IT-confused | 15.03.2025 21:13 | Teil II zu VBA/TrojanDownloader.Agent.QMI trojan im Thunderbird-Profil Hier nun also die Addition.txt: Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2025 01
durchgeführt von ralf (15-03-2025 19:50:24)
Gestartet von C:\Users\ralf\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5608 (X64) (2020-07-07 17:04:25)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-2740099400-329212028-3453763390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2740099400-329212028-3453763390-503 - Limited - Disabled)
Gast (S-1-5-21-2740099400-329212028-3453763390-501 - Limited - Disabled)
ralf (S-1-5-21-2740099400-329212028-3453763390-1002 - Limited - Enabled) => C:\Users\ralf
User (S-1-5-21-2740099400-329212028-3453763390-1000 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2740099400-329212028-3453763390-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.95 - Hulubulu Software)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team)
AutoIt v3.3.16.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.16.0 - AutoIt Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 134.1.76.74 - Die Brave-Autoren)
CalDavSynchronizer (HKLM-x32\...\{4836FD75-D80F-41B6-8BEF-D14681D0D5E2}) (Version: 4.4.1 - Gerhard Zehetbauer)
calibre 64bit (HKLM\...\{6AC20EE9-EC5C-473E-8E60-93B4396402B4}) (Version: 6.11.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 6.21 - Piriform)
cgm-is-dataexport-desktop (HKLM\...\{28656CD4-B9FB-3120-B95C-65CF28D38256}) (Version: 1.5.0 - CGM Mobile Services GmbH)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
Composer - Php Dependency Manager (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
DB Browser for SQLite (HKLM\...\{5211034D-495B-4A5E-9B8D-8961BBB2B9E2}) (Version: 3.12.2 - DB Browser for SQLite Team)
draw.io 24.0.4 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 24.0.4 - JGraph)
Eclipse Temurin JDK mit Hotspot 21.0.2+13 (x64) (HKLM\...\{3530D678-0BB2-439E-AD96-DE6BD948ABBE}) (Version: 21.0.2.13 - Eclipse Adoptium)
Eddie - VPN Tunnel (HKLM-x32\...\AirVPN) (Version: - AirVPN - hxxps://airvpn.org)
EU-Informationen über das Recycling von Elektronikabfall (HKLM-x32\...\{42DF7152-0B7D-7917-4633-94E00C7BE684}) (Version: 1.0.0.0 - Lexmark International, Inc.)
FileZilla 3.68.0 (HKLM-x32\...\FileZilla Client) (Version: 3.68.0 - Tim Kosse)
GIMP 2.10.12 (HKLM\...\GIMP-2_is1) (Version: 2.10.12 - The GIMP Team)
GIMP 2.10.32-1 (Aktueller Benutzer) (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\GIMP-2_is1) (Version: 2.10.32 - The GIMP Team)
GitHub Desktop (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\GitHubDesktop) (Version: 3.2.0 - GitHub, Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.4.0 - The GnuPG Project)
Google Ads Editor (HKLM-x32\...\{911FFB73-B352-11EF-8B88-E71DDD2788FE}) (Version: 14.8.5.0 - Google)
Google Chrome (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\Google Chrome) (Version: 134.0.6998.89 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Gpg4win (4.1.0) (HKLM-x32\...\Gpg4win) (Version: 4.1.0 - The Gpg4win Project)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.53.1) (Version: 9.53.1 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.)
Greenshot 1.2.10.6 (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Informationszentrum (HKLM-x32\...\{851828ED-8353-E017-70EE-BF284CE2B799}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{EBBD9988-CE54-4E47-8E73-9504899E5D2F}) (Version: 10.1.1.45 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1909.12.0.1236 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{7641ED45-E565-4339-B2BE-0A11453EADEA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{ACA78FC3-08BE-4BCF-9E0F-F9DDDAD735DA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{51E2CD3E-20C9-4B4A-861B-523D9A7605F1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6890 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{b2573549-8593-4d8d-b795-d0eed7b6d412}) (Version: 10.1.1.45 - Intel(R) Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{850dadff-f9de-4f08-acf8-42fc519c851a}) (Version: 21.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{31F63F03-F75F-47F2-B030-776F15413E27}) (Version: 21.20.0.3197 - Intel Corporation) Hidden
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
jAlbum (HKLM\...\{4D87CC71-43E1-45FE-97BF-493DAD00AB38}) (Version: 36.1.0 - Jalbum AB)
KeePass Password Safe 2.58 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.58 - Dominik Reichl)
KNIME Analytics Platform (HKLM\...\{61835C86-6D51-497F-A6BD-F0B4A8F0014A}_is1) (Version: 4.7.2 - KNIME AG)
Kundendienst (HKLM-x32\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 1.0.0.0 - Lexmark International, Inc.)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Lexmark Network Twain Scan Driver (HKLM-x32\...\{3376919A-5F1D-4383-4E76-11B5CDBA1069}) (Version: 1.20.162.0 - Lexmark International, Inc.)
Lexmark Phone Book (HKLM\...\{08AB2938-63C4-4D20-9C2C-46D07F75F1AF}) (Version: 2.6.0.0 - Lexmark International, Inc.)
Lexmark Printer Software G4 HBP Print Driver (HKLM\...\{C8B4F4DA-857A-4BCC-9DFE-A53080117E51}) (Version: 4.1.0.0 - Lexmark International, Inc.)
Lexmark Printer Software G4 Scan Driver (HKLM\...\{720524BA-240A-2F51-2C90-38156890F724}) (Version: 4.1.0.0 - Lexmark International, Inc.)
Lexmark ScanBack Utility (HKLM\...\{A6CE3613-57D8-402D-976A-192B2E3A15CF}) (Version: 5.4.0.0 - Lexmark International, Inc.)
Lexmark Status Center (HKLM-x32\...\{B2E6B173-C205-450D-B708-936C14C8204D}) (Version: 2.5.59.0 - Lexmark International, Inc.)
Lexmark Universal Fax Driver (HKLM\...\{FC254934-CD21-44B6-B38F-FB8ABF756250}) (Version: 2.14.1.0 - Lexmark International, Inc.)
Lexmark USB Bidi Solution (HKLM\...\{35ED18BD-CA31-4B26-8A8C-A72CABE33ECF}) (Version: 1.3.64.0 - Lexmark International, Inc.)
LibreOffice 24.8.4.2 (HKLM\...\{E3618E43-2988-4D1C-AA31-4473B6568DD8}) (Version: 24.8.4.2 - The Document Foundation)
LM Studio 0.3.8 (HKLM\...\c6dbe996-22a9-5998-b542-7abe33da3b83) (Version: 0.3.8 - LM Studio)
MariaDB ODBC Driver 64-bit (HKLM\...\{DC49C4B7-FC17-49D5-820D-A6ADF184BCCF}) (Version: 3.1.12 - MariaDB)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18526.20144 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 134.0.3124.66 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 133.0.3065.92 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\OneDriveSetup.exe) (Version: 25.020.0202.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\Teams) (Version: 1.7.00.15969 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{CE1E3809-05B8-40B3-BDDB-72FE0B42E195}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{F6BDDED2-E197-4EA9-AE95-BA5C1DAF27C8}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.97.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3077.1211 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{CBD54374-141A-4C71-AE46-3870CC7F0838}) (Version: 2.7.3111.17308 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{E281F6E2-136B-4AF0-895B-253279711697}) (Version: 3.7.2182.35401 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 136.0.1 (x64 de)) (Version: 136.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.1.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 128.8.0 (x86 de)) (Version: 128.8.0 - Mozilla)
MS-Buchhalter Bilanz (HKLM-x32\...\MS-Buchhalter Bilanz) (Version: - Michael Schroeder)
MS-BuchhalterBilanz 2023 (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\MS-BuchhalterBilanz2023) (Version: 2023 - Michael Schroeder)
MS-BuchhalterBilanz2024 (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\MS-BuchhalterBilanz2024) (Version: 2024 - Michael Schröder)
MS-BuchhalterBilanz2025 (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\MS-BuchhalterBilanz2025) (Version: 2025 - Michael Schröder)
Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo)
MySQL Connector NET 8.2.0 (HKLM-x32\...\{2182B36C-52E2-46B8-8A8E-5886799DFBF5}) (Version: 8.2.0 - Oracle)
MySQL Connector/ODBC 8.0 (HKLM\...\{7B47492A-AAA1-4F37-AEE1-F008C56E2978}) (Version: 8.0.27 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{1C0701CC-D5F8-47C1-A6E0-4793422652D7}) (Version: 1.6.0.0 - Oracle Corporation)
MySQL Workbench 8.0 CE (HKLM\...\{A55178BF-1CFD-431B-AAFB-8871CDE0B839}) (Version: 8.0.27 - Oracle Corporation)
Nextcloud (HKLM\...\{6FA44D28-70A9-4DAF-915E-B90B85C0A08D}) (Version: 3.15.3.20250107 - Nextcloud GmbH)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.5 - Notepad++ Team)
Octoparse 8.6.2 (HKLM\...\12f8f786-7629-5a71-b8b2-885a2a74fa6d) (Version: 8.6.2 - Octopus Data Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18526.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18526.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18526.20144 - Microsoft Corporation) Hidden
On-premises data gateway (personal mode) (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\{14b03c5b-5b25-4275-bf59-aaa8e68960e5}) (Version: 3000.110.3 - Microsoft Corporation)
Opera Stable 116.0.5366.131 (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\Opera 116.0.5366.131) (Version: 116.0.5366.131 - Opera Software)
PDFsam Basic (HKLM\...\{A53AE816-622C-4141-98A7-C25C56AA1606}) (Version: 5.2.9.0 - Sober Lemur S.r.l.)
PersonalGatewayComponents (HKLM\...\{A7E98057-A401-4BA1-ADF2-92F6E392F9D2}) (Version: 15.110.3 - Microsoft Corporation) Hidden
Prism Video-Converter (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\Prism) (Version: 7.57 - NCH Software)
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)
PyCharm Community Edition 2020.2 (HKLM-x32\...\PyCharm Community Edition 2020.2) (Version: 202.6397.98 - JetBrains s.r.o.)
Python 3.12.1 (64-bit) (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\{86e52725-ef45-452f-ac4c-b8958718bfea}) (Version: 3.12.1150.0 - Python Software Foundation)
Python 3.12.1 Add to Path (64-bit) (HKLM\...\{946DC818-F8CA-463A-BE16-946EB508BD48}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Core Interpreter (64-bit) (HKLM\...\{AC82C1A3-9597-40F2-893D-F02F778FBA4D}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Development Libraries (64-bit) (HKLM\...\{8C53CBDD-4DAF-426F-9478-6C7C2920CDDA}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Documentation (64-bit) (HKLM\...\{62667662-A580-409C-8044-55B06F774AE2}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Executables (64-bit) (HKLM\...\{44BC9F9C-15C2-46C1-B88D-3135A9DA555F}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 pip Bootstrap (64-bit) (HKLM\...\{1662F43B-2337-4FD8-8CE6-BEA38FC94DD4}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Standard Library (64-bit) (HKLM\...\{47957EE3-0E23-4075-B825-F202E913670F}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Tcl/Tk Support (64-bit) (HKLM\...\{926CDC62-3AE2-422B-9858-D6EC3BAD473F}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Test Suite (64-bit) (HKLM\...\{E309AE00-4FB1-4817-9172-7E198668375D}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{4C8D4EC3-F620-4CEE-8BAD-B59A3C6815F3}) (Version: 3.12.1150.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Recovery Toolbox for Outlook 4.8 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version: - File Master LLC)
Roger Router (HKLM-x32\...\RogerRouter) (Version: 2.1.0 - Tabos.org)
Sandboxie-Plus v1.0.7 (HKLM\...\Sandboxie-Plus_is1) (Version: 1.0.7 - hxxp://xanasoft.com/)
SoapUI 5.6.0 (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\5517-2803-0637-4585) (Version: 5.6.0 - SmartBear Software)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Switch Audio-Converter (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\Switch) (Version: 8.24 - NCH Software)
Synology Active Backup for Business Agent (HKLM-x32\...\{BEDBD578-D8D3-49C5-B6BE-04248A9EECBB}) (Version: 2.4.2234 - Synology Inc.)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 7.0.3-50049 - Synology)
Synology Drive Client (HKLM-x32\...\{7423733A-AF55-46BE-A748-459BAEFCA68F}) (Version: 7.5.1.16102 - Synology)
Tanagra 1.4 (HKLM-x32\...\Tanagra_is1) (Version: - RR)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
TAXMAN 2022 (HKLM-x32\...\{542B4A84-D57A-4578-8992-CB8599DBEE2D}) (Version: 27.32.81 - Haufe-Lexware GmbH & Co.KG)
Telegram Desktop (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.9.9 - Telegram FZ-LLC)
t-online Browser 7 (x64 de) (HKLM\...\t-online Browser 7 135.0.206 (x64 de)) (Version: 135.0.206 - t-online.de)
t-online.de Browser 7 Maintenance Service (HKLM\...\tonlinedeBrowser7MaintenanceService) (Version: 135.0.1.15 - t-online.de)
TP-Link Archer T2U Driver (HKLM-x32\...\{D6A7C1A4-FD9A-40F1-8D6E-3E8CCF204DD6}) (Version: 2.1.0 - TP-Link)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VideoPad Video-Editor (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\VideoPad) (Version: 8.80 - NCH Software)
Visual Studio Build Tools 2019 (HKLM-x32\...\208928e8) (Version: 16.8.30907.101 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
website-audit 1.1.2 (HKLM\...\b73a0841-3448-589b-84f8-0dc50098d5f7) (Version: 1.1.2 - EDPB)
Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows-Treiberpaket - Lexmark International Printer (10/02/2015 2.14.1.0) (HKLM\...\F3A000885C34ECD021CABAFCCBEE7A869A14261B) (Version: 10/02/2015 2.14.1.0 - Lexmark International)
WISO Steuer 2023 (HKLM-x32\...\{6FD1B8CB-0847-462C-A4C8-4F75A2117266}) (Version: 30.08.3660 - Buhl Data Service GmbH)
WISO Steuer 2024 (HKLM-x32\...\{A4DA3F14-68D9-4C84-8EFA-8AF6A7039545}) (Version: 31.03.3510 - Buhl Data Service GmbH)
WISO Steuer 2025 (HKLM-x32\...\{107AD510-291B-4B92-99C9-75F9E3AA359F}) (Version: 32.03.2120 - Buhl Data Service GmbH)
XAMPP (HKLM\...\xampp) (Version: 8.0.10-0 - Bitnami)
Zed Attack Proxy 2.14.0 (HKLM\...\ZAP) (Version: 2.14.0 - ZAP)
Zoom (HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\ZoomUMX) (Version: 5.15.12 (21574) - Zoom Video Communications, Inc.)
Packages:
=========
Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2021-02-23] (Adobe Systems Incorporated)
Dropbox Lite -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_23.4.30.0_x64__xbfy0k16fey96 [2025-02-03] (Dropbox Inc.)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-15] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-01-07] (INTEL CORP)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-29] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-06] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2502.5001.0_x64__8wekyb3d8bbwe [2025-02-13] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-30] (Netflix, Inc.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-03-10] ()
Power Apps -> C:\Program Files\WindowsApps\MicrosoftCorporationII.PowerAppsforWindows10_3.25031.6.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corp.)
Power BI Desktop -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPowerBIDesktop_2.140.1476.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corporation)
Spotify – Musik und Podcasts -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0 [2025-03-03] (Spotify AB) [Startup Task]
TeamViewer: Remote Control -> C:\Program Files\WindowsApps\TeamViewer.31414B719FA93_15.0.100.0_x86__89446h4zmeyyt [2020-09-29] (TeamViewer)
TIDAL -> C:\Program Files\WindowsApps\WiMPMusic.27241E05630EA_2.38.6.0_x86__kn85bz84x7te4 [2024-10-12] (TIDAL Music AS)
Ubuntu 20.04 on Windows -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu20.04onWindows_2004.2022.8.0_x64__79rhkp1fndgsc [2023-11-26] (Canonical Group Limited)
XML Copy Editor powered by weatherlights.com -> C:\Program Files\WindowsApps\HaukeGtze.XMLCopyEditorpoweredbyweatherlights.com_1.1310.1.0_x64__6bk20wvc8rfx2 [2022-12-30] (Hauke Hasselberg)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [ NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-01-07] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-01-07] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-01-07] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-01-07] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-01-07] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\ralf\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-03-08] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\ralf\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-03-08] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\ralf\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-03-08] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\ralf\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-03-08] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\ralf\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-03-08] (Synology Inc. -> TODO: <Company name>)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2022-12-19] (g10 Code GmbH) [Datei ist nicht signiert]
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\NCContextMenu.dll [2025-01-07] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2022-12-19] (g10 Code GmbH) [Datei ist nicht signiert]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1_S-1-5-21-2740099400-329212028-3453763390-1002: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\ralf\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\ContextMenu.dll [2025-03-08] (Synology Inc. -> )
ContextMenuHandlers6_S-1-5-21-2740099400-329212028-3453763390-1002: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\ralf\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\ContextMenu.dll [2025-03-08] (Synology Inc. -> )
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\ralf\Desktop\Jitsi Meet.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory="Profile 2" --app-id=ibiognfelmneebngbnbeonnllapmffmb
ShortcutWithArgument: C:\Users\ralf\Desktop\Snowflake - Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 11"
ShortcutWithArgument: C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave-Apps\Jitsi Meet.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory="Profile 2" --app-id=ibiognfelmneebngbnbeonnllapmffmb
ShortcutWithArgument: C:\Users\ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cf1969e670773ba9\Profile 2 - Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a50b4248f2bdcbff\Power BI - Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 6"
ShortcutWithArgument: C:\Users\ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8421420c4b860b3e\HubSpot - Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\337b159c855faad1\Google - Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Profile 2"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]
AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
URLSearchHook: [S-1-5-21-2740099400-329212028-3453763390-1000] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2740099400-329212028-3453763390-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2022-05-23 09:20 - 000000866 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.localhost.com
192.168.178.1
2020-04-10 09:46 - 2022-12-19 10:53 - 000000589 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.29.68.108 3aaad53e-bab6-40d7-b138-0a9acb4f69f4.mshome.net # 2022 12 1 26 9 53 33 982
169.254.41.169 HomeOffice.mshome.net # 2025 4 3 9 8 46 8 279
172.29.64.1 profiadress.mshome.net # 2027 12 6 18 9 53 33 982
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Eclipse Adoptium\jdk-21.0.2.13-hotspot\bin;C:\Program Files\Java\jre-1.8\bin;C:\Program Files\Python312\Scripts\;C:\Program Files\Python312\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Users\ralf\AppData\Local\Programs\Python\Python38-32\;C:\Users\ralf\AppData\Local\Programs\Python\Python38-32\Scripts\;C:\Program Files\Calibre2\;C:\xampp\php;C:\ProgramData\ComposerSetup\bin;C:\Program Files\PuTTY\;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ralf\Desktop\py.jpg
DNS Servers: 192.168.178.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
WLAN 4: Intel(R) Dual Band Wireless-AC 7265 -> Netwtw04.sys
LAN-Verbindung: TAP-Windows Adapter V9 -> tap0901.sys
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys
vEthernet (Ethernet): Hyper-V Virtual Ethernet Adapter -> VmsProxyHNic.sys
vEthernet (WLAN 4): Hyper-V Virtual Ethernet Adapter #2 -> VmsProxyHNic.sys
vms_vsf: Erweiterungsfilter für virtuellen Hyper-V-Switch
ms_vfpext: Microsoft Azure VFP Switch Extension
vms_vsp: Extension-Protokoll für virtuellen Hyper-V-Switch
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run: => "BraveVpnWireguardService"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "LexwareInfoService"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\StartupFolder: => "On-premises data gateway (personal mode).lnk"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\StartupFolder: => "Synology Drive Client.lnk"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "Nextcloud"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_2D2FB39371B311A0BB6A4C2028148FDF"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "GoogleUpdaterTaskUser122.0.6253.8"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "electron.app.LM Studio"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "GoogleUpdaterTaskUser134.0.6947.0"
HKU\S-1-5-21-2740099400-329212028-3453763390-1002\...\StartupApproved\Run: => "GoogleUpdaterTaskUser135.0.7023.0"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C07BC6A8-FA83-4CCA-880A-F0C239CC5319}] => (Allow) C:\Program Files\t-online.de\Browser 7\Browser7.exe (Ströer Digital Publishing GmbH -> t-online.de)
FirewallRules: [{F6F69B76-25F8-43D8-B4D3-3DF68E161CB6}] => (Allow) C:\Program Files\t-online.de\Browser 7\Browser7.exe (Ströer Digital Publishing GmbH -> t-online.de)
FirewallRules: [{FD5E6355-8F10-4D94-B2AE-2DF698919733}] => (Allow) LPort=57209
FirewallRules: [{9A287C8B-A4C6-4551-B23B-70B489E9BE4E}] => (Allow) LPort=57209
FirewallRules: [UDP Query User{245592EC-B228-4D8B-93DD-11767DDABE9C}C:\program files (x86)\lexmark scanback utility\scanwiz.exe] => (Allow) C:\program files (x86)\lexmark scanback utility\scanwiz.exe (Lexmark International, Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{0721D157-10E7-444C-9B43-8291849A5289}C:\program files (x86)\lexmark scanback utility\scanwiz.exe] => (Allow) C:\program files (x86)\lexmark scanback utility\scanwiz.exe (Lexmark International, Inc.) [Datei ist nicht signiert]
FirewallRules: [{6E10FBDF-6200-424D-98E4-CE5089FC152A}] => (Allow) H:\install\x64\installgui.exe => Keine Datei
FirewallRules: [{2279809D-84FB-419B-909C-C0B0BE3C1487}] => (Allow) H:\install\x64\installgui.exe => Keine Datei
FirewallRules: [UDP Query User{DC8188FC-366E-461C-8209-829C5AB96A36}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [TCP Query User{E7846C3B-7640-455F-AFC1-0C3C19FC428D}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
FirewallRules: [UDP Query User{B3331290-8209-426F-AA2C-ABFFB023E053}C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe] => (Allow) C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe
FirewallRules: [TCP Query User{4970A853-6705-466D-ABA1-0D4605E62C8C}C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe] => (Allow) C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C2A6DF96-831B-4395-8608-3959D8D181F0}C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe] => (Allow) C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe
FirewallRules: [TCP Query User{05982A65-74BA-4D7E-AF67-7482C79FA175}C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe] => (Allow) C:\program files\rapidminer\rapidminer studio\jre\bin\javaw.exe
FirewallRules: [{73D67D30-5C04-45B8-A85A-8B39397F8E48}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1A26F919-EB32-4E4A-AC5D-499C43B93002}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3273FF59-05B7-4ACF-A9FA-74743B38F459}C:\program files\jetbrains\pycharm community edition 2020.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{ED1E1476-EFAF-4E8A-A91E-F5A21F2D9945}C:\program files\jetbrains\pycharm community edition 2020.2\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{0E111947-FC32-4559-ADE0-4D0CB890FE0A}C:\users\ralf\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\ralf\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{44259DBC-025E-4760-A9A9-8870674225CE}C:\users\ralf\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\ralf\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{0E7BBA7B-30BB-4D6E-A089-25F83FB3AE40}C:\program files (x86)\roger router\roger.exe] => (Allow) C:\program files (x86)\roger router\roger.exe (Tabos.org) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F49E3741-4E7C-493F-AF4E-6834AE296CE4}C:\program files (x86)\roger router\roger.exe] => (Allow) C:\program files (x86)\roger router\roger.exe (Tabos.org) [Datei ist nicht signiert]
FirewallRules: [{18339E41-B47A-4F97-9BE9-0F7B9F7E69EB}] => (Allow) H:\install\x64\installgui.exe => Keine Datei
FirewallRules: [{826CFDD5-E8BF-4D39-AD97-C4D8B1BED28E}] => (Allow) H:\install\x64\installgui.exe => Keine Datei
FirewallRules: [TCP Query User{9EFDC472-E11B-49EA-A1F3-E62711F121C5}C:\users\ralf\appdata\local\programs\python\python38-32\python.exe] => (Allow) C:\users\ralf\appdata\local\programs\python\python38-32\python.exe => Keine Datei
FirewallRules: [UDP Query User{7BF3831D-3116-4A7E-B96D-4E5D1255D97B}C:\users\ralf\appdata\local\programs\python\python38-32\python.exe] => (Allow) C:\users\ralf\appdata\local\programs\python\python38-32\python.exe => Keine Datei
FirewallRules: [TCP Query User{7D8D5179-8AD2-4B10-9E46-72A86FEABD22}C:\users\ralf\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ralf\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{A877F5D5-3D09-4701-9D42-1BDF1AD78B91}C:\users\ralf\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ralf\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{2A795E1B-87EA-47C6-8159-122DDD852787}C:\users\ralf\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ralf\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{0DAC129D-D22E-456C-9E3E-B38014FA7C48}C:\users\ralf\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ralf\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{87F327E4-2441-4899-8883-74A49E43E102}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9955B677-C256-45B9-A605-D429D0837211}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{85CD20EB-D7F3-4E5E-88E5-868B8F25DE64}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{28964D74-8D53-4B56-894B-48B4FB1747D7}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{0A0940EB-A00C-494B-908B-95272B4FFA55}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{D184E7FA-E2B4-452B-BBFF-286EEBAFF471}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{0802A0CC-CC77-4D3F-ADC3-EC77F26F6AF9}C:\users\ralf\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ralf\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{4B3730F2-3B52-44D8-B87D-4C0594DFBD9F}C:\users\ralf\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ralf\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{321AA0E3-084F-4CD5-9493-84B4B5C0CA98}C:\users\ralf\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ralf\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{D267954D-E3AE-47D8-84AC-B994A5F3EA7C}C:\users\ralf\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ralf\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{6426C7A6-CAC0-4CE1-BA00-3D51895D8463}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [UDP Query User{25CFF5A0-98B0-4180-B7C7-2AB332E8B180}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [TCP Query User{A2C05BAF-034E-4B8E-A7CA-A80A49529960}C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{4296D470-AB6A-417E-B9E3-23CCE2AF5818}C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [TCP Query User{4FCC988A-13C2-4DFD-A1BD-20BAA0B13ED7}C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{75ACDD85-BDAD-48A9-9C89-0091D99E6B97}C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\ralf\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [TCP Query User{647DED08-F92F-4DBD-9310-0C71CA8666FB}C:\users\ralf\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ralf\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{01A630AF-9C4C-4BC2-8E10-BDBCC005CCDA}C:\users\ralf\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ralf\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5176DD9B-5676-4F40-AA21-2E8FB8460AF0}] => (Block) C:\users\ralf\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64DF9D18-0186-4FEB-86E1-C30D20A486F3}] => (Block) C:\users\ralf\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{830E7248-7EF4-4523-AF8E-AFC27B15B662}C:\users\ralf\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\ralf\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B23B035E-70B0-488A-A121-066D94B0CEE0}C:\users\ralf\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\ralf\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74CEEC3A-2AA0-4868-81D0-3B492CED9402}] => (Block) C:\users\ralf\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{97D6BB91-DCE8-4236-AEB1-A45C5CE88E68}] => (Block) C:\users\ralf\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0AA51D85-EC14-4815-8649-F6E0937F80C1}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{684230CE-E16A-4B4D-9153-56DF39432E67}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [Datei ist nicht signiert]
FirewallRules: [{E7FEEDD4-D22F-48C5-A6E6-D621EDDA1B3F}] => (Block) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [Datei ist nicht signiert]
FirewallRules: [{02C62DF2-C646-4B50-8E9B-D9344DE8DA89}] => (Block) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{29FC05F4-56EE-4D74-9BA2-1B25C113AE88}C:\program files\eclipse adoptium\jdk-21.0.2.13-hotspot\bin\javaw.exe] => (Allow) C:\program files\eclipse adoptium\jdk-21.0.2.13-hotspot\bin\javaw.exe
FirewallRules: [UDP Query User{910E9720-80ED-4B1C-88E7-22F7126BF977}C:\program files\eclipse adoptium\jdk-21.0.2.13-hotspot\bin\javaw.exe] => (Allow) C:\program files\eclipse adoptium\jdk-21.0.2.13-hotspot\bin\javaw.exe
FirewallRules: [{B55E0824-D0D2-4A8C-A4DA-8E7FB2E36BAB}] => (Block) C:\program files\eclipse adoptium\jdk-21.0.2.13-hotspot\bin\javaw.exe
FirewallRules: [{C4517CE1-52A1-4E17-A2BF-320D0A7D0986}] => (Block) C:\program files\eclipse adoptium\jdk-21.0.2.13-hotspot\bin\javaw.exe
FirewallRules: [TCP Query User{36C04A48-A89D-47F4-9D09-74C710E8CAF0}C:\program files\windowsapps\wimpmusic.27241e05630ea_2.36.2.0_x86__kn85bz84x7te4\app\tidal.exe] => (Allow) C:\program files\windowsapps\wimpmusic.27241e05630ea_2.36.2.0_x86__kn85bz84x7te4\app\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{8489D11E-A125-4A54-A0B5-081ABDEA44B3}C:\program files\windowsapps\wimpmusic.27241e05630ea_2.36.2.0_x86__kn85bz84x7te4\app\tidal.exe] => (Allow) C:\program files\windowsapps\wimpmusic.27241e05630ea_2.36.2.0_x86__kn85bz84x7te4\app\tidal.exe => Keine Datei
FirewallRules: [{BCFF49DD-CA0C-492E-AD5B-4756A55612B1}] => (Block) C:\program files\windowsapps\wimpmusic.27241e05630ea_2.36.2.0_x86__kn85bz84x7te4\app\tidal.exe => Keine Datei
FirewallRules: [{F6D798A3-509B-475B-93EB-FB934EF44E42}] => (Block) C:\program files\windowsapps\wimpmusic.27241e05630ea_2.36.2.0_x86__kn85bz84x7te4\app\tidal.exe => Keine Datei
FirewallRules: [TCP Query User{B5AC4CE3-6C2D-4BD2-B2B6-1051A97A8D21}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [UDP Query User{D05D5ECF-DE54-4B15-BE55-1D4095B97910}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{6AF7DB67-0CFB-4F1C-ADCE-D226AB779FA8}] => (Block) C:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{9F916154-FD46-4DAC-833D-B6EF960832D7}] => (Block) C:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{33890BDF-D235-44B8-A3ED-4B2D92D381FB}] => (Allow) C:\Program Files\jAlbum\jAlbum.exe (JAlbum AB -> Jalbum AB)
FirewallRules: [{F9DC8B19-1F26-4AEF-94E6-9FCCB868662C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2ED1F0EB-B6BE-4228-8BB2-F64CA361AE72}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E0247D98-5491-422B-BD1B-00A448213EC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C5A638C9-B188-4715-9F7D-551774AA9591}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B25D6F5E-D4E0-4691-ADAF-75C15C36D405}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C4C1DDDF-4428-4061-96C9-4B652DDF7CA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0F5985FB-C62D-41CB-A6C3-CEAD60825478}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{933044D7-3DD2-4234-AE2B-6D3A858ACFBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9746246A-6595-4B51-90D7-1E4A9B1AA388}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6C518080-850C-41E9-92FF-DF6F96D0D2EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9DF76361-0483-4E31-BF47-F8802472526C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4DEB5FB1-1603-47F8-8BE5-004448386A02}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{A7967645-F2C0-4D14-87DD-2763B0FAAB21}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0F6345B9-5B24-48BD-BF68-FA5223CC2A1D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D0600B15-A368-427E-9693-68C16AFA5C0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{997CA27A-F14F-4CAB-85BA-E2BFC3321ECB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:446.5 GB) (Free:212.65 GB) (48%)
Überprüfen Sie den "VSS" Dienst
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Lexmark MC3300 Series
Description: Lexmark MC3300 Series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (03/15/2025 03:39:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte erneut optimieren auf PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\ad172214-f597-4bbe-ac2f-20a0ae7327b0\BaseLayer) nicht abschließen. Grund: Fehler beim Verschieben der Datei. (0x89000016)
Error: (03/15/2025 03:39:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte Bereichskonsolidierung auf PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\ad172214-f597-4bbe-ac2f-20a0ae7327b0\BaseLayer) nicht abschließen. Grund: Der Bereichskonsolidierungsvorgang wurde abgebrochen, da nur eine unzureichende Anzahl von Bereichen freigegeben werden konnte (auf Grundlage der in der Registrierung angegebenen Grenzwerte). (0x89000028)
Error: (03/15/2025 03:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mcupdate.exe, Version: 10.0.10134.0, Zeitstempel: 0x556a6f50
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.5607, Zeitstempel: 0x18768d24
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000003b699
ID des fehlerhaften Prozesses: 0x28f4
Startzeit der fehlerhaften Anwendung: 0x01db95b685973eb8
Pfad der fehlerhaften Anwendung: C:\WINDOWS\ehome\mcupdate.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 24e5064d-d901-497f-bd20-42f464dba204
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/15/2025 03:28:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: mcupdate.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
bei MediaCenter.Store.SqlLite.SqlLiteErr.LogAndThrowException(Int32, System.String, System.Object[])
bei MediaCenter.Store.SqlLite.ObjectStore.Open(System.String)
bei MediaCenter.Store.SqlLite.ObjectStoreManager.Open(System.String, Boolean)
bei Microsoft.MediaCenter.Store.ObjectStore.Open(System.String, System.String, System.String, System.Reflection.Assembly, Boolean)
Ausnahmeinformationen: System.InvalidOperationException
bei Microsoft.MediaCenter.Store.ObjectStore.Open(System.String, System.String, System.String, System.Reflection.Assembly, Boolean)
bei Microsoft.MediaCenter.Store.ObjectStore.Open(System.String, System.String, System.String, Boolean)
bei Microsoft.MediaCenter.Store.ObjectStore.AddObjectStoreReference()
bei Microsoft.MediaCenter.Store.Update.UpdateSession..ctor(System.String)
bei <Module>.CreateSession(System.String)
bei Updater.Run()
bei <Module>.wWinMain(HINSTANCE__*, HINSTANCE__*, UInt16*, Int32)
bei <Module>.wWinMainCRTStartup()
bei <Module>.wWinMainStub()
Error: (03/14/2025 04:42:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Synology Active Backup for Business Service.exe, Version: 0.0.0.0, Zeitstempel: 0x628c8645
Name des fehlerhaften Moduls: Synology Active Backup for Business Service.exe, Version: 0.0.0.0, Zeitstempel: 0x628c8645
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000002615b9
ID des fehlerhaften Prozesses: 0x109c
Startzeit der fehlerhaften Anwendung: 0x01db94b346749b04
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\Synology Active Backup for Business Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\Synology Active Backup for Business Service.exe
Berichtskennung: 88a24525-a563-4d65-b9af-2b62578b5fb3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/14/2025 04:17:37 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.
Error: (03/14/2025 08:51:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte erneut optimieren auf PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\ad172214-f597-4bbe-ac2f-20a0ae7327b0\BaseLayer) nicht abschließen. Grund: Fehler beim Verschieben der Datei. (0x89000016)
Error: (03/14/2025 08:51:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte Bereichskonsolidierung auf PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\ad172214-f597-4bbe-ac2f-20a0ae7327b0\BaseLayer) nicht abschließen. Grund: Der Bereichskonsolidierungsvorgang wurde abgebrochen, da nur eine unzureichende Anzahl von Bereichen freigegeben werden konnte (auf Grundlage der in der Registrierung angegebenen Grenzwerte). (0x89000028)
Systemfehler:
=============
Error: (03/15/2025 04:49:00 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: Das Secure Boot-Update konnte eine Secure Boot-Variable mit dem Fehler (-2147020471 = Sicheres Starten ist auf diesem Computer nicht aktiviert.) nicht aktualisieren. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931
Error: (03/15/2025 03:25:30 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: Das Secure Boot-Update konnte eine Secure Boot-Variable mit dem Fehler (-2147020471 = Sicheres Starten ist auf diesem Computer nicht aktiviert.) nicht aktualisieren. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931
Error: (03/14/2025 04:49:00 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: Das Secure Boot-Update konnte eine Secure Boot-Variable mit dem Fehler (-2147020471 = Sicheres Starten ist auf diesem Computer nicht aktiviert.) nicht aktualisieren. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931
Error: (03/14/2025 04:46:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Broker für Laufzeitüberwachung der Systemüberwachung" wurde mit folgendem Fehler beendet:
%%3489660935
Error: (03/14/2025 04:42:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Synology Active Backup for Business Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/14/2025 08:37:43 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: Das Secure Boot-Update konnte eine Secure Boot-Variable mit dem Fehler (-2147020471 = Sicheres Starten ist auf diesem Computer nicht aktiviert.) nicht aktualisieren. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931
Error: (03/14/2025 08:34:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Broker für Laufzeitüberwachung der Systemüberwachung" wurde mit folgendem Fehler beendet:
%%3489660935
Error: (03/14/2025 08:32:48 AM) (Source: SbieSvc) (EventID: 9234) (User: )
Description: SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823
Windows Defender:
================
Date: 2025-03-14 11:17:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-14 10:54:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-14 10:33:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-14 09:15:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-14 08:51:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2023-09-29 07:42:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1675.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x8024402c
Error description: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===============
Date: 2025-03-14 16:17:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-03-14 16:17:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-03-14 16:14:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 1003 07/24/2019
Hauptplatine: ASUSTeK COMPUTER INC. PRIME H310M-A R2.0
Prozessor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 32636.43 MB
Verfügbarer physikalischer RAM: 20328.3 MB
Summe virtueller Speicher: 37500.43 MB
Verfügbarer virtueller Speicher: 25932.6 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:446.5 GB) (Free:212.65 GB) (Model: GIGABYTE GP-GSTFS31480GNTD) NTFS
Drive p: (homes) (Network) (Total:1777.92 GB) (Free:653.23 GB) (Model: GIGABYTE GP-GSTFS31480GNTD) NTFS
Drive r: (homes) (Network) (Total:1777.92 GB) (Free:653.23 GB) (Model: GIGABYTE GP-GSTFS31480GNTD) NTFS
Drive y: (homes) (Network) (Total:1777.92 GB) (Free:653.23 GB) (Model: GIGABYTE GP-GSTFS31480GNTD) NTFS
Drive z: (homes) (Network) (Total:1777.92 GB) (Free:653.23 GB) (Model: GIGABYTE GP-GSTFS31480GNTD) NTFS
\\?\Volume{3a687747-0560-4ba6-b6cc-165327f69a28}\ (Wiederherstellung) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.5 GB) NTFS
\\?\Volume{8231700d-d784-4722-9c98-e24d43d39e21}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==================== Ende von Addition.txt ======================= Und natürlich der Ursprungs-Scan von eset Code:
15.03.2025 19:41:17
Geprüfte Dateien: 1339706
Erkannte Dateien: 2
Gesäuberte Dateien: 0
Scandauer gesamt 02:59:13
Scanstatus: Abgeschlossen
C:\Users\ralf\AppData\Roaming\Thunderbird\Profiles\2zsuwqx5.default-release\ImapMail\wpxxxx.mail.server-he-1.de\INBOX VBA/TrojanDownloader.Agent.QMI trojan unable to clean
C:\Users\ralf\AppData\Roaming\Thunderbird\Profiles\2zsuwqx5.default-release\ImapMail\wpxxxx.mail.server-he.de\INBOX VBA/TrojanDownloader.Agent.BJL trojan unable to clean Es wäre super, wenn ihr mir helfen könntet, das Ding wieder loszuwerden
Vielen Dank vorab
IT-confused |