| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 11: Möglicherweise einen Keylogger eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.02.2024, 03:25
| #1 |
 |  Windows 11: Möglicherweise einen Keylogger eingefangen Guten Abend liebes Board, gestern sind eigenartige Dinge vorgefallen, die mich sehr beschäftigen, insbesondere hinsichtlich der Sicherheit meiner Accounts. Habe auf einem anderem System welches definitv nicht von Schadsoftware befallen sein kann, meine Passwörter geändert. Jedoch fürchte ich weiterhin um meine Daten. Dieses System hier scheint kompromittiert und deshalb brauche ich euch Experten um mir Klarheit und die Ausmaße dieses Problems zu begreifen. Wie von euch gewünscht, die Logs: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2024 02
durchgeführt von Christopher (Administrator) auf CHRIS-RYZEN (Gigabyte Technology Co., Ltd. X570 AORUS ELITE) (22-02-2024 03:18:38)
Gestartet von C:\Users\Christopher\Downloads\FRST64.exe
Geladene Profile: Christopher
Plattform: Microsoft Windows 11 Pro Version 23H2 22631.3155 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser nicht gefunden!
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe <6>
(explorer.exe ->) (ADLICE -> ) C:\Users\Christopher\Downloads\RogueKiller_portable64.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Node.js Foundation -> Node.js) C:\Users\Christopher\AppData\Roaming\Java\jre8\bin\java.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (Creative Technology Ltd -> Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative App\Creative.VADMonitorService.exe
(services.exe ->) (Creative Technology Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (ND_Apps -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_1b8f9115c198ff0c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe <2>
(services.exe ->) (TunnelBear (McAfee Canada ULC) -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <6>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe [1249848 2021-03-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2021-08-22] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [Creative.Creative App] => C:\Program Files (x86)\Creative\Creative App\Creative.App.exe [380888 2023-02-22] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2044576 2023-12-13] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [46010112 2024-02-07] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [MicrosoftEdgeAutoLaunch_741E772D9DD9CECA94A4FC008585852B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2730600 2024-02-22] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Christopher\AppData\Local\Microsoft\Teams\Update.exe [2589872 2023-11-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37371856 2024-02-20] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [shdoclc] => wscript.exe "C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\shdoclc.js" [185 2024-02-22] () [Datei ist nicht signiert]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {781CACBF-14A2-4BBF-8B16-6ED87E12F610} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {64F2550E-A1F8-4C8F-8C25-F22BC64BE9B0} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [313192 2023-06-26] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {3F802E09-B6CD-4AED-A39F-07910C85B1DD} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1881448 2023-06-26] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {5C454918-96D8-4F55-9414-AD9208F2C273} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-09-16] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {0FE60EB1-3FD2-4CBC-B6D8-D84E3D99F09E} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-09-16] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {A41F7E84-20EB-4665-86E9-E24F51E7E44A} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [139091304 2023-05-31] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {6E0F5B9D-F8F9-407A-B13D-733DCC0F7DFC} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (Keine Datei)
Task: {B906CCB5-5C8A-40F7-8C3D-CE9C670DD808} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{0E7C8859-48CD-4CE0-B2AB-5D1A378421EE} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ACHTUNG
Task: {BBFE8024-554A-4EF4-A018-E12A2A051E19} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E4FAE73-1CFA-404A-91F0-54479BC5CA04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B421CFFA-30F6-4697-9AE2-63FAD619FF43} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {14666FF2-69CC-4E3F-9D82-4908C9993D80} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {D521011B-1944-4205-AE7A-284D8D14121A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Keine Datei)
Task: {7C989995-8C0F-4EF5-95C1-D48EF41D85BC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {BCDE4022-974A-4731-8BA3-603704BF4396} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3128C070-7884-45B5-B6D0-2E76502534AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {978DE02B-5028-4B24-AD1B-B5C29C559662} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {30F07E05-EC9A-41AD-BB16-DA4CD7B9E37D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {54B7C1D7-E01D-48A2-9708-98B23E440EE7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {60283C87-7D1E-4B9F-ADB8-EEC641D9A34D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A592740F-9436-4C38-BCCC-FD81AC993788} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E7790E3B-CA83-472A-838F-DEF7FAC48A43} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {019FEC21-68DD-4188-B8E4-B775A1C01E51} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7052FCCA-1366-4C85-B352-0BC539040B22} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {647A6B10-B849-49E8-BB1D-7F53EF6F1B01} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1CE556F-BE0A-4A8F-BE08-35178B02B6B6} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5C1C339A-8226-48A2-8495-4F368DAE513F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AFEC67B-3E47-4391-B071-BF3D0C31ADBD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8ADA628F-5CF7-401C-8CAB-459DC702D84C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {51EE51B6-DB25-4B4E-89EE-6D71F13BD3E7} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2108826960-4211556212-834145737-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{03108b26-6233-40bb-ba91-a94abcc85185}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{03108b26-6233-40bb-ba91-a94abcc85185}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{03108b26-6233-40bb-ba91-a94abcc85185}: [DhcpDomain] fritz.box
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Christopher\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-22]
Edge Extension: (Google Docs Offline) - C:\Users\Christopher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-22]
Edge Extension: (Edge relevant text changes) - C:\Users\Christopher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Automatic Twitch: Drops, Moments and Points) - C:\Users\Christopher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfhgpagdjjoieckminnmigmpeclkdmjm [2024-01-25]
Edge Extension: (uBlock Origin) - C:\Users\Christopher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-02-18]
FireFox:
========
FF DefaultProfile: kvjo2z5k.default
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\kvjo2z5k.default [2021-09-07]
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2q1on2jj.default-release [2024-02-22]
FF Homepage: Mozilla\Firefox\Profiles\2q1on2jj.default-release -> web.de
FF NetworkProxy: Mozilla\Firefox\Profiles\2q1on2jj.default-release -> autoconfig_url", "hxxps://dns.controld.com/2g6lxjc442r"
FF Extension: (uBlock Origin) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2q1on2jj.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-02-21]
FF Extension: (Video DownloadHelper) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2q1on2jj.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2024-02-18]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [401880 2024-01-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe [457544 2021-10-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-09-16] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [558104 2022-05-19] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-09-16] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [591176 2021-09-16] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15820584 2024-02-15] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
R2 Creative.VADMonitorService; C:\Program Files (x86)\Creative\Creative App\Creative.VADMonitorService.exe [33896 2022-08-01] (Creative Technology Ltd -> Creative Technology Ltd)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [458240 2020-03-12] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [51393352 2024-01-26] (Electronic Arts, Inc. -> Electronic Arts)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12094568 2024-02-22] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [954704 2024-02-03] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2350048 2024-02-17] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7173088 2023-09-09] (GOG sp. z o.o -> GOG.com)
R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
S2 GoogleUpdaterInternalService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ACHTUNG
S2 GoogleUpdaterService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ACHTUNG
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10962688 2024-02-07] (Logitech Inc -> Logitech, Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [4801896 2023-12-01] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 logi_lamparray_service; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray_service.exe [9887216 2024-02-07] (Logitech Inc -> Logitech, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-22] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-22] (Malwarebytes Inc. -> Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [11910760 2021-12-19] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_1b8f9115c198ff0c\Display.NvContainer\NVDisplay.Container.exe [1275528 2024-01-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [1932248 2023-11-28] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534592 2024-02-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [142864 2023-08-30] (TunnelBear (McAfee Canada ULC) -> TunnelBear)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [310216 2023-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2021-10-21] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [49256 2022-08-15] (ASUSTeK COMPUTER INC. -> )
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 CTIAIO; C:\WINDOWS\system32\drivers\CtiAIo64.sys [34520 2023-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2022-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R3 e60MZ0380.X64; C:\WINDOWS\System32\drivers\e60MZ0380.X64.SYS [3896880 2021-10-07] (Corsair Memory, Inc. -> )
R3 ElgatoVAD; C:\WINDOWS\System32\drivers\ElgatoVAD.sys [39208 2020-11-08] (Elgato Systems LLC -> Elgato Systems GmbH)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218592 2024-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 gdrv3; C:\WINDOWS\System32\drivers\gdrv3.sys [44760 2022-09-05] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [18432 2019-12-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [54752 2023-01-18] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2018-04-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-23] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-23] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-23] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray.sys [89072 2024-02-07] (Logitech Inc -> Logitech, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-22] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 polarbear-split-tunneling; C:\Program Files (x86)\TunnelBear\Drivers\x64\SplitTunnelingDriver.sys [29176 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2023-07-10] (TunnelBear, Inc. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [54208 2024-02-22] (ADLICE (Julien Ascoet) -> )
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2024-02-22] (Microsoft Windows -> )
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74064 2023-12-13] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\GIGABYTE\RGBFusion\MODAPI.sys [14544 2022-08-06] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2023-11-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
S3 KSUSBfilt64; \SystemRoot\system32\drivers\KSUSBfilt64.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-02-22 03:17 - 2024-02-22 03:17 - 000000000 ____D C:\Users\Christopher\AppData\Local\Backup
2024-02-22 03:09 - 2024-02-22 03:09 - 000758838 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-22 03:09 - 2024-02-22 03:09 - 000157058 _____ C:\WINDOWS\system32\perfc007.dat
2024-02-22 03:05 - 2024-02-22 03:05 - 000054208 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2024-02-22 03:03 - 2024-02-22 03:03 - 000000448 __RSH C:\ProgramData\ntuser.pol
2024-02-22 03:01 - 2024-02-22 03:01 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT
2024-02-22 02:46 - 2024-02-22 02:54 - 000001053 _____ C:\Users\Christopher\Downloads\rk.txt
2024-02-22 02:38 - 2024-02-22 02:43 - 000000000 ____D C:\Users\Christopher\Downloads\RogueKiller
2024-02-22 02:38 - 2024-02-22 02:38 - 036149680 _____ C:\Users\Christopher\Downloads\RogueKiller_portable64.exe
2024-02-22 02:28 - 2024-02-22 02:29 - 000124181 _____ C:\Users\Christopher\Downloads\Addition.txt
2024-02-22 02:27 - 2024-02-22 03:19 - 000032268 _____ C:\Users\Christopher\Downloads\FRST.txt
2024-02-22 01:52 - 2024-02-22 01:52 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-02-22 01:52 - 2024-02-22 01:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2024-02-22 01:46 - 2024-02-22 01:46 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2024-02-22 01:46 - 2024-02-22 01:46 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-22 01:45 - 2024-02-22 01:45 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2024-02-22 01:45 - 2024-02-22 01:45 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-22 01:42 - 2024-02-22 01:43 - 000000000 ___HD C:\$WinREAgent
2024-02-22 01:23 - 2024-02-22 01:25 - 000000000 ____D C:\AdwCleaner
2024-02-22 01:23 - 2024-02-22 01:23 - 008797968 _____ (Malwarebytes) C:\Users\Christopher\Downloads\adwcleaner.exe
2024-02-22 01:19 - 2024-02-22 01:19 - 002585496 _____ (Malwarebytes) C:\Users\Christopher\Downloads\MBSetup.exe
2024-02-22 01:16 - 2024-02-22 03:18 - 000000000 ____D C:\FRST
2024-02-22 01:15 - 2024-02-22 01:15 - 002386944 _____ (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2024-02-22 00:58 - 2024-02-22 02:45 - 000000000 ____D C:\Users\Christopher\AppData\Local\Malwarebytes
2024-02-22 00:57 - 2024-02-22 01:22 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-22 00:57 - 2024-02-22 01:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-22 00:57 - 2024-02-22 01:21 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-20 23:20 - 2024-02-20 23:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-02-19 13:28 - 2024-02-19 13:28 - 000927065 _____ C:\Users\Christopher\Downloads\MAN 647 SIHRM_overview 2024.pdf
2024-02-19 13:27 - 2024-02-19 13:27 - 006659530 _____ C:\Users\Christopher\Downloads\MAN 647 SIHRM lecture slides.pdf
2024-02-18 03:52 - 2024-02-19 12:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-17 21:25 - 2024-02-17 21:25 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Java
2024-02-17 20:47 - 2024-02-17 20:48 - 000000000 ___HD C:\ProgramData\DNTException
2024-02-17 20:46 - 2024-02-17 20:46 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\Atlantis
2024-02-17 20:46 - 2024-02-17 20:46 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\UIRmake
2024-02-17 20:46 - 2024-02-17 20:46 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Atlantis
2024-02-17 20:46 - 2024-02-17 20:46 - 000000000 ____D C:\ProgramData\Canon_Inc_IC
2024-02-17 20:46 - 2024-02-17 20:46 - 000000000 ____D C:\ProgramData\Atlantis
2024-02-17 19:34 - 2024-02-17 19:34 - 000001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2024-02-17 19:34 - 2024-02-17 19:34 - 000000000 ____D C:\Users\Christopher\AppData\Local\EpicGamesLauncher
2024-02-15 22:20 - 2024-02-15 22:20 - 000000797 _____ C:\Users\Christopher\OneDrive\Desktop\World of Tanks EU.lnk
2024-02-13 02:16 - 2024-02-13 02:16 - 001468407 _____ C:\Users\Christopher\Downloads\Lecture 1.pdf
2024-02-13 02:01 - 2024-02-13 02:01 - 001362936 _____ C:\Users\Christopher\Downloads\Lecture 0.pdf
2024-02-13 01:43 - 2024-02-13 01:43 - 006957226 _____ C:\Users\Christopher\Downloads\Training and Development - Part 1 - Part 3 (2.0) (Macro).pdf
2024-02-09 14:35 - 2024-02-18 00:40 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2024-02-09 14:35 - 2024-02-15 22:36 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Wargaming.net
2024-02-09 14:35 - 2024-02-09 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2024-02-09 14:35 - 2024-02-09 14:35 - 000000000 ____D C:\Program Files (x86)\Wargaming.net
2024-02-09 14:33 - 2024-02-15 22:18 - 000000000 ____D C:\ProgramData\Wargaming.net
2024-02-09 12:56 - 2024-02-09 12:56 - 000000000 ____D C:\Users\Christopher\AppData\Local\ReadyOrNot
2024-02-09 12:56 - 2024-02-09 12:56 - 000000000 ____D C:\Users\Christopher\AppData\Local\mod.io
2024-02-08 20:43 - 2024-02-08 20:43 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\Bithell Games
2024-02-07 13:42 - 2024-02-07 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-02-07 13:42 - 2024-02-07 13:42 - 000000000 ____D C:\Program Files\LGHUB
2024-02-06 21:46 - 2024-02-06 21:46 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\EA
2024-02-06 21:34 - 2024-02-06 21:46 - 000000000 ____D C:\Program Files\EA
2024-02-06 21:34 - 2024-02-06 21:34 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2024-02-06 21:34 - 2024-02-06 21:34 - 000000000 ____D C:\ProgramData\eaanticheat
2024-02-06 21:20 - 2024-02-06 21:20 - 000000000 ____D C:\Users\Christopher\AppData\Local\Link2EA
2024-02-05 18:51 - 2024-02-08 18:36 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\EasyAntiCheat
2024-02-05 10:35 - 2024-02-05 10:35 - 000000000 ____D C:\WINDOWS\Panther
2024-02-05 03:18 - 2024-02-05 03:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2024-02-05 00:07 - 2024-02-05 00:08 - 000000000 ____D C:\Users\Christopher\AppData\Local\DayZ Launcher
2024-02-05 00:07 - 2024-02-05 00:08 - 000000000 ____D C:\Users\Christopher\AppData\Local\DayZ
2024-02-05 00:07 - 2024-02-05 00:07 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\DayZ
2024-02-05 00:07 - 2024-02-05 00:07 - 000000000 ____D C:\Users\Christopher\AppData\Local\Bohemia_Interactive_a.s
2024-02-04 18:38 - 2024-02-04 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2024
2024-02-04 18:37 - 2024-02-04 18:37 - 000000000 ____D C:\Program Files\WISO
2024-01-31 23:46 - 2024-02-15 23:50 - 000000000 ____D C:\Users\Christopher\AppData\Local\BattlEye
2024-01-31 22:20 - 2024-01-31 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2024-01-31 22:20 - 2024-01-31 22:20 - 000000000 ____D C:\ProgramData\Battlestate Games
2024-01-28 19:35 - 2024-01-28 19:35 - 000000000 ____D C:\ProgramData\obs-studio
2024-01-24 21:36 - 2024-01-19 00:38 - 002095464 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-01-24 21:36 - 2024-01-19 00:38 - 002095464 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-01-24 21:36 - 2024-01-19 00:38 - 001655656 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-01-24 21:36 - 2024-01-19 00:38 - 001655656 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-01-24 21:36 - 2024-01-19 00:38 - 001278720 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-01-24 21:36 - 2024-01-19 00:38 - 001278720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-01-24 21:36 - 2024-01-19 00:37 - 001487376 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-01-24 21:36 - 2024-01-19 00:37 - 001434472 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-01-24 21:36 - 2024-01-19 00:37 - 001434472 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-01-24 21:36 - 2024-01-19 00:37 - 001226768 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-01-24 21:36 - 2024-01-19 00:33 - 001542176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-01-24 21:36 - 2024-01-19 00:33 - 001199112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-01-24 21:36 - 2024-01-19 00:33 - 001040504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-01-24 21:36 - 2024-01-19 00:33 - 000670344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-01-24 21:36 - 2024-01-19 00:33 - 000505992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-01-24 21:36 - 2024-01-19 00:32 - 002173984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-01-24 21:36 - 2024-01-19 00:32 - 001625736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-01-24 21:36 - 2024-01-19 00:32 - 001023608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-01-24 21:36 - 2024-01-19 00:32 - 000841848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-01-24 21:36 - 2024-01-19 00:32 - 000787064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-01-24 21:36 - 2024-01-19 00:31 - 016032784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-01-24 21:36 - 2024-01-19 00:31 - 012928120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-01-24 21:36 - 2024-01-19 00:31 - 006781064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-01-24 21:36 - 2024-01-19 00:31 - 005907464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-01-24 21:36 - 2024-01-19 00:31 - 005772920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-01-24 21:36 - 2024-01-19 00:31 - 003721224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-01-24 21:36 - 2024-01-19 00:31 - 000459912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-01-24 21:36 - 2024-01-19 00:30 - 000853000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-01-24 21:36 - 2024-01-18 12:32 - 000120271 _____ C:\WINDOWS\system32\nvinfo.pb
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-02-22 03:15 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-22 03:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-22 03:09 - 2022-09-21 19:25 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-22 03:09 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-02-22 03:03 - 2024-01-06 13:07 - 000000440 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2024-02-22 03:03 - 2023-08-24 20:14 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\asus_framework
2024-02-22 03:03 - 2022-09-21 19:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-22 03:03 - 2022-09-21 19:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-22 03:03 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-22 03:03 - 2021-09-08 01:00 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-22 03:03 - 2021-09-07 19:28 - 000000000 ____D C:\Users\Christopher\AppData\Local\LGHUB
2024-02-22 03:03 - 2021-09-07 19:25 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-22 03:02 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-02-22 02:56 - 2023-08-31 22:51 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\G HUB
2024-02-22 02:48 - 2022-09-21 19:22 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-02-22 02:39 - 2021-09-07 19:36 - 000000000 ____D C:\Program Files (x86)\Steam
2024-02-22 02:21 - 2021-09-07 19:12 - 000000000 ____D C:\Users\Christopher\AppData\Local\Google
2024-02-22 02:13 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-22 02:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-22 02:13 - 2021-09-07 19:10 - 000000000 ____D C:\Users\Christopher\AppData\Local\D3DSCache
2024-02-22 02:10 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-22 02:10 - 2021-09-07 19:10 - 000000000 ____D C:\Users\Christopher\AppData\Local\Packages
2024-02-22 02:10 - 2021-09-07 19:10 - 000000000 ____D C:\ProgramData\Packages
2024-02-22 02:05 - 2021-09-07 19:36 - 000000000 ____D C:\Users\Christopher\AppData\Local\Steam
2024-02-22 01:55 - 2022-09-21 18:46 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Spelling
2024-02-22 01:54 - 2021-09-08 01:00 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-22 01:53 - 2022-09-21 19:22 - 000480392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-22 01:52 - 2023-11-22 19:28 - 000000000 ____D C:\Program Files\Hyper-V
2024-02-22 01:52 - 2023-07-04 09:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2024-02-22 01:52 - 2022-05-07 11:39 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-02-22 01:52 - 2022-05-07 11:39 - 000000000 ____D C:\WINDOWS\InboxApps
2024-02-22 01:52 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-02-22 01:52 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2024-02-22 01:52 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\de
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\WUModels
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2024-02-22 01:52 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-22 01:52 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2024-02-22 01:50 - 2022-05-07 11:39 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-22 01:50 - 2022-05-07 11:39 - 000023775 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-22 01:50 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-22 01:50 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-22 01:47 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-22 01:46 - 2022-09-21 19:25 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-22 01:43 - 2021-09-07 23:05 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\discord
2024-02-22 01:42 - 2021-09-07 23:05 - 000000000 ____D C:\Users\Christopher\AppData\Local\Discord
2024-02-22 01:41 - 2021-09-09 21:04 - 000000000 ____D C:\Program Files\dotnet
2024-02-22 01:41 - 2021-09-07 21:00 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-22 01:41 - 2021-09-07 20:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-22 01:41 - 2021-09-07 19:13 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-22 01:39 - 2021-09-07 20:59 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-22 01:21 - 2023-09-13 22:22 - 000000000 ____D C:\Users\Christopher\AppData\Local\WeMod
2024-02-22 01:21 - 2023-06-05 13:54 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\WeMod
2024-02-22 01:21 - 2021-10-13 10:41 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2024-02-22 00:57 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-22 00:46 - 2021-09-09 09:38 - 000000000 ____D C:\ProgramData\EA Desktop
2024-02-22 00:46 - 2021-09-07 20:41 - 000000000 ____D C:\Users\Christopher\AppData\Local\Ubisoft Game Launcher
2024-02-22 00:41 - 2021-09-14 20:01 - 000000000 ____D C:\Program Files\ASUS
2024-02-21 00:22 - 2021-09-09 09:46 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\TS3Client
2024-02-20 23:20 - 2021-09-07 19:16 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-20 01:32 - 2021-09-08 12:05 - 000000000 ____D C:\Users\Christopher\AppData\Local\Battle.net
2024-02-19 23:36 - 2023-11-22 22:09 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2024-02-19 12:08 - 2021-09-07 21:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-18 12:29 - 2021-09-07 21:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-18 02:17 - 2021-09-08 11:58 - 000000000 ____D C:\Users\Christopher\AppData\Local\CrashDumps
2024-02-17 20:34 - 2021-09-07 20:41 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2024-02-17 19:35 - 2021-09-07 19:37 - 000000000 ____D C:\ProgramData\Epic
2024-02-17 19:34 - 2021-09-07 19:37 - 000000000 ____D C:\Program Files (x86)\Epic Games
2024-02-17 11:46 - 2021-09-09 20:31 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-02-17 00:49 - 2022-03-02 15:16 - 000000000 ____D C:\Games
2024-02-17 00:01 - 2022-09-21 19:25 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2108826960-4211556212-834145737-1001
2024-02-17 00:01 - 2022-09-21 19:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-02-17 00:01 - 2021-09-07 20:12 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 11:43 - 2022-10-22 21:18 - 000095848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-02-16 11:43 - 2022-10-22 21:18 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-02-16 11:43 - 2021-11-18 11:20 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-02-16 11:43 - 2021-09-07 21:38 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-02-16 11:43 - 2021-09-07 21:38 - 000689656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-02-16 11:43 - 2021-09-07 21:38 - 000218728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-02-16 11:43 - 2021-09-07 21:38 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-02-16 11:43 - 2021-09-07 20:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-15 10:48 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-14 01:21 - 2022-10-17 17:30 - 000002085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-14 01:21 - 2022-09-21 19:25 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-06 21:46 - 2023-12-27 20:20 - 000000000 ____D C:\ProgramData\Packer
2024-02-06 21:46 - 2021-12-30 17:29 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\Battlefield 2042
2024-02-06 21:46 - 2021-09-22 16:58 - 000000000 ____D C:\ProgramData\Origin
2024-02-06 17:44 - 2023-02-05 22:34 - 000000000 ____D C:\WINDOWS\Minidump
2024-02-06 17:39 - 2021-09-09 09:26 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Word
2024-02-06 17:30 - 2022-09-21 18:46 - 000000000 ____D C:\Users\Christopher
2024-02-05 21:29 - 2022-09-21 19:25 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-05 21:29 - 2022-09-21 19:25 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-04 23:38 - 2022-10-17 21:39 - 000000000 ____D C:\Program Files (x86)\wsr
2024-02-04 21:17 - 2023-12-30 16:34 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\Battlestate Games
2024-02-04 19:55 - 2023-12-30 13:42 - 000000000 ____D C:\Battlestate Games
2024-02-04 18:42 - 2021-09-07 21:23 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\steuer
2024-02-04 18:38 - 2021-12-30 21:04 - 000000000 ____D C:\Users\Christopher\AppData\Local\Buhl
2024-02-04 18:37 - 2021-12-30 21:03 - 000000000 ____D C:\ProgramData\Buhl Data Service GmbH
2024-02-04 18:37 - 2021-09-07 21:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-02-03 20:56 - 2021-10-18 22:27 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2024-02-01 22:15 - 2021-09-07 19:28 - 000000000 ____D C:\Users\Christopher\AppData\Local\NVIDIA
2024-01-31 22:20 - 2023-12-30 13:42 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Battlestate Games
2024-01-31 22:20 - 2023-12-30 13:42 - 000000000 ____D C:\Users\Christopher\AppData\Local\Battlestate Games
2024-01-30 13:57 - 2022-05-30 20:58 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\obs-studio
2024-01-30 13:54 - 2021-09-07 22:29 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Elgato
2024-01-28 09:13 - 2021-09-08 12:42 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Excel
2024-01-25 14:55 - 2021-09-08 12:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-03-06 14:59 - 2023-03-16 20:45 - 000015648 _____ () C:\Users\Christopher\AppData\Roaming\-1271964237
2023-06-16 13:29 - 2024-01-17 00:02 - 000000128 _____ () C:\Users\Christopher\AppData\Roaming\winscp.rnd
2021-12-19 17:44 - 2021-12-19 17:44 - 000000389 _____ () C:\Users\Christopher\AppData\Roaming\x4jo2D4GcQ
2022-08-09 15:47 - 2022-08-09 15:47 - 000005966 _____ () C:\Users\Christopher\AppData\Local\1661597446
2022-03-14 19:30 - 2022-03-14 19:30 - 000006246 _____ () C:\Users\Christopher\AppData\Local\2240114613
2023-04-16 13:48 - 2023-04-16 13:48 - 000003998 _____ () C:\Users\Christopher\AppData\Local\3260404094
2023-06-09 12:50 - 2024-01-15 10:45 - 000005254 _____ () C:\Users\Christopher\AppData\Local\357009403
2022-11-25 20:58 - 2022-11-25 20:58 - 000006254 _____ () C:\Users\Christopher\AppData\Local\3663574423
2023-05-17 19:13 - 2023-05-17 19:13 - 000005382 _____ () C:\Users\Christopher\AppData\Local\91114846003
2023-04-17 21:05 - 2023-04-17 21:05 - 000005998 _____ () C:\Users\Christopher\AppData\Local\9154164905
2023-05-21 13:23 - 2023-05-21 13:23 - 000005894 _____ () C:\Users\Christopher\AppData\Local\92328901638
2023-03-19 20:53 - 2023-03-19 20:53 - 000006598 _____ () C:\Users\Christopher\AppData\Local\92557321650
2023-02-21 19:34 - 2023-02-21 19:34 - 000006598 _____ () C:\Users\Christopher\AppData\Local\92580481036
2023-02-23 22:19 - 2023-02-23 22:19 - 000006598 _____ () C:\Users\Christopher\AppData\Local\92761170034
2023-03-01 21:47 - 2023-03-09 19:00 - 000006598 _____ () C:\Users\Christopher\AppData\Local\93803181808
2023-12-08 00:46 - 2023-12-08 00:46 - 000005998 _____ () C:\Users\Christopher\AppData\Local\9437468409
2021-09-08 14:08 - 2022-02-11 04:22 - 000007602 _____ () C:\Users\Christopher\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
22.02.2024, 03:31
| #2 |
| | Windows 11: Möglicherweise einen Keylogger eingefangen Addition:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
durchgeführt von Christopher (22-02-2024 03:19:26)
Gestartet von C:\Users\Christopher\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.3155 (X64) (2022-09-23 16:35:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-2108826960-4211556212-834145737-500 - Administrator - Disabled)
Christopher (S-1-5-21-2108826960-4211556212-834145737-1001 - Administrator - Enabled) => C:\Users\Christopher
DefaultAccount (S-1-5-21-2108826960-4211556212-834145737-503 - Limited - Disabled)
Gast (S-1-5-21-2108826960-4211556212-834145737-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2108826960-4211556212-834145737-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.008.20533 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version: - Ubisoft)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.7.9 - ASUS)
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{49c4358d-054e-4cf1-9ec1-dca3487f304a}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.39 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.6.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{d35a8ff5-8767-4eea-bce5-b79f0759967e}) (Version: 0.0.6.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 4.0.0.9 - ASUSTeK Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.107 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{6FB66775-BB93-4D0A-9871-4CC9B2E87BF3}) (Version: 1.1.23 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{179f415f-2ff3-4db1-bcc1-d5730f746db8}) (Version: 1.1.23 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.42 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.42 - ASUS)
AURA Service (HKLM-x32\...\{56EEEF7D-0AE3-401A-898B-581719D005AE}) (Version: 3.07.33 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{8c7eaca7-3c49-433c-b087-eaf0abb806d9}) (Version: 3.07.33 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield™ 2042 (HKLM-x32\...\{45e281f3-1414-47ea-bb64-4f50d50121f3}) (Version: 1.0.77.39325 - Electronic Arts)
Battlestate Games Launcher 14.0.1.2319 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 14.0.1.2319 - Battlestate Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.08025 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{ECB9C055-4ECE-438C-AC50-2B09D76377D6}) (Version: 4.10.08025 - Cisco Systems, Inc.) Hidden
CPUID CPU-Z Aorus 2.05 (HKLM\...\CPUID CPU-Z Aorus_is1) (Version: 2.05 - CPUID, Inc.)
CPUID HWMonitor 1.52 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.52 - CPUID, Inc.)
Creative App Version 1.13.07.00 (HKLM-x32\...\Creative App_is1) (Version: 1.13.07.00 - Creative Technology Ltd.)
CrystalDiskInfo 8.17.14 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.14 - Crystal Dew World)
Discord (HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Dolby Digital Live Pack Version 5.02.00 (HKLM-x32\...\DDLMaster_is1) (Version: 5.02.00 - Creative Technology Ltd.)
DTS Connect Pack Version 3.02.00 (HKLM-x32\...\DTSMaster_is1) (Version: 3.02.00 - Creative Technology Ltd.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.133.0.5646 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{e3be0f5e-92ee-4990-a4b5-4a6c76e343cc}) (Version: 13.133.0.5646 - Electronic Arts)
Elgato 4K Capture Utility (HKLM\...\{784B7194-44A6-4546-9133-D221B084C23E}) (Version: 1.7.10.4971 - Corsair Memory, Inc.)
Elgato Game Capture HD (HKLM\...\{61992573-D995-4F0D-AB57-4747D3C5320D}) (Version: 3.70.55.3055 - Elgato Systems GmbH)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.48.6 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{2f11e68d-297d-4e28-80e0-b98178606bea}) (Version: 1.1.48.6 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.3.44 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{deca4146-7b38-4743-854b-105eddb7331b}) (Version: 1.0.3.44 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{79e8502b-eaf7-4831-b53d-2da128540d16}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.8.0 - ENE Tech) Hidden
ENE_X-JMI_HAL (HKLM-x32\...\{7eeee667-b295-4acd-9a4e-1160421db765}) (Version: 1.0.8.0 - ENE Tech) Hidden
Epic Games Launcher (HKLM-x32\...\{9483ABD9-C772-487B-ADF8-09347CF8F2D2}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.14.0.1.28476 - Battlestate Games)
Escape from Tarkov: Arena (HKLM-x32\...\EscapeFromTarkovArena_live) (Version: 0.0.0.0.0 - Battlestate Games)
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.73.27 - GOG.com)
Intel(R) Network Connections 25.6.0.4 (HKLM\...\{8DB3497D-41AF-423B-9027-D885A28857AB}) (Version: 25.6.0.4 - Intel) Hidden
Intel(R) Network Connections 25.6.0.4 (HKLM\...\PROSetDX) (Version: 25.6.0.4 - Intel)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.19 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{33f6b854-2612-4216-ac10-ab6bf158ce06}) (Version: 1.1.19 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.1.515200 - Logitech)
Malwarebytes version 5.0.17.99 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Teams) (Version: 1.6.00.29964 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 122.0.1 (x64 de)) (Version: 122.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0 - Mozilla)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 551.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{CDF020C8-419E-4887-84DB-0C1577773738}) (Version: 2.2.0 - Paradox Interactive)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{1d74a898-7a92-484d-8f3b-e3b68dfb1264}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{6e0eff60-c502-43bb-8f56-360ca07e73d9}) (Version: 1.1.0.3 - Patriot Memory) Hidden
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9126.1 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.22.0713.1 - Gigabyte)
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.3.6.0 - ASUSTek COMPUTER INC.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.56.0 - TechPowerUp)
TunnelBear (HKLM-x32\...\{c99146dd-e09d-4881-b76b-2d7bc1b30806}) (Version: 4.8.0.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{E7AEA528-0D3E-4A22-B516-9EC97C636E42}) (Version: 4.8.0.0 - TunnelBear) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 143.0.10894 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.6 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{82f9b0cd-20fe-4ed6-a632-ef6daefb3c0d}) (Version: 1.0.0.6 - PD) Hidden
VGA (HKLM-x32\...\{0f87ebb7-aabb-43e5-9c5d-28744f517468}) (Version: 3.01.04 - ASUSTek Computer Inc.)
Wall Street Raider 9.52 (HKLM-x32\...\Wall Street Raider_is1) (Version: - Ronin Software)
Wargaming.net Game Center (HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Wargaming.net Game Center) (Version: 23.7.0.4683 - Wargaming.net)
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows-Treiberpaket - libusbK Nintendo Switch APX Mode (04/27/2014 3.0.7.0) (HKLM\...\5C4BD94286C931BB5D47200B4AF1D1B99B3C08AB) (Version: 04/27/2014 3.0.7.0 - libusbK)
WinSCP 6.1.2 (HKLM-x32\...\winscp3_is1) (Version: 6.1.2 - Martin Prikryl)
WISO Steuer 2024 (HKLM-x32\...\{B4A28B85-136D-45BA-B7D8-396E8F738F23}) (Version: 31.03.3510 - Buhl Data Service GmbH)
World of Tanks EU (HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\1247805424) (Version: - Wargaming.net)
Zoom (HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\ZoomUMX) (Version: 5.16.5 (24296) - Zoom Video Communications, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-02-14] ()
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.7.9.0_x64__qmba6cd70vzyy [2024-02-06] (ASUSTeK COMPUTER INC.)
Atomic Heart -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.579645D26CFD_1.13.3.0_x64__4hny5m903y3g0 [2024-02-16] (Focus Home Interactive SA)
Battletoads -> C:\Program Files\WindowsApps\Microsoft.Frogspawn_1.4.2718.0_x64__8wekyb3d8bbwe [2024-02-20] (Microsoft Studios)
Celeste -> C:\Program Files\WindowsApps\MattMakesGamesInc.Celeste_20.9.11.2_x64__79daxvg0dq3v6 [2021-09-08] (Matt Makes Games Inc.)
Citizen Sleeper -> C:\Program Files\WindowsApps\SurpriseAttackPtyLtd.CitizenSleeper_1.4.7.0_x64__8k24hnfn3vvj0 [2024-02-09] (Surprise Attack Pty Ltd)
Coffee Talk EP2 -> C:\Program Files\WindowsApps\ChorusWorldwideGames.CoffeeTalkEP2_1.12.0.0_x64__3e08f9hn67c02 [2024-01-16] (Chorus Worldwide Games)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-02-22] (Microsoft Corporation)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2023.11.13.0_neutral__6rarf9sa4v8jt [2024-02-22] (Disney)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.20.2035.0_x64__rz1tebttyb220 [2024-02-02] (Dolby Laboratories)
Gears Tactics -> C:\Program Files\WindowsApps\Microsoft.GanderBaseGame_1.0.151.0_x64__8wekyb3d8bbwe [2024-02-18] (Microsoft Studios)
Hades -> C:\Program Files\WindowsApps\SupergiantGamesLLC.Hades_1.0.38246.0_x64__q53c1yqmx7pha [2024-02-21] (Supergiant Games, LLC)
Halo Infinite -> C:\Program Files\WindowsApps\Microsoft.254428597CFE2_1.3988.29590.0_x64__8wekyb3d8bbwe [2024-02-17] (Microsoft Studios)
Halo: The Master Chief Collection -> C:\Program Files\WindowsApps\Microsoft.Chelan_1.3385.0.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Studios)
Hi-Fi RUSH -> C:\Program Files\WindowsApps\BethesdaSoftworks.Hibiki_1.8.1.0_x64__3275kfvn8vcwc [2024-01-25] (Bethesda Softworks)
Instagram -> C:\Program Files\WindowsApps\www.instagram.com-3D2AAE46_42.0.21.1_neutral__ysfa6mcnwr1rw [2024-02-22] (www.instagram.com)
LEGO Star Wars: The Skywalker Saga -> C:\Program Files\WindowsApps\WarnerBros.Interactive.LEGOStarWarsTheSkywalkerSag_1.10.1.0_x64__ktmk1xygcecda [2023-05-04] (Warner Bros. Interactive)
Metro 2033 Redux -> C:\Program Files\WindowsApps\DeepSilver.Metro2033Redux_1.0.8.0_x64__hmv7qcest37me [2023-07-24] (Koch Media GmbH)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-09-03] (Microsoft Corporation) [MS Ad]
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-22] (Microsoft Corporation)
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.20.6201.0_x64__8wekyb3d8bbwe [2024-02-17] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.7.2.0_x64__8wekyb3d8bbwe [2024-02-17] (Microsoft Studios)
NINJA GAIDEN 3: Razor's Edge -> C:\Program Files\WindowsApps\946B6A6E.NINJAGAIDEN3RazorsEdge_1.0.4.0_x64__dkffhzhmh6pmy [2022-12-13] (KOEI TECMO GAMES Co., Ltd.)
NINJA GAIDEN Σ -> C:\Program Files\WindowsApps\946B6A6E.NINJAGAIDENSIGMA_1.0.5.0_x64_NAEU_dkffhzhmh6pmy [2022-12-13] (KOEI TECMO GAMES Co., Ltd.)
NINJA GAIDEN Σ2 -> C:\Program Files\WindowsApps\946B6A6E.NINJAGAIDENSIGMA2_1.0.3.0_x64_NAEU_dkffhzhmh6pmy [2022-12-13] (KOEI TECMO GAMES Co., Ltd.)
No Man's Sky -> C:\Program Files\WindowsApps\HelloGames.NoMansSky_4.51.0.0_x64__bs190hzg1sesy [2024-02-16] (Hello Games)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2024-01-24] (NVIDIA Corp.)
Old Mars -> C:\Program Files\WindowsApps\BethesdaSoftworks.PGPreorderContentwPkg_0.0.7.0_x64__3275kfvn8vcwc [2023-09-01] (Bethesda Softworks)
Ori And The Will Of The Wisps -> C:\Program Files\WindowsApps\Microsoft.Patagonia_1.0.8978.0_x64__8wekyb3d8bbwe [2022-03-02] (Microsoft Studios)
Palworld -> C:\Program Files\WindowsApps\PocketpairInc.Palworld_0.0.47591.0_x64__ad4psfrxyesvt [2024-02-08] (Pocketpair, Inc)
Persona 3 Portable -> C:\Program Files\WindowsApps\SEGAofAmericaInc.M0cb6b3aet_1.0.29.0_x64__s751p9cej88mt [2023-05-21] (SEGA of America, Inc.)
Persona 3 Reload -> C:\Program Files\WindowsApps\SEGAofAmericaInc.L0cb6b3aea_1.0.75.0_x64__s751p9cej88mt [2024-01-30] (SEGA of America, Inc.)
Persona 4 Golden -> C:\Program Files\WindowsApps\SEGAofAmericaInc.D0cb6b3aet_1.0.34.0_x64__s751p9cej88mt [2023-06-09] (SEGA of America, Inc.)
Persona 5 Tactica -> C:\Program Files\WindowsApps\SEGAofAmericaInc.s0cb6b3ael_1.0.59.0_x64__s751p9cej88mt [2023-12-18] (SEGA of America, Inc.)
Psychonauts 2 -> C:\Program Files\WindowsApps\Microsoft.Psychonauts2_1.0.25.0_x64__8wekyb3d8bbwe [2024-02-17] (Microsoft Studios)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.24.244.0_x64__dt26b99r8h8gj [2023-10-06] (Realtek Semiconductor Corp)
Senua’s Saga: Hellblade II -> C:\Program Files\WindowsApps\Microsoft.Superb_0.0.2.0_x64__8wekyb3d8bbwe [2024-01-22] (Microsoft Studios)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0 [2024-02-15] (Spotify AB) [Startup Task]
Starfield -> C:\Program Files\WindowsApps\BethesdaSoftworks.ProjectGold_1.9.67.0_x64__3275kfvn8vcwc [2024-02-22] (Bethesda Softworks)
Teenage Mutant Ninja Turtles: Shredder's Revenge -> C:\Program Files\WindowsApps\DotEmu.TeenageMutantNinjaTurtlesShreddersRevenge_1.2311.10.0_x64__map6zyh9ym1xy [2023-12-07] (DotEmu)
The Outer Worlds -> C:\Program Files\WindowsApps\PrivateDivision.TheOuterWorldsWindows10_1.5.696.0_x64__hv3d7yfbgr2rp [2024-02-19] (Private Division)
TOEM -> C:\Program Files\WindowsApps\SomethingWeMade.TOEM_3.0.13.0_x64__3b9evzcrg4em8 [2023-07-20] (Something We Made)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-22] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2108826960-4211556212-834145737-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23270.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2108826960-4211556212-834145737-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2108826960-4211556212-834145737-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Christopher\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_1b8f9115c198ff0c\nvshext.dll [2024-01-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-22] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2023-08-30 16:19 - 2023-08-30 16:19 - 000030720 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.Wrapper.dll
2023-08-24 19:39 - 2023-04-14 13:18 - 000186368 _____ () [Datei ist nicht signiert] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ac_node_addon\build\Release\ac_node_addon.node
2023-08-24 19:39 - 2023-04-14 13:18 - 000175104 _____ () [Datei ist nicht signiert] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ffi-napi\build\Release\ffi_bindings.node
2023-08-24 19:39 - 2023-04-14 13:18 - 000159744 _____ () [Datei ist nicht signiert] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ref-napi\prebuilds\win32-ia32\electron.napi.node
2023-08-24 19:39 - 2023-04-14 13:18 - 000319488 _____ () [Datei ist nicht signiert] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\sharp\build\Release\sharp-win32-ia32.node
2023-08-24 19:39 - 2023-04-26 15:06 - 000541696 _____ () [Datei ist nicht signiert] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\usb\prebuilds\win32-ia32\node.napi.node
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () <==== ACHTUNG [Null Byte Datei/Ordner] \\?\C:\Users\Christopher\AppData\Roaming\Java\jre8\bin\java.exe:jll
2021-12-27 08:04 - 2021-12-27 08:04 - 000047104 _____ (CTI) [Datei ist nicht signiert] C:\Program Files\ENE\Aac_ENE_DRAM_RGB_AIO\x86\MsIo32_ENE.dll
2021-09-07 20:12 - 2021-09-07 20:12 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2021-09-07 20:12 - 2021-09-07 20:12 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\sharepoint.com -> hxxps://bwedu-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 10:14 - 2024-02-19 23:42 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts
2024-01-06 13:07 - 2024-02-22 03:03 - 000000440 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.31.32.1 Chris-Ryzen.mshome.net # 2029 2 2 20 2 3 15 293
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img19.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_741E772D9DD9CECA94A4FC008585852B"
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{369E47C3-A8A2-4B06-9C56-9A6D1DF387A4}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe] => (Allow) E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{29F7DC2C-42EE-4685-9EDD-BB7262942A14}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe] => (Allow) E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{8BE5DA2F-9606-4BA9-B144-F6CD3B4FBCE9}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C39EBB94-049E-4C7A-A1DD-35A6E96F4146}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{C7D590EE-9D44-43C1-8EC1-3C0A7EEC399C}C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe => Keine Datei
FirewallRules: [TCP Query User{28BD023F-032A-4026-96E2-84AADE5FA935}C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{9725D5BF-C062-49F5-8488-BBC001EF9538}C:\users\christopher\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\christopher\appdata\local\discord\app-1.0.9005\discord.exe => Keine Datei
FirewallRules: [TCP Query User{D9006DAB-9C5C-4BFA-9C23-9A5E421072A3}C:\users\christopher\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\christopher\appdata\local\discord\app-1.0.9005\discord.exe => Keine Datei
FirewallRules: [UDP Query User{3082B12C-4855-4744-AECA-BB56BE7DFED7}E:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{5A0A3020-FA21-4D49-A17B-82138A189608}E:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => Keine Datei
FirewallRules: [{9734306A-F55C-4684-950F-9E33D0EC7956}] => (Allow) E:\SteamLibrary\steamapps\common\Raft\Raft.exe () [Datei ist nicht signiert]
FirewallRules: [{07D168CB-1FC4-4D82-A183-3122B3587ED5}] => (Allow) E:\SteamLibrary\steamapps\common\Raft\Raft.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{9DC8FE30-80C7-4A8F-968F-9745F420ADCB}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => Keine Datei
FirewallRules: [TCP Query User{5FA6358B-521A-4E3B-9844-04EEDBA45F60}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => Keine Datei
FirewallRules: [UDP Query User{39CB7B57-E26A-467E-8CE5-5AE9137625EC}C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe => Keine Datei
FirewallRules: [TCP Query User{0FEB6609-E660-497B-A43E-5AECFCBDE6F1}C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.32.0\tidal.exe => Keine Datei
FirewallRules: [{BDE2FBA5-FEED-4C1A-BF7C-3E276729F10F}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => Keine Datei
FirewallRules: [{B33AA23C-1A02-46BD-B07B-6E7891B9E2F3}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => Keine Datei
FirewallRules: [{5C764E26-38EB-4A78-85DE-17A9A0D648A9}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => Keine Datei
FirewallRules: [{8F3D4903-A6D9-4138-A79C-A374B4F91187}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => Keine Datei
FirewallRules: [{7295118D-DF0F-4CDC-B41B-533798AD3C00}] => (Allow) E:\SteamLibrary\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe => Keine Datei
FirewallRules: [{6DB67D1A-1803-47AF-97F5-30DE666AF441}] => (Allow) E:\SteamLibrary\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe => Keine Datei
FirewallRules: [{CA9E4EEA-4D82-4DBA-B4DD-5EBCEF482297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => Keine Datei
FirewallRules: [{FE8F5612-0080-4AFE-B1C6-2ADA90AF6C4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => Keine Datei
FirewallRules: [{C463914E-FFA8-49B1-93AC-081393E8D4C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => Keine Datei
FirewallRules: [{6CB2A2EC-B0AB-4824-B205-63061F3B6EF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => Keine Datei
FirewallRules: [{705516EE-4FDA-4C35-9DFD-B4421C6EBC74}] => (Allow) E:\SteamLibrary\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [Datei ist nicht signiert]
FirewallRules: [{1D5962B4-7A10-48AA-8EF3-E425AC6EE4DF}] => (Allow) E:\SteamLibrary\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{192F8CE1-76B3-49B0-914E-BC571D5ACAF9}C:1\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe] => (Allow) C:1\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{A92BF19F-FF98-4279-AF34-8D9B5A689AB9}C:1\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe] => (Allow) C:1\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe => Keine Datei
FirewallRules: [{CC5F6A88-2AF8-4A63-8716-08208B8ACAD8}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => Keine Datei
FirewallRules: [{A4042176-1645-4F60-99A4-608BF01E6606}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => Keine Datei
FirewallRules: [{BFC47A4F-E3EC-48AF-8AB2-F296804B1EF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => Keine Datei
FirewallRules: [{19235DCB-A2A6-4A78-87E1-98B8E55FF218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => Keine Datei
FirewallRules: [UDP Query User{BFA90CD1-2F8D-460B-9B1B-9DDB575E724D}C:\users\christopher\appdata\local\tidal\app-2.30.4\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.30.4\tidal.exe => Keine Datei
FirewallRules: [TCP Query User{58F6C9C7-3D15-405C-8D68-1D7DC743D59A}C:\users\christopher\appdata\local\tidal\app-2.30.4\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.30.4\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{C1FC94E3-6D2B-4B1D-9E48-3DC359426A6D}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe] => (Allow) E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{39C14C15-E0EC-44AB-A449-1E85F6AE13F4}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe] => (Allow) E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{368B5A56-6FC7-42CC-B373-98B7D972CFC4}C:6\haloinfinite.exe] => (Allow) C:6\haloinfinite.exe => Keine Datei
FirewallRules: [TCP Query User{DB7FEAD2-EDEF-4E14-ABE2-094CD0AD1092}C:6\haloinfinite.exe] => (Allow) C:6\haloinfinite.exe => Keine Datei
FirewallRules: [UDP Query User{C19B0EAE-52B1-4602-A719-5C4D62C14532}D:1\forzahorizon5.exe] => (Allow) D:1\forzahorizon5.exe => Keine Datei
FirewallRules: [TCP Query User{A6E26239-39A6-4C74-89D4-14F76463DC03}D:1\forzahorizon5.exe] => (Allow) D:1\forzahorizon5.exe => Keine Datei
FirewallRules: [UDP Query User{49F61E4A-B0FC-46D4-AF1D-845FAB4FED23}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E8D57455-A500-48C7-8B9F-FF1DE3A953F7}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{4AF26082-75F0-4FC4-95AE-0FC67F4E1006}C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe] => (Allow) C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe => Keine Datei
FirewallRules: [TCP Query User{A9AE98A6-1AB8-4A10-8129-0222CB7601C4}C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe] => (Allow) C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe => Keine Datei
FirewallRules: [UDP Query User{982F0EFC-DDC0-4B7C-B834-359D854DE117}C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe] => (Allow) C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe => Keine Datei
FirewallRules: [TCP Query User{8E8C038F-8237-43FA-BB42-C46586C72A9F}C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe] => (Allow) C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe => Keine Datei
FirewallRules: [UDP Query User{E7A75334-2147-425B-BE01-17D8EE47C867}C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe] => (Allow) C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe => Keine Datei
FirewallRules: [TCP Query User{709BA635-26D0-4867-9A68-BEB9CACD639E}C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe] => (Allow) C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe => Keine Datei
FirewallRules: [UDP Query User{68139A28-5529-4580-A723-44862FE72110}D:2\haloinfinite.exe] => (Allow) D:2\haloinfinite.exe => Keine Datei
FirewallRules: [TCP Query User{AF6CF742-4640-4990-ACB8-487780D49290}D:2\haloinfinite.exe] => (Allow) D:2\haloinfinite.exe => Keine Datei
FirewallRules: [UDP Query User{60C1AB2F-3BA1-4DCF-BEAB-C7B68C472014}C:9\haloinfinite.exe] => (Allow) C:9\haloinfinite.exe => Keine Datei
FirewallRules: [TCP Query User{D412BFD2-5EE6-4BAF-8EEF-721BFA1E6C93}C:9\haloinfinite.exe] => (Allow) C:9\haloinfinite.exe => Keine Datei
FirewallRules: [{DAFAE89E-F107-42D8-9E19-D74223E596DC}] => (Allow) E:\SteamLibrary\steamapps\common\Cloudpunk\City of Ghosts\Cloudpunk - City of Ghosts.exe () [Datei ist nicht signiert]
FirewallRules: [{5FF89AFE-F905-488D-B3D9-98549611E037}] => (Allow) E:\SteamLibrary\steamapps\common\Cloudpunk\City of Ghosts\Cloudpunk - City of Ghosts.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{6AA6AFDB-32B0-4411-9C56-7A62BF47D733}C:5\medium\binaries\wingdk\medium-wingdk-shipping.exe] => (Allow) C:5\medium\binaries\wingdk\medium-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{13B9BEE9-260E-418C-B4E0-462E14BF065C}C:5\medium\binaries\wingdk\medium-wingdk-shipping.exe] => (Allow) C:5\medium\binaries\wingdk\medium-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{FA8E1A76-07A8-4FF7-91E6-472F99C2032D}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{66580F24-F28A-48DC-A100-504AEC03AB3E}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{6D8B079A-AD8B-4FBB-8BCC-FFCEFD495C0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{12236A0D-E48B-4433-8C94-A18B4352E2A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{390BA36D-BA1F-46E0-8185-D00119D46F7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{43B9C125-E171-4A0B-BF31-D0A8A3D8AFA1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7A2A790D-8D02-4889-A302-C0DB346607B4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{63D836C2-06D0-413F-8EBF-33B861C3A6A6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{332278B0-A6CE-48E2-9F98-414C5342132E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9CAEA146-DBD6-4546-845D-DD881F8F3D40}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{145494DE-879D-4F8F-B5E9-043E73D472C5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F7B1F158-DCB1-47C9-AD82-EAD1EC056106}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56905248-48E5-4734-A12D-A61F39D6E3C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => Keine Datei
FirewallRules: [{077BB0FD-DE00-4EDC-A24C-8C24FC0C4F35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => Keine Datei
FirewallRules: [{3AAF6F68-BEFD-4CBA-AE57-3C89B2ADE5DE}] => (Allow) D:\SteamLibrary\steamapps\common\DOOMEternal\idTechLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [{73857C29-1FDD-45DF-AAFF-91D6C85380F7}] => (Allow) D:\SteamLibrary\steamapps\common\DOOMEternal\idTechLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{351CAF5F-4F32-4FE1-8E2C-5F0F823AEF50}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Keine Datei
FirewallRules: [UDP Query User{5E924110-054E-411E-A84B-96B3F388ECC2}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Keine Datei
FirewallRules: [{44F089DD-029E-4006-A208-0537218B9DC2}] => (Allow) LPort=9009
FirewallRules: [{15C17129-3E92-48B1-84D2-6102FBD49EE7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => Keine Datei
FirewallRules: [{BE3962EB-B4CA-4A09-B8CA-C93B1F0AC328}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => Keine Datei
FirewallRules: [{535565CA-9910-4F90-A04B-CD9E09FEA6FD}] => (Allow) F:\SteamLibrary\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{FAB4E316-1DE7-4EBF-BDC2-D7F617E17F8B}] => (Allow) F:\SteamLibrary\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{13D2BD94-FB2B-4B9B-85CA-0C34C04C6941}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => Keine Datei
FirewallRules: [{37E1B955-4C5A-4CCD-9232-C6752A322545}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => Keine Datei
FirewallRules: [{D6B13F5F-F29B-45F0-81E8-C443BA46B481}] => (Allow) LPort=9009
FirewallRules: [{B03EE668-7A81-4134-8EC0-23DC1A8580BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [Datei ist nicht signiert]
FirewallRules: [{9C6E4B78-FCEB-4F67-BBD7-334A5FA23C3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [Datei ist nicht signiert]
FirewallRules: [{F8405702-8D08-45E4-B832-2C386FA4B22B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [Datei ist nicht signiert]
FirewallRules: [{BD1DB398-8A0A-4A17-92E9-6C1C4DCC07B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{BC1EAC80-570C-42B6-A9BF-B07C5443D7BE}E:\epic games\gtav\gta5.exe] => (Allow) E:\epic games\gtav\gta5.exe => Keine Datei
FirewallRules: [UDP Query User{A5953D27-785B-42DE-BFEE-A74B6429CF4A}E:\epic games\gtav\gta5.exe] => (Allow) E:\epic games\gtav\gta5.exe => Keine Datei
FirewallRules: [{03F23EEC-C81F-4BCA-B47E-F40194E34B12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 4\Democracy4.exe () [Datei ist nicht signiert]
FirewallRules: [{39CBB791-A845-49A3-8403-C150168D4019}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 4\Democracy4.exe () [Datei ist nicht signiert]
FirewallRules: [{1595BFDD-E1FC-4929-8788-E4C55A65C30F}] => (Allow) F:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe () [Datei ist nicht signiert]
FirewallRules: [{9BA52872-C47D-4B4C-AE13-4127B02A1056}] => (Allow) F:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe () [Datei ist nicht signiert]
FirewallRules: [{C92944C2-B524-4696-BE0A-192D2B323E95}] => (Allow) C:\Users\Christopher\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5EEEA881-8094-46A5-B5B1-879BC0E5C4BE}] => (Allow) C:\Users\Christopher\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{7824FAD5-1864-4EF1-AD31-92782B8F16FE}] => (Allow) C:\Users\Christopher\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{D4328C82-0082-4537-AA1E-0752C09E0B20}] => (Allow) E:\SteamLibrary\steamapps\common\Cloudpunk\Cloudpunk.exe () [Datei ist nicht signiert]
FirewallRules: [{98E4E768-D30D-45AA-9506-A129E0C0C657}] => (Allow) E:\SteamLibrary\steamapps\common\Cloudpunk\Cloudpunk.exe () [Datei ist nicht signiert]
FirewallRules: [{8F7E8995-A1BB-494E-9692-825BE9CC6432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Cops\Rebel Cops.exe () [Datei ist nicht signiert]
FirewallRules: [{86D6F7C4-8B19-4FA7-8FA5-85C64AADA87A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Cops\Rebel Cops.exe () [Datei ist nicht signiert]
FirewallRules: [{B6B95B17-1C17-4AC4-8D1E-B0B851806238}] => (Allow) D:\SteamLibrary\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (LariLauncher) [Datei ist nicht signiert]
FirewallRules: [{79F1558B-7C46-49AF-A7EE-98572240C061}] => (Allow) D:\SteamLibrary\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (LariLauncher) [Datei ist nicht signiert]
FirewallRules: [{1B11046D-F6D1-4CA5-A565-7C4D1091F4DC}] => (Allow) D:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Datei ist nicht signiert]
FirewallRules: [{D2B71253-FC62-49E8-A1F9-7F5D3C85CB8D}] => (Allow) D:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Datei ist nicht signiert]
FirewallRules: [{31C95A44-0631-4461-AC99-0B43DF87F715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Highrise\Game.exe () [Datei ist nicht signiert]
FirewallRules: [{CCF8FAFD-EABB-4D7B-904E-0D02144D00B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Highrise\Game.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{D91BC250-8B5F-4A98-B122-F603CA2A16A2}E:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) E:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => Keine Datei
FirewallRules: [UDP Query User{2EBB261F-500E-456E-9AD2-15AC0F3061A8}E:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) E:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => Keine Datei
FirewallRules: [TCP Query User{890E1BF5-2D9E-4992-A04F-76AFF2D2642E}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{3C7CEDE7-DB25-495F-A06E-E7795B6B2207}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{4F545DD7-CFC5-4F8C-8A35-FCBBDB7EC4DD}F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{029622EB-E29C-483A-A970-F979E24E2E0C}F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{34CB4859-F735-4AC5-B58C-DD49119BEDA3}] => (Allow) E:\SteamLibrary\steamapps\common\John Wick Hex\John Wick Hex.exe () [Datei ist nicht signiert]
FirewallRules: [{6D6A3AAC-06ED-4945-967C-186DDE4905C0}] => (Allow) E:\SteamLibrary\steamapps\common\John Wick Hex\John Wick Hex.exe () [Datei ist nicht signiert]
FirewallRules: [{CCC04BD8-2F9C-40D6-8A7E-B9CC60ABE33B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orwell Ignorance is Strength\Ignorance.exe () [Datei ist nicht signiert]
FirewallRules: [{C0977E91-91C1-4F0D-8516-E4B05A1E09AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orwell Ignorance is Strength\Ignorance.exe () [Datei ist nicht signiert]
FirewallRules: [{3AD44AB7-A2AC-45C1-866F-9875FD1B2F4C}] => (Allow) D:\SteamLibrary\steamapps\common\Black Mesa\bms.exe () [Datei ist nicht signiert]
FirewallRules: [{3706BCA9-166D-47CE-870B-7D8BF5771176}] => (Allow) D:\SteamLibrary\steamapps\common\Black Mesa\bms.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{9A4116D3-339A-47A3-BBA3-B099072BBDE3}E:\steamlibrary\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{ECFAB7FE-BBBC-4858-AE2E-583891FE31E0}E:\steamlibrary\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{43A1A0EF-98AB-4C19-9DE2-B815A46AE5D2}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => Keine Datei
FirewallRules: [UDP Query User{9E7D97B6-9145-44A1-B1AD-8187A8E80DC4}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => Keine Datei
FirewallRules: [{0646B620-9DF7-4A28-91CD-272E1B554EE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phoenix Wright Ace Attorney Trilogy\PWAAT.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{09C6B264-4D82-40E9-BF19-2153CDB66DB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phoenix Wright Ace Attorney Trilogy\PWAAT.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{75B02A22-D290-4979-BC5C-4766BD27D9C6}] => (Allow) E:\SteamLibrary\steamapps\common\Crysis Remastered\Bin64\CrysisRemastered.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [{3E3CE158-8AC3-4DD1-9590-15CF698AA2E3}] => (Allow) E:\SteamLibrary\steamapps\common\Crysis Remastered\Bin64\CrysisRemastered.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{01C7295C-719A-46D8-AC4D-379EB4739C7C}C:\program files (x86)\origin games\fifa 22\fifa22.exe] => (Allow) C:\program files (x86)\origin games\fifa 22\fifa22.exe => Keine Datei
FirewallRules: [UDP Query User{DB04CA1C-0925-4CE1-8702-0C174E1116A2}C:\program files (x86)\origin games\fifa 22\fifa22.exe] => (Allow) C:\program files (x86)\origin games\fifa 22\fifa22.exe => Keine Datei
FirewallRules: [TCP Query User{0DE3FB25-6BBB-4BC9-91C0-8F5798925EC9}D:\steamlibrary\steamapps\common\new world\bin64\newworld.exe] => (Allow) D:\steamlibrary\steamapps\common\new world\bin64\newworld.exe => Keine Datei
FirewallRules: [UDP Query User{400963E9-96EB-48C4-8115-F5D2DA70052E}D:\steamlibrary\steamapps\common\new world\bin64\newworld.exe] => (Allow) D:\steamlibrary\steamapps\common\new world\bin64\newworld.exe => Keine Datei
FirewallRules: [TCP Query User{F2384FCB-6F83-49CC-A36C-253A09025D05}D:\games\battlefield 2042 open beta\bf.exe] => (Allow) D:\games\battlefield 2042 open beta\bf.exe => Keine Datei
FirewallRules: [UDP Query User{E61B6C21-D16C-4307-B546-137D619AB9DE}D:\games\battlefield 2042 open beta\bf.exe] => (Allow) D:\games\battlefield 2042 open beta\bf.exe => Keine Datei
FirewallRules: [TCP Query User{C654FA2F-D843-4F02-9ED9-BFB0821AD100}D:1\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) D:1\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{26648F6E-6CBD-4AF9-9244-DDD73C72A5CB}D:1\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) D:1\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{9F2E5A84-829D-4775-9895-89E58E4ACCEF}C:6\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:6\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{4A63BAC0-1B5E-4C69-8959-C485E4E5F335}C:6\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:6\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{D1C0FBEE-976A-4A9D-B790-4069F36CD32B}E:\epic games\crysis2remastered\bin64\crysis2remastered.exe] => (Allow) E:\epic games\crysis2remastered\bin64\crysis2remastered.exe => Keine Datei
FirewallRules: [UDP Query User{484DDD70-E1D1-4195-BF1B-6DDA2BD1E6B2}E:\epic games\crysis2remastered\bin64\crysis2remastered.exe] => (Allow) E:\epic games\crysis2remastered\bin64\crysis2remastered.exe => Keine Datei
FirewallRules: [TCP Query User{498F68A2-725D-4319-84C4-092D9B09E65A}C:3\gobi\binaries\wingdk\back4blood.exe] => (Allow) C:3\gobi\binaries\wingdk\back4blood.exe => Keine Datei
FirewallRules: [UDP Query User{BC30FDA7-5FEB-461D-8C2B-4A381B9C27F2}C:3\gobi\binaries\wingdk\back4blood.exe] => (Allow) C:3\gobi\binaries\wingdk\back4blood.exe => Keine Datei
FirewallRules: [{F062EDAE-DA5A-4B52-BAB3-0B935E486ED8}] => (Allow) D:\SteamLibrary\steamapps\common\Chernobylite\ChernobylGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{F229570A-ED25-4354-BDD3-4BF72E6503A3}] => (Allow) D:\SteamLibrary\steamapps\common\Chernobylite\ChernobylGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{00CABAF6-11C0-4D20-B22B-FA7E74A3CE74}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{0877A276-66DC-4D3B-8034-7F2553F98972}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{D1D1E016-FDAD-4A8A-8BB3-5C7ECE3E6B26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dorfromantik\Dorfromantik.exe () [Datei ist nicht signiert]
FirewallRules: [{55FF28C9-00A8-448F-8C1B-5E633D9B0B67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dorfromantik\Dorfromantik.exe () [Datei ist nicht signiert]
FirewallRules: [{FAF25C44-F991-4E95-B9FD-F0083BAC57B2}] => (Allow) E:\SteamLibrary\steamapps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{F0546042-577B-4BB9-85C1-504722A4C1D5}] => (Allow) E:\SteamLibrary\steamapps\common\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{BE77025B-E1FF-4134-AED1-E07F67EDFC6E}C:5\haloinfinite.exe] => (Allow) C:5\haloinfinite.exe => Keine Datei
FirewallRules: [UDP Query User{FA67C7E4-5550-4B02-A300-C2D16650F05A}C:5\haloinfinite.exe] => (Allow) C:5\haloinfinite.exe => Keine Datei
FirewallRules: [TCP Query User{44A3FDE9-D8DA-4E0B-B0F1-7F96B7537AF0}C:5\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:5\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{30D4679F-DB83-42F5-88D9-03217AF20118}C:5\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:5\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => Keine Datei
FirewallRules: [{442F0574-D179-4827-99BD-846B74FBDC2A}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [Datei ist nicht signiert]
FirewallRules: [{6C67112F-C819-4D29-B84D-A046F4522964}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [Datei ist nicht signiert]
FirewallRules: [{17088E4E-7015-4413-8443-D64EA881B63A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{86D02542-2C94-45C2-9A1C-4F0C268F5972}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3099DB41-455A-4211-8E2B-535E1786EFF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9F661468-637A-4BAC-B78B-CA0CD4A3EB4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46472B3A-7C30-46F8-A3AF-119BC1124802}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe () [Datei ist nicht signiert]
FirewallRules: [{21F7CCAA-B236-40C9-B5B0-5F9479BC42DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{2A2A4B9B-D721-4799-99BE-D1F30CBE3516}D:6\haloinfinite.exe] => (Allow) D:6\haloinfinite.exe => Keine Datei
FirewallRules: [UDP Query User{A1705EFB-B07B-4A7B-9941-37711CF9E286}D:6\haloinfinite.exe] => (Allow) D:6\haloinfinite.exe => Keine Datei
FirewallRules: [TCP Query User{9ECB9024-1BEA-4252-A938-6F54CCDC3C80}E:\games\battlefield 2042\bf2042.exe] => (Allow) E:\games\battlefield 2042\bf2042.exe => Keine Datei
FirewallRules: [UDP Query User{D6006340-C19B-4C22-98F8-EEED512C9153}E:\games\battlefield 2042\bf2042.exe] => (Allow) E:\games\battlefield 2042\bf2042.exe => Keine Datei
FirewallRules: [TCP Query User{5C97841C-A1EC-4602-A18C-595AF96D6FA7}C:0\geargame\binaries\winstore\gears5.exe] => (Allow) C:0\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [UDP Query User{8351E5B5-A7DB-4FB2-BA32-81CD15B95567}C:0\geargame\binaries\winstore\gears5.exe] => (Allow) C:0\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [TCP Query User{CED80AFE-DECD-4280-8A47-C4DA8898B4E5}C:5\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe] => (Allow) C:5\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{B166392E-6140-4E4E-83E3-4C61817F21A5}C:5\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe] => (Allow) C:5\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{0FA088E4-E487-4ABF-8082-7234C6232A9E}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{8E29DCCC-0148-4C99-87AA-6832CAD85725}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{E617A458-3FF6-4961-AC4E-543A8DEF000A}] => (Allow) D:\Games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction_BE.exe => Keine Datei
FirewallRules: [{5607F046-D379-433D-BDC7-C0A805D58895}] => (Allow) D:\Games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction_BE.exe => Keine Datei
FirewallRules: [{6C732B20-7BE7-4D01-8F40-5D96309FFF0F}] => (Allow) D:\Games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction.exe => Keine Datei
FirewallRules: [{F2E7301A-AD14-41B5-9E8E-A8707A948149}] => (Allow) D:\Games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction.exe => Keine Datei
FirewallRules: [TCP Query User{CE39C337-54CF-4056-8973-B5CD03D928BF}C:3\geargame\binaries\winstore\gears5.exe] => (Allow) C:3\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [UDP Query User{471ECFF9-7CB3-4AE6-80AE-3756C6F1BDA7}C:3\geargame\binaries\winstore\gears5.exe] => (Allow) C:3\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [TCP Query User{7AB6B34C-537C-43D7-8D48-D1EAA39B6507}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Keine Datei
FirewallRules: [UDP Query User{4FECBF77-F30A-4589-A966-71E1FD7B527D}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Keine Datei
FirewallRules: [TCP Query User{805C2B86-2F9D-4E01-B45E-48870BB93E01}C:\users\christopher\appdata\local\tidal\app-2.33.2\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.33.2\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{6C4A3BB5-A388-4A8B-9797-DDA69DDB1E42}C:\users\christopher\appdata\local\tidal\app-2.33.2\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.33.2\tidal.exe => Keine Datei
FirewallRules: [TCP Query User{734A9CB1-58C7-4459-9273-959775AF8212}D:4\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe] => (Allow) D:4\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{8F88A6D8-1ACD-407C-937D-0BB2E2D7754D}D:4\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe] => (Allow) D:4\tetriseffect\binaries\wingdk\tetriseffect-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{D51402DF-D722-4E17-A3DB-6A40D4AAC5BE}C:8\battletoadsgame.exe] => (Allow) C:8\battletoadsgame.exe => Keine Datei
FirewallRules: [UDP Query User{D613F597-C50A-4B74-BC36-51917E688EF7}C:8\battletoadsgame.exe] => (Allow) C:8\battletoadsgame.exe => Keine Datei
FirewallRules: [TCP Query User{838D84FB-6191-4528-AEBA-462EDE7F9BEE}E:\games\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Block) E:\games\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{AC6F8A53-9EA6-43BA-B395-1D48F9264DFA}E:\games\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Block) E:\games\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{382A44B9-96C6-430E-9B67-237FD960BC85}E:\games\the forgotten city\content\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe] => (Allow) E:\games\the forgotten city\content\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{4166BCBE-4977-4174-A1CE-B9461CBE6302}E:\games\the forgotten city\content\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe] => (Allow) E:\games\the forgotten city\content\modernstoryteller01\binaries\wingdk\modernstoryteller01-wingdk-shipping.exe => Keine Datei
FirewallRules: [{DAAB70C6-CC19-464B-A8E1-CE3DC14A3A7C}] => (Allow) E:\SteamLibrary\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe => Keine Datei
FirewallRules: [{65FBC701-2BB8-4502-8FDD-324BDB96AF37}] => (Allow) E:\SteamLibrary\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe => Keine Datei
FirewallRules: [{1269A010-EB5B-4B9C-B4A5-0C33E4343608}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis2Remastered\Bin64\Crysis2Remastered.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [{19C9D6F2-8AA5-4730-AE3A-DF40C549D17D}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis2Remastered\Bin64\Crysis2Remastered.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [{114330F7-C945-47A1-A1A6-499E51B70BD6}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis3Remastered\Bin64\Crysis3Remastered.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [{5AADC2EE-79D0-4ACB-8362-EA761C179FB7}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis3Remastered\Bin64\Crysis3Remastered.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{E27788FB-7B9F-47BB-90F3-70CAE99FB9FE}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => Keine Datei
FirewallRules: [UDP Query User{337D4F94-0E88-403B-95EC-BAC1DB93D457}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => Keine Datei
FirewallRules: [{597F942F-01EF-4A94-92E4-17FD3FFDBC7B}] => (Allow) F:\SteamLibrary\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe => Keine Datei
FirewallRules: [{084FAB08-6AE7-4827-BC23-FB17ABA14833}] => (Allow) F:\SteamLibrary\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe => Keine Datei
FirewallRules: [TCP Query User{F8C75BE7-C6C3-4A4C-A0AB-BC26583756AB}C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{DB8E00C5-F886-42C6-AE48-779493B7C16E}C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe => Keine Datei
FirewallRules: [{FB9C97D0-EDB4-4A76-9A39-F061048B311E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\ed6_win3_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{0D0CBED4-5614-4BA2-9754-AC414BC9BD50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\ed6_win3_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{10F9B7C3-9D5B-4F51-9763-79EBC3F9E3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\Config3_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{292B8864-2E04-47B6-AA92-6AB40291E6ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\Config3_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{A268C490-D295-4884-89AD-48B04BEE21C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\ed6_win3.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{C6E8D54E-6E87-46CC-8BD1-2D4879BFB148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\ed6_win3.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{67A3BDA3-0817-4E09-BD13-5E82FCFD3933}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\Config3.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{3D1FA010-25CE-4CE8-BE8E-971C650851C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky the 3rd\Config3.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{AB6629E7-6BEB-46EF-89A4-006E33F7FC9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\ed6_win2_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{B565772B-C3CB-4CFA-9886-CE861793FAA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\ed6_win2_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{83280259-59B4-48C8-9D29-ADF7A1D0A701}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\Config2_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{8CF5670C-5D62-49D9-BCFD-C664C9F90859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\Config2_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{47040B06-75AE-4C92-B319-21D32572580D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\ed6_win2.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{00A727B4-AF38-4E01-92B4-2E1856669A13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\ed6_win2.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{ABB273A6-5AFA-4BA6-8206-C38AD50FCDDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\Config2.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{2C62F387-1003-4691-B5B2-CB3DD00C4E6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky SC\Config2.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{827F2698-610A-4FC1-A6B3-2E92B47D78DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{41764FA9-795C-43D5-9E97-BB84D02FDEAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{3DB6C9F8-2C7E-4F80-80F8-97E87536531A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{43DFEF10-E625-4DDE-91F3-AD841493F063}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config_DX9.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{B10B79B9-7D2E-462D-9EFD-9F538943EC4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{49AA7C9E-01E3-450C-92DD-C1EC53F7655A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{AC896FDD-1BAB-434B-B68F-1584F79B7B89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{590B1960-9BAF-49D9-9A7C-60D53489E4D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe (Nihon Falcom Corporation) [Datei ist nicht signiert]
FirewallRules: [{1B8DBC61-0276-4183-B244-481A6A939FBD}] => (Allow) E:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => Keine Datei
FirewallRules: [{1765B3C5-715B-4F29-9B82-A6A9E82F994C}] => (Allow) E:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => Keine Datei
FirewallRules: [{D2B950AE-7DD6-4279-A391-DA0AD2F1FEAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [{A7B7F30F-D61C-4E90-A73E-837946869061}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [{60EA2DB1-A8A6-4F09-9929-B042094183FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B40B22D-C75A-4449-BCFF-C16BE81FA8CB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{17F5FCBA-99FF-4DE5-BB59-AAA1A28288E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1079D59C-9E52-4998-9045-E6F967AD53BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{B8A7410B-F0AB-4265-8703-BA36BBAD8155}E:\games\call of duty\_retail_\cod.exe] => (Allow) E:\games\call of duty\_retail_\cod.exe => Keine Datei
FirewallRules: [UDP Query User{3BE50F7E-F00B-4FD5-9B19-872B16F97624}E:\games\call of duty\_retail_\cod.exe] => (Allow) E:\games\call of duty\_retail_\cod.exe => Keine Datei
FirewallRules: [TCP Query User{00F7820A-9DBD-44A2-85C9-AF270DA128E9}F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{B1177175-FA03-4C4E-B23E-875634FBFAD9}F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => Keine Datei
FirewallRules: [{512A6E12-4D8A-453C-AEAA-4A2083CFE32D}] => (Allow) E:\SteamLibrary\steamapps\common\Cloudpunk\City of Ghosts\Cloudpunk - City of Ghosts.exe () [Datei ist nicht signiert]
FirewallRules: [{F2A735E0-A367-4740-B0B7-92A59124E2A1}] => (Allow) E:\SteamLibrary\steamapps\common\Cloudpunk\City of Ghosts\Cloudpunk - City of Ghosts.exe () [Datei ist nicht signiert]
FirewallRules: [{6C6BE331-923C-4740-A83F-514FB937C9B3}] => (Allow) E:\SteamLibrary\steamapps\common\IXION\Ixion.exe () [Datei ist nicht signiert]
FirewallRules: [{4EE0AF23-1D31-47E9-8B09-1E9711D2C2DE}] => (Allow) E:\SteamLibrary\steamapps\common\IXION\Ixion.exe () [Datei ist nicht signiert]
FirewallRules: [{595DBC2B-59D8-4BD0-B9BC-62FFCABC5B17}] => (Allow) E:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe => Keine Datei
FirewallRules: [{75781E5A-59E7-4E2F-868E-0517C5BF6B6E}] => (Allow) E:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe => Keine Datei
FirewallRules: [{3C28C8EB-091C-468D-B484-FA52AFB21478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 2\Fallout2Launcher.exe (ZeniMax Media) [Datei ist nicht signiert]
FirewallRules: [{D7D81A5A-61E6-4C6D-8F7E-62A59D947A41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 2\Fallout2Launcher.exe (ZeniMax Media) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{380C00EA-90BC-4E51-9954-9217FC68A3F9}C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{078705FB-F0A5-4875-AB4F-D732FA584B63}C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.2\tidal.exe => Keine Datei
FirewallRules: [TCP Query User{57D45041-A7EA-4190-8FC8-5C756F1ECAF3}F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{7E7341B5-BCAA-48AA-B79F-068A909695EB}F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) F:\games\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{FC766B0B-85F2-4FA3-A463-2D82CDDBAB70}E:\games\atomic heart - windows\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe] => (Allow) E:\games\atomic heart - windows\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F1084690-B22D-46C7-AF46-9320C0C5ED36}E:\games\atomic heart - windows\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe] => (Allow) E:\games\atomic heart - windows\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [{3F68C3BA-CDA0-4675-811A-35D3480B2CEA}] => (Allow) F:\SteamLibrary\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe => Keine Datei
FirewallRules: [{C15BA0EC-11A3-4A0C-AB6D-4BA07687EDB9}] => (Allow) F:\SteamLibrary\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe => Keine Datei
FirewallRules: [{762BFE67-15E8-4D2D-9C94-EA4C44F67C39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [{6644169C-D7DC-4CFC-9639-CE6FAD11CF61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [{6A34CB34-34C3-4FD7-9FAF-77B6308BF675}] => (Allow) E:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe => Keine Datei
FirewallRules: [{FEF80DBC-7109-4512-932B-BE11C02B48CE}] => (Allow) E:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe => Keine Datei
FirewallRules: [{B864CF6D-A971-4FD0-A342-B1D5FDDF741B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{259878C6-8036-4DB5-8100-37277F8AC1A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DF2E3DB8-CC19-48EA-95EF-87F392ECF908}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A5C18B0-7708-454B-903D-A8A794C7E81B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{7556D1B3-C5A3-46AB-9EFC-7AB216AF5643}E:\games\diablo iv - beta\diablo iv.exe] => (Allow) E:\games\diablo iv - beta\diablo iv.exe => Keine Datei
FirewallRules: [UDP Query User{30E937A2-22EE-493B-83F0-B08DA80FE6D7}E:\games\diablo iv - beta\diablo iv.exe] => (Allow) E:\games\diablo iv - beta\diablo iv.exe => Keine Datei
FirewallRules: [TCP Query User{21C218EB-C53B-4D5C-9892-706D6682149E}E:\games\as dusk falls\content\dusk.exe] => (Allow) E:\games\as dusk falls\content\dusk.exe => Keine Datei
FirewallRules: [UDP Query User{61CAA7CD-EE30-4415-8990-DC25FE28A96C}E:\games\as dusk falls\content\dusk.exe] => (Allow) E:\games\as dusk falls\content\dusk.exe => Keine Datei
FirewallRules: [TCP Query User{36B798E7-C472-4F1D-9704-A14A6974C44E}D:\games\deadisland2\deadisland\binaries\win64\deadisland-win64-shipping.exe] => (Allow) D:\games\deadisland2\deadisland\binaries\win64\deadisland-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{11DEFD1F-BDF1-43D0-9D83-9B6A15BD417B}D:\games\deadisland2\deadisland\binaries\win64\deadisland-win64-shipping.exe] => (Allow) D:\games\deadisland2\deadisland\binaries\win64\deadisland-win64-shipping.exe => Keine Datei
FirewallRules: [{B742265B-4A35-4ED4-88FA-DFA2CFFA31CC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC29E472-F637-47AB-BF38-B262FD04EA3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{790AC622-BD4A-4C34-9A46-E4F19B505CE1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{65945A60-CD91-41CC-A8BD-7F4961C81F60}D:\games\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe] => (Allow) D:\games\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{6BDB3326-DD68-4C1B-B0EC-0CA6EBF11592}D:\games\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe] => (Allow) D:\games\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [{7D2BBCC5-651D-4DE9-9A4A-8EBB60DC6031}] => (Allow) C:\Program Files\Elgato\4KCaptureUtility\4KCaptureUtility.exe (Corsair Memory, Inc. -> Elgato Systems)
FirewallRules: [{C3AEA0D3-81E7-40AC-8064-C76834559284}] => (Allow) E:\SteamLibrary\steamapps\common\System Shock Remake\SystemShock.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{4A21B22C-3465-434F-9EF6-B1C226840140}] => (Allow) E:\SteamLibrary\steamapps\common\System Shock Remake\SystemShock.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{D5B755E2-8369-4CF2-BAB3-C69AE24DF343}] => (Allow) E:\SteamLibrary\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe () [Datei ist nicht signiert]
FirewallRules: [{317682C5-33B4-46C6-9195-FD6DB5F2B5A5}] => (Allow) E:\SteamLibrary\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe () [Datei ist nicht signiert]
FirewallRules: [{39952D8F-643A-41F1-91FB-1F1681B0AFD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Ambitions\Big Ambitions.exe () [Datei ist nicht signiert]
FirewallRules: [{37785727-E5C9-4A47-B685-15EE82C310D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Ambitions\Big Ambitions.exe () [Datei ist nicht signiert]
FirewallRules: [{C7228933-BC66-4275-BA2D-5C62CCEFD329}] => (Allow) E:\SteamLibrary\steamapps\common\BattleBit Remastered\BattleBitEAC.exe () [Datei ist nicht signiert]
FirewallRules: [{92247234-89CF-4BC5-A10B-9FC754FD4359}] => (Allow) E:\SteamLibrary\steamapps\common\BattleBit Remastered\BattleBitEAC.exe () [Datei ist nicht signiert]
FirewallRules: [{2799BAF7-DF24-42B1-8964-6A079B162B02}] => (Allow) E:\SteamLibrary\steamapps\common\BattleBit Remastered\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{581F7BB4-DC13-4AB8-9C62-89A622C5100D}] => (Allow) E:\SteamLibrary\steamapps\common\BattleBit Remastered\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [TCP Query User{AAAF9226-29A1-4F6A-BA14-728A5111622E}C:\users\christopher\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.3\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{887E40D6-F78D-4B64-B818-169E6CD44409}C:\users\christopher\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.3\tidal.exe => Keine Datei
FirewallRules: [{EF6CA7AC-D6A6-49C8-89EB-4B2E3C414B89}] => (Block) C:\users\christopher\appdata\local\tidal\app-2.34.3\tidal.exe => Keine Datei
FirewallRules: [{AB3CB7DD-6DA5-4511-B272-C6D98E2C9EFD}] => (Block) C:\users\christopher\appdata\local\tidal\app-2.34.3\tidal.exe => Keine Datei
FirewallRules: [{626E5E21-168D-41AB-9709-0D5A9996E295}] => (Allow) E:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => Keine Datei
FirewallRules: [{9DFF737A-EBFA-400F-84D1-CDAB148BC599}] => (Allow) E:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => Keine Datei
FirewallRules: [TCP Query User{563FB7A7-65AB-4E8F-A932-3C2CB1D3C13D}E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => Keine Datei
FirewallRules: [UDP Query User{E7C880B2-3CE2-4C24-BFB9-DEC394DECA6C}E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => Keine Datei
FirewallRules: [{D5B8C8DD-C6C0-4A66-A113-9C72FC0BC896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brotato\Brotato.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{5643618D-348C-4B48-B09A-1F6A1C7F1E68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brotato\Brotato.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{4FD46125-D26B-4D0F-B3CC-1CEAD9CFF5B5}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{5CF756D0-8578-4D94-969D-24C0DFE05A94}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{4A13B08F-FFA4-4F0F-BA8B-4B8DC910CB9D}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{A9A2DEE1-D66D-4857-8AB8-9B88ABF0E88B}] => (Allow) E:\SteamLibrary\steamapps\common\Shadow Gambit The Cursed Crew\ShadowGambit_TCC.exe () [Datei ist nicht signiert]
FirewallRules: [{60232DE3-0578-4E9F-92F7-F85BE844FD43}] => (Allow) E:\SteamLibrary\steamapps\common\Shadow Gambit The Cursed Crew\ShadowGambit_TCC.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3655A919-84AA-4745-BD16-2DCA086173C1}C:\users\christopher\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.5\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{317EF372-5C61-4F75-9673-1029EB430AC6}C:\users\christopher\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.34.5\tidal.exe => Keine Datei
FirewallRules: [TCP Query User{A77E4EE5-DDFB-48D4-89C2-B9381392D503}C:\users\christopher\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\christopher\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{7924C28B-426B-46C7-BB40-DAB6FE081E26}C:\users\christopher\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\christopher\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{85D204FA-3846-4C0B-8102-607C0F4D3DE1}] => (Allow) E:\SteamLibrary\steamapps\common\Football Manager 2024\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{94C2DFBB-B6E9-4A0E-BBCB-85F5BC361BF2}] => (Allow) E:\SteamLibrary\steamapps\common\Football Manager 2024\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{C0471442-7742-4B74-80FA-7B35C1C74B57}] => (Allow) E:\SteamLibrary\steamapps\common\Cities Skylines II\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{0AFB85F0-DF9A-4F16-A0BA-E1FB5C1B0EA0}] => (Allow) E:\SteamLibrary\steamapps\common\Cities Skylines II\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{4935328F-BD71-4795-B40C-90006DB455F9}E:\steamlibrary\steamapps\common\cities skylines ii\cities2.exe] => (Allow) E:\steamlibrary\steamapps\common\cities skylines ii\cities2.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{B10CC33B-AC55-47C8-9671-84C1E72C81AF}E:\steamlibrary\steamapps\common\cities skylines ii\cities2.exe] => (Allow) E:\steamlibrary\steamapps\common\cities skylines ii\cities2.exe () [Datei ist nicht signiert]
FirewallRules: [{4564ED14-BCF7-4FE1-9489-358C2EEB218E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D071906C-9173-4910-85E0-D14D1884650C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C015880-A44E-44FD-A79F-8B6E9DF8E0A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9B77524E-D351-4E1E-983B-6D8C5E50E3BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C90528D9-E6D1-48A3-8D2D-7D97EE528479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dave the Diver\DaveTheDiver.exe (NEXON Korea Corporation. -> )
FirewallRules: [{C840C66A-0AB8-4417-9232-8AEEAC31506E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dave the Diver\DaveTheDiver.exe (NEXON Korea Corporation. -> )
FirewallRules: [{806151D5-CE8F-4529-9A52-EDDF6F725A07}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => Keine Datei
FirewallRules: [{537D0737-6DFA-4C7A-9A4C-318C0B6B7A01}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => Keine Datei
FirewallRules: [{93320AE6-4D0E-415C-8B17-1F9F19BD481A}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => Keine Datei
FirewallRules: [{BA7F210E-CDBD-494E-A6C2-54610B2F2325}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => Keine Datei
FirewallRules: [{10B3EC0D-3690-4D9F-B751-A53C08990648}] => (Allow) D:\Games\ANNO1800\Bin\Win64\Anno1800.exe => Keine Datei
FirewallRules: [TCP Query User{B73908E5-9F0F-4426-8F3C-DE3AFF3D5E79}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe] => (Allow) E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{38763CC1-B7C6-4EBA-9467-4A94E73803B6}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe] => (Allow) E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A4FF75C3-3A94-4DC0-8A44-0C82F9507DA6}E:\games\quake ii\content\ptah_winstore.exe] => (Allow) E:\games\quake ii\content\ptah_winstore.exe => Keine Datei
FirewallRules: [UDP Query User{7F4E8923-6DC8-42E5-81CB-BB59FF46A080}E:\games\quake ii\content\ptah_winstore.exe] => (Allow) E:\games\quake ii\content\ptah_winstore.exe => Keine Datei
FirewallRules: [{F96AEBF3-DB43-4F1B-B014-0D45CFCE5BFF}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{3D340C95-81EC-46E1-8F2A-6A41363865F0}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{1018B87D-D4A5-44A0-A92F-DAF0957BA2A3}] => (Allow) F:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [{B1AC1DAC-9A6B-4426-A7DD-5F326B10AFEB}] => (Allow) F:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [{28434DF7-8C9C-452B-B0B0-85A48271A1D3}] => (Allow) F:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{216FD422-9730-4455-870C-BEF2F0BAD53C}] => (Allow) F:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [TCP Query User{8A263A43-9C80-4004-A16C-0145E431BCE3}E:\games\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe] => (Allow) E:\games\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{951FE8FD-7959-4091-9EFE-90C67499D8D2}E:\games\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe] => (Allow) E:\games\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe (Zugriff verweigert) [Datei ist nicht signiert]
FirewallRules: [{4747BB07-98D0-4153-AB69-D81BC9A94532}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games)
FirewallRules: [{273A99E7-F44B-41AC-8A53-F2DD6680FBA0}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games)
FirewallRules: [{C04A14E6-81C1-433E-8CC2-AC70AE0C90D6}] => (Allow) E:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{D2148FBF-5CBA-42F2-8415-15A0C015CA7D}] => (Allow) E:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{21F640AF-EC83-4535-865E-FAE46069CABD}] => (Allow) F:\SteamLibrary\steamapps\common\DayZ\DayZ_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [{EBA38783-FB71-414E-92D2-890644BA4412}] => (Allow) F:\SteamLibrary\steamapps\common\DayZ\DayZ_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [{86BE14E0-6441-40A9-B9A7-2175F8AC4742}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D5C4CD7-F8E3-4788-85EB-6EDD711CB207}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{386B7B26-2B84-4DE1-8979-679B05C2776E}] => (Allow) D:\Games\Battlefield 2042\EAAntiCheat.GameServiceLauncher.exe => Keine Datei
FirewallRules: [{49BC78A5-458B-4F4E-AFA6-CEC9BD34C842}] => (Allow) D:\Games\Battlefield 2042\EAAntiCheat.GameServiceLauncher.exe => Keine Datei
FirewallRules: [TCP Query User{6F9DD295-C348-49A7-A5EF-319EB7FA3A1B}D:\games\battlefield 2042\bf2042.exe] => (Allow) D:\games\battlefield 2042\bf2042.exe => Keine Datei
FirewallRules: [UDP Query User{984FE6B7-2EB5-429B-8FC3-89C3D0132B4A}D:\games\battlefield 2042\bf2042.exe] => (Allow) D:\games\battlefield 2042\bf2042.exe => Keine Datei
FirewallRules: [{5681E708-9F5A-47E5-804D-EDE34B4E0FC8}] => (Allow) E:\SteamLibrary\steamapps\common\Ready Or Not\ReadyOrNot.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{860BFACB-183A-4B16-BAE2-CA993A142676}] => (Allow) E:\SteamLibrary\steamapps\common\Ready Or Not\ReadyOrNot.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{F1327D47-2EF1-4220-B284-22499406E4F6}] => (Allow) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{EB8EAF23-2B91-422B-BB63-249D7F40166A}D:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win64\worldoftanks.exe => Keine Datei
FirewallRules: [UDP Query User{BA2597AD-CEB7-4132-8060-6F35735DA8A4}D:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win64\worldoftanks.exe => Keine Datei
FirewallRules: [{DB9089E2-E16D-4D78-A238-E89CA60C2374}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4C7F30FE-F3D8-4AF6-BEAD-8912A2E264A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{49C9F997-717C-4B09-AD65-A899593C17EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{12327F3E-B756-47D4-962F-583B4357887E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EEE778EF-8289-47BD-A9A3-ACE77DFFCE49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{147F2E3D-528E-4A85-9487-6DE91A5F0A24}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{464E51C4-FF43-4C60-9088-81064B888535}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8CBA5587-68BC-440D-B790-2F82D3DF4A3B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{15B7BBE7-92E8-4947-B738-485AC3AF1E5F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{20B90957-C535-48F7-BF00-573AABB51E09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [TCP Query User{50730879-814A-42F5-9B95-BB265ED04294}D:\steamlibrary\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) D:\steamlibrary\steamapps\common\world of tanks\eu\win64\worldoftanks.exe => Keine Datei
FirewallRules: [UDP Query User{559346F1-8BB3-4AC6-AB3C-9A10F5DF0E11}D:\steamlibrary\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) D:\steamlibrary\steamapps\common\world of tanks\eu\win64\worldoftanks.exe => Keine Datei
FirewallRules: [TCP Query User{E82A548B-D917-479D-A4F3-1537255A9D47}E:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) E:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{7E88350C-69C2-4D4E-A6F7-72340B2816E0}E:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) E:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{AF428A06-3314-4A72-990A-A2B848C9AFCB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{58A4E9E4-A7CF-4FE4-90EF-F3102643A523}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5AF45A90-3C46-42D3-86FB-6D3A8FAED01F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{70A6B557-2720-4C87-A4D1-B1F6505451F9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{EB118E41-68C6-4C73-BA51-E5849A038793}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{394035A7-5185-44AB-B3E0-C78CD4C76010}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F3079144-8738-4C76-8F2C-655C5E2E3FF6}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{7AC93A8F-CDA3-4E21-AF57-5B772F203074}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{BD517E98-4F08-4F9B-88FD-2FBD776175BE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B78A51A7-69C0-40BF-9746-CE49929AFBC9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F0C2DB10-8DBD-4EB7-ACBF-B0DCD11E291E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{26A97AD9-0400-4F1E-A020-3BBD79B9377B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
==================== Wiederherstellungspunkte =========================
15-02-2024 18:33:20 Removed Epic Online Services
17-02-2024 19:34:02 DirectX wurde installiert
22-02-2024 01:41:31 Windows Modules Installer
22-02-2024 01:43:41 Windows Modules Installer
22-02-2024 01:44:07 Windows Modules Installer
|
|
22.02.2024, 03:33
| #3 |
| | Windows 11: Möglicherweise einen Keylogger eingefangen Part 2 zu Addition:
__________________Code:
ATTFilter ==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/22/2024 03:03:19 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\CHRIS-RYZEN$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 22 Feb 2024 02:03:22 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 29e77e88-481c-42f9-aa29-2be6825d2c12
Methode: GET(187ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/22/2024 02:48:32 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\CHRIS-RYZEN$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 22 Feb 2024 01:48:34 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b6ef6dd4-c43a-4f55-915b-c753901a2c9d
Methode: GET(328ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/22/2024 01:54:51 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\CHRIS-RYZEN$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 22 Feb 2024 00:54:53 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7abd8111-7076-4b53-81c9-115e33c89786
Methode: GET(329ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/22/2024 01:53:11 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\CHRIS-RYZEN$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 22 Feb 2024 00:53:14 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: a663c75e-3694-4520-b4a4-8ad62990db9f
Methode: GET(219ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/22/2024 01:51:24 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (02/22/2024 12:58:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Chris-Ryzen.local already in use; will try Chris-Ryzen-2.local instead
Error: (02/22/2024 12:58:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Chris-Ryzen.local. Addr 192.168.178.34
Error: (02/22/2024 12:58:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.34:5353 16 Chris-Ryzen.local. AAAA FDE4:0AFF:27E0:5E45:9A51:575F:75BF:1060
Systemfehler:
=============
Error: (02/22/2024 03:05:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/22/2024 03:05:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
Error: (02/22/2024 03:03:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.
Error: (02/22/2024 03:03:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Error: (02/22/2024 03:03:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/22/2024 03:03:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Error: (02/22/2024 03:03:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/22/2024 03:03:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet:
Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt.
Windows Defender:
================
Date: 2024-02-18 12:28:43
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B4B90F7E-EF47-47DB-BB68-5E7A86AE8C71}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-02-10 12:43:47
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6FC3101E-0362-479C-A244-EB76256D1ADF}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-02-03 13:24:51
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {BCDF9D59-F5B1-4DD2-ABFE-A5A0D178AA1F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-02-02 12:53:50
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {BDCFD589-A626-4593-8D4A-229913C8F651}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-01-30 17:27:47
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {97DAAA6C-BF0F-46CC-B9FB-4453F421589D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2024-02-22 03:13:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2024-02-22 03:03:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends International, LLC. F35 07/08/2021
Hauptplatine: Gigabyte Technology Co., Ltd. X570 AORUS ELITE
Prozessor: AMD Ryzen 7 5800X 8-Core Processor
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 32711.75 MB
Verfügbarer physikalischer RAM: 25271.78 MB
Summe virtueller Speicher: 40647.75 MB
Verfügbarer virtueller Speicher: 31431.78 MB
==================== Laufwerke ================================
Drive c: (WDSN850500GB) (Fixed) (Total:465.07 GB) (Free:224.86 GB) (Model: WDS500G1X0E-00AFY0) NTFS
Drive d: (MX5001TB) (Fixed) (Total:931.5 GB) (Free:313.45 GB) (Model: CT1000MX500SSD1) NTFS
Drive e: (SanDisk2TB) (Fixed) (Total:1863 GB) (Free:650.48 GB) (Model: SanDisk SDSSDA-2T00) NTFS
Drive f: (WD1TB) (Fixed) (Total:931.5 GB) (Free:614.01 GB) (Model: WDC WDS100T2B0A-00SM50) NTFS
\\?\Volume{9ac8f989-0ed0-4d13-9f98-b9d091a80973}\ () (Fixed) (Total:0.57 GB) (Free:0.05 GB) NTFS
\\?\Volume{19aece43-3060-4db2-841b-aa37f58d5030}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 3 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2024-01-29.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-22-2024
# Duration: 00:00:01
# OS: Windows 11 (Build 22621.1194)
# Cleaned: 6
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\BSD\DriverHive
Deleted C:\ProgramData\BSD\DriverHiveEngine
Deleted C:\Users\Christopher\AppData\Roaming\Hola
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola
Deleted HKLM\Software\Wow6432Node\BSD
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1860 octets] - [22/02/2024 01:23:55]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
22.02.2024, 09:45
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 11: Möglicherweise einen Keylogger eingefangenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.02.2024, 09:55
| #5 | |
| | Windows 11: Möglicherweise einen Keylogger eingefangenZitat:
Ich bin nun etwas ratlos, mir fehlt auch das Know-How wie man denn eine 2FA umgehen kann, weil wenn ich das Konzept betrachte, sollte es eigentlich "bombensicher" sein - schließlich hat man ein Empfangsgerät, welches die Codes erhält. Gut, 2FA ist nicht gleich 2FA, jedoch habe ich nun Bedenken und möcjte nun prüfen, inwiefern mein System befallen ist. Also ist das für mich nun eine Ursachen-Suche, bei der ich meinen PC für das Erste als Hauptverdächtigen betrachte. Wenn der nicht das Hauptproblem sein sollte, gehe ich an die nächsten Möglichkeiten. Was mich auch verwirrt: Wieso bekomme ich nicht umgehend eine Nachricht, wenn sich fremde Geräte in meine Accounts einloggen? Wenn ich mich selbst einlogge, bekomme ich immer eine Code-Abfrage. |
|
22.02.2024, 11:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 11: Möglicherweise einen Keylogger eingefangen Ist dir klar wovon du redest? 2FA? 2FA verhindert eben genau das. Da reicht ein kompromittiertes Gerät nicht aus und auch nicht ein gestohlenes Passwort. Weil ein zweiter Faktor notwendig ist. Du tust hier aber so, als sei das alles außer Kraft gesetzt worden nur weil du irgendwelche Sachen bei Windows hast, die du nicht verstehst. Wenn du deinem System nicht mehr traust gibt es nur eine Lösung: komplette saubere Neuinstallation oder neuen Rechner kaufen.
__________________ --> Windows 11: Möglicherweise einen Keylogger eingefangen |
|
22.02.2024, 13:32
| #7 |
| | Windows 11: Möglicherweise einen Keylogger eingefangen Davon gehe ich ja auch aus und halte das für essentiell - aber wie konnte dann Zugang zu einem meiner Accounts ermöglicht werden? Ich finde das sehr verwirrend. Auch RogueKiller hat mir was ausgespuckt und einen Trojaner angezeigt - wie werde ich den nun endgültig los? Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.15.2.0
x64 : Yes
Program Date : Feb 19 2024
Location : C:\Users\Christopher\Downloads\RogueKiller_portable64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22631) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Christopher
User is Admin : Yes
Date : 2024/02/22 01:53:54
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 205
Found items : 21
Total scanned : 102086
Signatures Version : 20240216_101755
Truesight Driver : Yes
Updates Count : 21
************************* Warnings *************************
************************* Removal *************************
|
|
22.02.2024, 13:46
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 11: Möglicherweise einen Keylogger eingefangenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2024, 14:30
| #9 | |
| | Windows 11: Möglicherweise einen Keylogger eingefangenZitat:
Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.15.2.0
x64 : Yes
Program Date : Feb 19 2024
Location : C:\Users\Christopher\Downloads\RogueKiller_portable64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22631) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Christopher
User is Admin : Yes
Date : 2024/02/22 13:23:30
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 206
Found items : 15
Total scanned : 100576
Signatures Version : 20240216_101755
Truesight Driver : Yes
Updates Count : 21
************************* Warnings *************************
************************* Updates *************************
CPUID HWMonitor 1.52 (64-bit), version 1.52
[+] Available Version : 1.53
[+] Size : 3682304
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CPUID\HWMonitor\
CrystalDiskInfo 8.17.14 (64-bit), version 8.17.14
[+] Available Version : 9.2.3
[+] Size : 15324160
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CrystalDiskInfo\
Mozilla Firefox (x64 de) (64-bit), version 122.0.1
[+] Available Version : 123.0
[+] Size : 235853824
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Mozilla Firefox
TeamSpeak 3 Client (64-bit), version 3.5.6
[+] Available Version : 5.0.0
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\TeamSpeak 3 Client
Zoom (64-bit), version 5.16.5 (24296)
[+] Available Version : 5.17.31859
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\Christopher\AppData\Roaming\Zoom\bin
CPUID CPU-Z Aorus 2.05 (64-bit), version 2.05
[+] Available Version : 2.08
[+] Size : 10494976
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CPUID\CPU-Z Aorus\
ROG Live Service (64-bit), version 2.3.6.0
[+] Available Version : 2.3.13.0
[+] Size : 17652736
[+] Wow6432 : No
[+] Portable : No
Elgato Game Capture HD (64-bit), version 3.70.55.3055
[+] Available Version : 3.70.56.3056
[+] Size : 487967744
[+] Wow6432 : No
[+] Portable : No
Bonjour (32-bit), version 3.0.0.10
[+] Available Version : 3.1.0.1
[+] Size : 2101248
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Bonjour\
NVIDIA Graphics Driver 551.23 (64-bit), version 551.23
[+] Available Version : 551.52
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{464C93EA-0C51-44BE-A327-C9061053AC93}
Paradox Launcher v2 (64-bit), version 2.2.0
[+] Available Version : 2.4.0
[+] Size : 91325440
[+] Wow6432 : No
[+] Portable : No
ARMOURY CRATE Lite Service (64-bit), version 5.7.9
[+] Available Version : 5.8.6
[+] Size : 88182784
[+] Wow6432 : No
[+] Portable : No
Creative App Version 1.13.07.00 (32-bit), version 1.13.07.00
[+] Available Version : 1.16.16.00
[+] Size : 101160960
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Creative\Creative App\
Dolby Digital Live Pack Version 5.02.00 (32-bit), version 5.02.00
[+] Available Version : 5.02.01
[+] Size : 3031040
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Creative\Dolby Digital Live Pack\
DTS Connect Pack Version 3.02.00 (32-bit), version 3.02.00
[+] Available Version : 3.02.01
[+] Size : 3319808
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Creative\DTS Connect Pack\
Escape from Tarkov (64-bit), version 0.14.0.1.28476
[+] Available Version : 0.14.1.0.28744
[+] Size : 438041600
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Battlestate Games\Escape from Tarkov
VGA (32-bit), version 3.01.04
[+] Available Version : 3.01.05
[+] Size : 0
[+] Wow6432 : Yes
[+] Portable : No
GOG GALAXY (32-bit), version 2.0.73.27
[+] Available Version : 51.1052.0.0
[+] Size : 536745984
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\GOG Galaxy\
TechPowerUp GPU-Z (32-bit), version 2.56.0
[+] Available Version : 2.57.0
[+] Size : 9931776
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\GPU-Z\
RGB Fusion (32-bit), version 3.22.0713.1
[+] Available Version : 3.23.0328.1
[+] Size : 187617280
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\GIGABYTE\RGBFusion\
Microsoft Teams classic (32-bit), version 1.6.00.29964
[+] Available Version : 1.7.00.5155
[+] Size : 142789632
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Users\Christopher\AppData\Local\Microsoft\Teams
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
>>>>>> O4 - Run
└── [Tr.Gen (Bösartig)] (X64) HKEY_USERS\S-1-5-21-2108826960-4211556212-834145737-1001\Software\Microsoft\Windows\CurrentVersion\Run|advapi32 -- wscript.exe "C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\advapi32.js" -> Gefunden
>>>>>> O87 - Firewall
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{29F7DC2C-42EE-4685-9EDD-BB7262942A14}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{369E47C3-A8A2-4B06-9C56-9A6D1DF387A4}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C1FC94E3-6D2B-4B1D-9E48-3DC359426A6D}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{39C14C15-E0EC-44AB-A449-1E85F6AE13F4}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4AF26082-75F0-4FC4-95AE-0FC67F4E1006}C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{A9AE98A6-1AB8-4A10-8129-0222CB7601C4}C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{982F0EFC-DDC0-4B7C-B834-359D854DE117}C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8E8C038F-8237-43FA-BB42-C46586C72A9F}C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E7A75334-2147-425B-BE01-17D8EE47C867}C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe|Name=blobby.exe|Desc=blobby.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{709BA635-26D0-4867-9A68-BEB9CACD639E}C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe|Name=blobby.exe|Desc=blobby.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{38763CC1-B7C6-4EBA-9467-4A94E73803B6}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
└── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B73908E5-9F0F-4426-8F3C-DE3AFF3D5E79}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
[Tr.Gen (Bösartig)] (folder) Windows NT -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT -> Gefunden
************************* Web Browsers *************************
>>>>>> Firefox Config
└── [PUM.Proxy (Potenziell bösartig)] network.proxy.type (C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2q1on2jj.default-release\prefs.js) -- 2 -> Gefunden
************************* Antirootkit *************************
|
|
22.02.2024, 14:35
| #10 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 11: Möglicherweise einen Keylogger eingefangenZitat:
Zitat:
 Firefox-NeuinstallationBitte den Firefox komplett neu installieren. Sichere - falls wichtig - vorher wichtige Lesezeichen, gespeicherte Passwörter etc. 1. aktuelles Firefox-Setup (für 64-Bit-Windows) runterladen 2. Firefox deinstallieren 3. den Ordner C:\Programme\Mozilla Firefox manuell löschen falls noch vorhanden 4. Firefox neu installieren über die in (1) heruntergeladene Setupdatei 5. Anschließend nochmal ein neues Profil erstellen siehe Profilverwaltung von Firefox
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2024, 15:08
| #11 |
| | Windows 11: Möglicherweise einen Keylogger eingefangen Ich sollte wohl so einige Programme deinstallieren. Habe den nun nach Leitfaden neu aufgesetzt. Code:
ATTFilter >>>>>> O4 - Run
└── [Tr.Gen (Bösartig)] (X64) HKEY_USERS\S-1-5-21-2108826960-4211556212-834145737-1001\Software\Microsoft\Windows\CurrentVersion\Run|advapi32 -- wscript.exe "C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\advapi32.js" -> Gefunden
|
|
22.02.2024, 15:52
| #12 |
| /// TB-Ausbilder | Windows 11: Möglicherweise einen Keylogger eingefangen Auf dem System hier befindet sich Malware. Wir können sie entfernen. Ich bereite einen Fix vor. |
|
22.02.2024, 16:18
| #13 |
| /// TB-Ausbilder | Windows 11: Möglicherweise einen Keylogger eingefangen Interessante (und gut getarnte) Malware, die du da auf dem System hast. Wir beginnen mit einer ersten Reparatur mit FRST. Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
Schritt 2 FRST erstellt eine Zip-Datei mit dem Muster Datum_Uhrzeit.zip auf dem Desktop, zum Beispiel 20.02.2023_11.33.52.zip. Bitte lade diese Datei bei WeTransfer hoch. Klicke dazu auf Datei hochladen und wähle die erwähnte zip Datei aus. Klicke auf die drei Punkte ... und wähle Übertragungslink erstellen aus. Klicke auf Erhalte einen Link. Dies dauert ein wenig. In Kürze erhältst du einen Link angezeigt. Kopiere den gesamten Link und füge ihn deiner nächsten Antwort hinzu. Geändert von M-K-D-B (22.02.2024 um 17:03 Uhr) |
|
22.02.2024, 18:03
| #14 |
| | Windows 11: Möglicherweise einen Keylogger eingefangen Ich bedanke mich demütigst für deine Zeit und Mühe! Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
durchgeführt von Christopher (22-02-2024 17:58:13) Run:1
Gestartet von C:\Users\Christopher\Downloads
Geladene Profile: Christopher
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [GalaxyClient] => [X]
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {D521011B-1944-4205-AE7A-284D8D14121A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Keine Datei)
Task: {7C989995-8C0F-4EF5-95C1-D48EF41D85BC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
S3 KSUSBfilt64; \SystemRoot\system32\drivers\KSUSBfilt64.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
Unlock: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT
Folder: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT
CMD: type "C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\shdoclc.js"
HKU\S-1-5-21-2108826960-4211556212-834145737-1001\...\Run: [shdoclc] => wscript.exe "C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\shdoclc.js" [185 2024-02-22] () [Datei ist nicht signiert]
C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT
C:\Users\Christopher\AppData\Roaming\Java
C:\ProgramData\DNTException
C:\Users\Christopher\OneDrive\Dokumente\Atlantis
C:\Users\Christopher\AppData\Roaming\UIRmake
C:\Users\Christopher\AppData\Roaming\Atlantis
C:\ProgramData\Canon_Inc_IC
C:\ProgramData\Atlantis
Task: {B906CCB5-5C8A-40F7-8C3D-CE9C670DD808} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{0E7C8859-48CD-4CE0-B2AB-5D1A378421EE} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ACHTUNG
C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0
C:\Windows\System32\Tasks\GoogleSystem
S2 GoogleUpdaterInternalService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ACHTUNG
S2 GoogleUpdaterService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ACHTUNG
2023-03-06 14:59 - 2023-03-16 20:45 - 000015648 _____ () C:\Users\Christopher\AppData\Roaming\-1271964237
2021-12-19 17:44 - 2021-12-19 17:44 - 000000389 _____ () C:\Users\Christopher\AppData\Roaming\x4jo2D4GcQ
2022-08-09 15:47 - 2022-08-09 15:47 - 000005966 _____ () C:\Users\Christopher\AppData\Local\1661597446
2022-03-14 19:30 - 2022-03-14 19:30 - 000006246 _____ () C:\Users\Christopher\AppData\Local\2240114613
2023-04-16 13:48 - 2023-04-16 13:48 - 000003998 _____ () C:\Users\Christopher\AppData\Local\3260404094
2023-06-09 12:50 - 2024-01-15 10:45 - 000005254 _____ () C:\Users\Christopher\AppData\Local\357009403
2022-11-25 20:58 - 2022-11-25 20:58 - 000006254 _____ () C:\Users\Christopher\AppData\Local\3663574423
2023-05-17 19:13 - 2023-05-17 19:13 - 000005382 _____ () C:\Users\Christopher\AppData\Local\91114846003
2023-04-17 21:05 - 2023-04-17 21:05 - 000005998 _____ () C:\Users\Christopher\AppData\Local\9154164905
2023-05-21 13:23 - 2023-05-21 13:23 - 000005894 _____ () C:\Users\Christopher\AppData\Local\92328901638
2023-03-19 20:53 - 2023-03-19 20:53 - 000006598 _____ () C:\Users\Christopher\AppData\Local\92557321650
2023-02-21 19:34 - 2023-02-21 19:34 - 000006598 _____ () C:\Users\Christopher\AppData\Local\92580481036
2023-02-23 22:19 - 2023-02-23 22:19 - 000006598 _____ () C:\Users\Christopher\AppData\Local\92761170034
2023-03-01 21:47 - 2023-03-09 19:00 - 000006598 _____ () C:\Users\Christopher\AppData\Local\93803181808
2023-12-08 00:46 - 2023-12-08 00:46 - 000005998 _____ () C:\Users\Christopher\AppData\Local\9437468409
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
Hosts:
RemoveProxy:
Zip: C:\FRST\Quarantine
EmptyTemp:
End::
*****************
SystemRestore: On => abgeschlossen
Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
"HKU\S-1-5-21-2108826960-4211556212-834145737-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D521011B-1944-4205-AE7A-284D8D14121A}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D521011B-1944-4205-AE7A-284D8D14121A}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C989995-8C0F-4EF5-95C1-D48EF41D85BC}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C989995-8C0F-4EF5-95C1-D48EF41D85BC}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Rockstar Service => erfolgreich entfernt
Rockstar Service => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\EAAntiCheat => erfolgreich entfernt
EAAntiCheat => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\KSUSBfilt64 => erfolgreich entfernt
KSUSBfilt64 => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\WinSetupMon => erfolgreich entfernt
WinSetupMon => Dienst erfolgreich entfernt
"C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT" => wurde entsperrt
========================= Folder: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT ========================
2024-02-22 03:01 - 2024-02-22 03:01 - 000000185 ___AH [0101322D033F722A01D8BD7B4EB02F4F] () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\appmgr.js
====== Ende von Folder: ======
========= type "C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\shdoclc.js" =========
Das System kann die angegebene Datei nicht finden.
========= Ende von CMD: =========
"HKU\S-1-5-21-2108826960-4211556212-834145737-1001\Software\Microsoft\Windows\CurrentVersion\Run\\shdoclc" => nicht gefunden
"C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT" Ordner verschieben:
C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT => erfolgreich verschoben
"C:\Users\Christopher\AppData\Roaming\Java" Ordner verschieben:
C:\Users\Christopher\AppData\Roaming\Java => erfolgreich verschoben
"C:\ProgramData\DNTException" Ordner verschieben:
C:\ProgramData\DNTException => erfolgreich verschoben
"C:\Users\Christopher\OneDrive\Dokumente\Atlantis" Ordner verschieben:
C:\Users\Christopher\OneDrive\Dokumente\Atlantis => erfolgreich verschoben
"C:\Users\Christopher\AppData\Roaming\UIRmake" Ordner verschieben:
C:\Users\Christopher\AppData\Roaming\UIRmake => erfolgreich verschoben
"C:\Users\Christopher\AppData\Roaming\Atlantis" Ordner verschieben:
C:\Users\Christopher\AppData\Roaming\Atlantis => erfolgreich verschoben
"C:\ProgramData\Canon_Inc_IC" Ordner verschieben:
C:\ProgramData\Canon_Inc_IC => erfolgreich verschoben
"C:\ProgramData\Atlantis" Ordner verschieben:
C:\ProgramData\Atlantis => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B906CCB5-5C8A-40F7-8C3D-CE9C670DD808}" => nicht gefunden
"C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{0E7C8859-48CD-4CE0-B2AB-5D1A378421EE}" => nicht gefunden
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{0E7C8859-48CD-4CE0-B2AB-5D1A378421EE}" => nicht gefunden
"C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0" => nicht gefunden
"C:\Windows\System32\Tasks\GoogleSystem" => nicht gefunden
GoogleUpdaterInternalService123.0.6288.0 => Dienst nicht gefunden.
GoogleUpdaterService123.0.6288.0 => Dienst nicht gefunden.
C:\Users\Christopher\AppData\Roaming\-1271964237 => erfolgreich verschoben
C:\Users\Christopher\AppData\Roaming\x4jo2D4GcQ => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\1661597446 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\2240114613 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\3260404094 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\357009403 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\3663574423 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\91114846003 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\9154164905 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\92328901638 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\92557321650 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\92580481036 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\92761170034 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\93803181808 => erfolgreich verschoben
C:\Users\Christopher\AppData\Local\9437468409 => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => konnte nicht entfernt werden, Schlüssel könnte geschützt sein
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => erfolgreich entfernt
"C:\WINDOWS\system32\GroupPolicy\Machine" Ordner verschieben:
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= netsh winhttp reset proxy =========
Aktuelle WinHTTP-Proxyeinstellungen:
DirectAccess (kein Proxyserver).
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= Ende von CMD: =========
========= Winmgmt /salvagerepository =========
Das WMI-Repository ist konsistent.
========= Ende von CMD: =========
========= Winmgmt /verifyrepository =========
Das WMI-Repository ist konsistent.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2108826960-4211556212-834145737-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2108826960-4211556212-834145737-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
================== Zip: ===================
C:\FRST\Quarantine -> erfolgreich kopiert zu C:\Users\Christopher\OneDrive\Desktop\22.02.2024_17.58.36.zip
=========== Zip: Ende ===========
=========== EmptyTemp: ==========
FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22451202 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1417967372 B
Windows/system/drivers => 30802303 B
Edge => 0 B
Firefox => 110703715 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 191865832 B
systemprofile32 => 191865832 B
LocalService => 192617044 B
NetworkService => 193569310 B
Christopher => 271528612 B
RecycleBin => 189529500 B
EmptyTemp: => 2.6 GB temporäre Dateien entfernt.
================================
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 22-02-2024 17:59:34)
Ergebnis der geplanten Schlüssel-Entfernung nach dem Neustart:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => konnte nicht entfernt werden, Schlüssel könnte geschützt sein
==== Ende vom Fixlog 17:59:34 ====
https://we.tl/t-buFaSthfMN Ich bin auch immer neugierig: Kannst du denn den Schaden bereits abschätzen bzw. aus der Ferne mir sagen, welche Prozesse die Malware hier eingeleitet hat? Danke dir!!! |
|
22.02.2024, 19:04
| #15 | |
| /// TB-Ausbilder | Windows 11: Möglicherweise einen Keylogger eingefangenZitat:
Ich schau mir das mal an. Bitte zur Kontrolle mit FRST einen neuen Suchlauf ausführen: Schritt 1
|
|
| Themen zu Windows 11: Möglicherweise einen Keylogger eingefangen |
| administrator, adobe, bonjour, computer, defender, desktop, firefox, homepage, installation, internet, mozilla, nvidia, prozesse, realtek, registry, rundll, scan, server, services.exe, sicherheit, svchost.exe, system, updates, windows, wiso |
Linear-Darstellung
