7D7D36-D352-4CA4-B371-99D056DDF8F0}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{938CAC7B-FFC4-45F4-B1C8-3C478C528E2F}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{AC827219-CB8E-470F-A2DA-0F2E79F8EA43}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{BF1FA881-B035-4E35-9B06-8A9860823B56}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{1DD0E57E-CA49-4E8D-BAAF-D7B7A316F610}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{11C54AA4-6AC1-4B25-B2AB-CA1043B976F9}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7676B355-83FA-47E4-9CC7-A5571FB7DAD9}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{735C819D-C746-449B-98B8-741481BF5BA9}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{87B3B39E-9CB9-489C-89D1-73C6E4E3C11A}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{21C5FE97-24E6-4CDC-8921-85D94EE6163C}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{E44CD0D8-F9F5-4623-9AFB-2F09310A4B68}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7F37DF5D-1987-497B-A90A-2B0072F4636D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{38808DBE-08EB-49CB-93D4-D3E9F8DFBE33}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{4264AA43-2C23-4BD2-8F5F-6FA437ADC737}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{060242D4-357D-49A3-A4D9-081EE8193911}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{F213F6B1-A6D8-44A7-94B8-C32430F4615D}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{D7B25876-F40B-4945-82A5-11EDAD88796F}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{546A8D0B-19B2-43EA-94D2-C58E9AA2797E}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{F3E18AF9-F5DF-43D1-B9E7-7BFC56A20218}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{553C9F53-90B2-45EF-91FD-A3EC2C5AAB8E}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{5F32CC48-F284-46C0-80CB-7B626C00A2B4}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{0B8192FB-CA2E-4972-AE51-1B0803118B9B}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{1A8ECF18-D0E0-4858-AB49-E28CC2514408}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7CCB77CF-1A80-4D4A-8158-682D1C592E82}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{0711AADB-8B99-40C2-BCD0-EF6EBF978846}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{01FBC916-F0D1-4D55-AF5F-EEE7C496086B}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{6D36A4F9-6502-4196-AD41-0B4A6694A64E}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{D9F50645-A306-465F-9D3F-0135CABD1BCD}] => (Allow) C:\Program Files\rise-kim-clientmodul\rise-kim-clientmodul.exe () [File not signed]
FirewallRules: [{F0FE6F9F-3CD2-4DC9-8B63-0DD2ABD87E48}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{5F855C3F-E671-42C4-8784-159038B99C64}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{FCA63EA0-76CD-4571-9D43-D39009447CBC}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{637BBCFB-F7EF-44CF-B0A7-5F3990C34DF0}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{100E056D-7385-41F9-B3B3-36812801B190}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{80683468-AF13-40C4-B854-18CDC24610CD}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{2DC1275A-7AB8-4A55-BA79-54D161D6715C}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{83A57390-25EB-4F4B-97A2-EFD9F71C08E0}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{A6A184B6-93B0-485A-9411-88911898CC24}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{556648F6-83EB-4DF5-B249-0F3488A2C941}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{7D7BC6A9-7234-4F77-B04E-6D52FB6AC422}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{14D5CC29-6DFF-4856-926B-A8D96B1A3A4B}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{8C9257D7-046D-4438-83D7-B88C838EEB2B}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{415040C1-353F-46CD-BD08-785CA30FFF81}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{674B0BE2-90ED-4C25-AA13-699C88F9E008}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{BCEA88FE-E13B-4D86-9DB0-872B66313370}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{F57BD0D5-956E-4745-A2D8-6CDDBB8A6391}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{01FA3ADB-9C16-4CF1-9968-8AAE042B0881}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{5D70C734-024D-4078-BEFB-B4B18D3F79F5}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{AF0766AA-08BD-4195-9EFD-B6634089FB8E}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{938F0D6F-FDDB-4EF3-BEDD-C05563886347}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{82DD9A20-E1A6-4DE3-BA24-3CDF4A19C3F8}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{6A02B05E-073D-4495-918A-CEB27A30D357}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{A87C5F19-B908-4B37-85D2-506CA3527A26}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{0176CB7D-C077-4BB9-88B2-181067CEB3D6}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{80EDF4E0-2750-47F9-9E32-1F5EF37B5A45}] => (Allow) C:\Program Files (x86)\PAConceptsServer\PAConceptsServer.exe () [File not signed]
FirewallRules: [{DF677C45-29A2-4C4A-8D9E-3B4C14E559A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DEAE066E-AFB1-4891-85E0-0F28F1B6A347}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DFA22FA0-1DC4-4115-8988-7CCFA8FF9209}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{52A411AC-58E0-4011-91FA-D5B8867496D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) C:\Windows\system32\dfsrs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D696584B-0E03-43E3-B02E-8AD3F8B0F832}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:393.61 GB) (Free:297.95 GB) (76%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/07/2023 01:18:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 116.0.5845.179 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 35f0

Startzeit: 01d9e17cfd850332

Beendigungszeit: 2

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 48216ea0-4d70-11ee-b5cd-00155d966204

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (09/07/2023 01:13:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Stomawin.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
   bei <Module>.WinMain(HINSTANCE__*, HINSTANCE__*, SByte*, Int32)
   bei <Module>._WinMainCRTStartup()

Error: (09/07/2023 11:59:54 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Praxis-Management-Software wurde wegen dieses Fehlers geschlossen.

Programm: Praxis-Management-Software
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
User Action
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
    - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
    - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000020C
Datenträgertyp: 0

Error: (09/07/2023 11:59:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dsprg.exe, Version: 1.3.11.2907, Zeitstempel: 0x64bfa348
Name des fehlerhaften Moduls: general.dll, Version: 1.3.11.2907, Zeitstempel: 0x64bfa2d2
Ausnahmecode: 0xc0000006
Fehleroffset: 0x015808bf
ID des fehlerhaften Prozesses: 0x3374
Startzeit der fehlerhaften Anwendung: 0x01d9e1718c9a7caa
Pfad der fehlerhaften Anwendung: R:\TDAMP\DS\dsprg.exe
Pfad des fehlerhaften Moduls: R:\TDAMP\DS\general.dll
Berichtskennung: 8afd840e-ced7-4cc2-9141-45e75a7032a4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/07/2023 11:50:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "R:\TDAMP\DS\setupClient.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8.manifest.

Error: (09/07/2023 11:48:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: procrun.exe, Version: 1.0.15.0, Zeitstempel: 0x51543b87
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.5980, Zeitstempel: 0x6459bab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000477fb
ID des fehlerhaften Prozesses: 0xd44
Startzeit der fehlerhaften Anwendung: 0x01d9e1133766f062
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\PAConceptsServer\procrun.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 7604c24b-a06b-4998-8c70-d99e6572523b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/07/2023 11:48:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_OneSyncSvc_454dce2, Version: 10.0.14393.5582, Zeitstempel: 0x63882425
Name des fehlerhaften Moduls: aphostservice.dll, Version: 10.0.14393.4169, Zeitstempel: 0x5ff78dd6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000082ab
ID des fehlerhaften Prozesses: 0x2c24
Startzeit der fehlerhaften Anwendung: 0x01d9e14cc8c46c5c
Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad des fehlerhaften Moduls: c:\windows\system32\aphostservice.dll
Berichtskennung: 65d595ac-7450-4cfd-847c-a231394a5503
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/07/2023 11:32:21 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Praxis-Management-Software wurde wegen dieses Fehlers geschlossen.

Programm: Praxis-Management-Software
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
User Action
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
    - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
    - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000020C
Datenträgertyp: 0


System errors:
=============
Error: (09/07/2023 11:56:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/07/2023 11:55:57 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/07/2023 11:50:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/07/2023 11:48:34 AM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT SERVICE\MSSQL$PDATA_SQLEXPRESS" (SID: S-1-5-80-209823048-1421131508-2570903860-1432561550-2402544937) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/07/2023 11:48:34 AM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT SERVICE\MSSQL$MICROSOFT##WID" (SID: S-1-5-80-1184457765-4068085190-3456807688-2200952327-3769537534) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/07/2023 11:48:34 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (09/07/2023 11:48:14 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 und der APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/07/2023 11:48:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "PA-Konzepte Serverdienst" wurde mit dem folgenden dienstspezifischen Fehler beendet:
Das System kann einem Verzeichnis auf dem gleichen Laufwerk kein Laufwerk mit JOIN oder SUBST zuordnen.


==================== Memory info ===========================

BIOS: Microsoft Corporation Hyper-V UEFI Release v4.1 12/03/2020
Motherboard: Microsoft Corporation Virtual Machine
Processor: 12th Gen Intel(R) Core(TM) i9-12900F
Percentage of memory in use: 20%
Total physical RAM: 32766.94 MB
Available physical RAM: 26158.69 MB
Total Virtual: 37630.94 MB
Available Virtual: 29229.7 MB

==================== Drives ================================

Drive c: (Bootpart) (Fixed) (Total:393.61 GB) (Free:297.95 GB) (Model: Microsoft virtueller Datenträger) NTFS
Drive d: (Datapart) (Fixed) (Total:1105.84 GB) (Free:523.01 GB) (Model: Microsoft virtueller Datenträger) NTFS
Drive i: (Datapart) (Network) (Total:1453.51 GB) (Free:797.94 GB) (Model: Microsoft virtueller Datenträger) NTFS
Drive m: () (Network) (Total:1105.84 GB) (Free:523.01 GB) (Model: Microsoft virtueller Datenträger)
Drive u: () (Network) (Total:1105.84 GB) (Free:523.01 GB) (Model: Microsoft virtueller Datenträger)

\\?\Volume{ddf46d62-b73c-4994-8284-d898aee20a88}\ (Wiederherstellung) (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1500 GB) (Disk ID: 0BFA3CEC)

Partition: GPT.

==================== End of Addition.txt =======================

DR M · Sep 7, 2023

Hello, fxbt.

The computer is a business computer, so, unfortunately, I can't assist you.

According to Security Arena's rules:

If you are having problems with a business machine, please consult your IT Department or System Administrator. It is further advisable that you consult your employer's "Acceptable Usage Policy" to ensure that you are not in breach of Company rules by attempting to fix a business asset.

fxbt · Sep 7, 2023

Hey,

thanks a lot anyways! Of course i understand!

Greetings

DR M · Sep 7, 2023

You are very welcome.

Search

Search

2016 Std. VM - Rule out infection for slowdowns/crashes

fxbt

Contributor

fxbt

Contributor

DR M

Sysnative Staff, Security Analyst

fxbt

Contributor

DR M

Sysnative Staff, Security Analyst