Win10: Autostart plötzlich verlangsamt und Installation von Malwarebytes funktioniert nicht (Zu viele Zeichen, Logs aufgeteilt)

ChristopherN · 01.09.2021, 00:56

Hallo alle zusammen,

tut mir Leid für den Post zu so später Stunde, aber wie ihr euch vorstellen könnt, habe ich ein Problem.

Scheinbar habe ich mir einen Virus eingefangen (tippe auf Trojaner) und merke es indem das System einfach nicht mehr so rund läuft wie vorher. Wenn ich Maßnahmen ergreife um Schädlinge zu bekämpfen, startet das System neu. Beim Versuch der Installation von Malwarebytes Anti-Malware, kooperiert das System nicht, das Fenster welches die Installation abschließen sollte ist verdächtig klein und der PC startet neu. Dieser läuft trotz SSD viel zu langsam und wenn ich wieder auf dem Desktop bin, muss ich ca. zwei Neustarts ertragen.

Nachdem er das zweite Mal gestartet ist, erhalte ich die Fehlermeldung, dass das Programm nicht installiert werden konnte. Zusätzlich öffnete sich ein ungefragt mein Internet-Browser mit der Seite "humisnee.com", welche uBlock konsequent blockierte. Spätestens hier war mir dann klar, dass mein System befallen ist. Mit der Zurücksetzung von Chrome konnte ich dieses Problem bewältigen, der Prozessor aber immer noch zu sehr belastet, obwohl eigentlich nichts wirklich läuft (abseits vom Browser). Des Weiteren kann der Windows Defender auch nicht richtig arbeiten, bei einem vollständigen Scan folgt mitten im Prozess ein Neustart.

Ich habe wie im Leitfaden gewollt, die Logs angefertigt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2021
durchgeführt von Christopher (Administrator) auf CHRISTOPHER-PC (01-09-2021 01:37:52)
Gestartet von C:\Users\Christopher\Downloads
Geladene Profile: Christopher
Platform: Windows 10 Pro Version 20H2 19042.1165 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

() [Datei ist nicht signiert] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe
() [Datei ist nicht signiert] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(A-Volute -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_799504293a3d3200\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skutta, Kristjan -> ) F:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279432 2018-06-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SVLoadSense] => c:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe [1762000 2015-09-21] (Savitech Corp. -> SAVITECH)
HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [560096 2019-11-18] (A-Volute -> ASUSTeK COMPUTER INC.)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2020-12-03] () [Datei ist nicht signiert]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1706224 2021-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [Spotify] => C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe [24731784 2021-08-25] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [136443296 2021-08-19] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [HolySnowflake] => C:\WINDOWS\rss\csrss.exe [4655616 2021-08-31] () [Datei ist nicht signiert] <==== ACHTUNG
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [WallpaperEngine] => F:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe [2652832 2021-06-22] (Skutta, Kristjan -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-19] (Google LLC -> Google LLC)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2021-03-12]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Christopher\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01264865-B482-4405-902E-71A75299F338} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [4655616 2021-08-31] () [Datei ist nicht signiert] <==== ACHTUNG
Task: {0D87FFA4-2A92-458D-81CD-835B88F8B933} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21858176 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1AA06C71-D580-411B-9EF0-6331FD36FB05} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {2430E92B-4C1A-47AD-9744-29673B69F642} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2A7EB5B1-0961-4EDD-A601-4BD14778CED6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {327602FC-5A5E-4DA3-9318-7399043648F9} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {348E5E01-FB54-40CE-99D2-1ADAF914A00A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {489FE668-0D6E-4E3F-82A3-37371BB02398} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [560096 2019-11-18] (A-Volute -> ASUSTeK COMPUTER INC.)
Task: {4CA26CA2-C2EA-4442-8BDE-B68FA18888E1} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3197034990-4118748310-3737670740-1001 => C:\Users\Christopher\AppData\Local\MEGAsync\MEGAupdater.exe [1818360 2021-01-28] (Mega Limited -> Mega Limited)
Task: {4F009ED0-2847-4814-896F-F87D090EE317} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {55338FE0-5552-4BDE-8139-AE31CCB249FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {592BBC68-DE1F-4726-907A-D2646DE02453} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66BF75BE-8CAC-47B8-98C7-0183D1213032} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {694E1F37-155D-4159-8645-C5D3D5D141A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EFD521B-9350-48AC-A8B0-1853D9277044} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {73546B27-B5C7-478E-BA15-C3894986D0B8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {740F0D58-99BB-4B94-B500-44C308213283} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3197034990-4118748310-3737670740-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {76993510-EA8D-444D-8F90-7BA5310E05DE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {886727CE-E8D1-49A3-9DA3-43D90AABA41B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113496 2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {9189E8CB-6525-4B18-9C12-0FF1C4CB0808} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97BAE3E6-361A-4907-BB42-C31DDEE7B187} - System32\Tasks\SS2Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe [2746368 2019-11-18] () [Datei ist nicht signiert]
Task: {9EF7CFB7-71E2-420E-8283-0C36D6E1B044} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113496 2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {B12AF696-86A9-4064-92AB-0EF147059B3E} - System32\Tasks\SS2Svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe [486400 2019-11-18] () [Datei ist nicht signiert]
Task: {B67224FB-82D6-4FE9-AFF1-60247D4CA388} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21858176 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B75CBDE9-4F7B-43D7-95CC-3778539054F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {BC4697AA-BC75-4538-A5C0-EA8199B71F1C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CCF1B205-711C-46B8-BC07-2674066361BA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D2745F06-E12D-46C9-BDCE-70017582F71F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D986A08A-5352-4898-8B5E-0E374DBECB1A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {DC824065-CE9F-41FE-944D-F34FDF943142} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {FE8FB68B-920C-4AA8-A4DA-C8F9F740DD69} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{44ade80c-d8da-4085-806e-b22f78a67def}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\Christopher\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-25]

FireFox:
========
FF DefaultProfile: xa1uws8m.default
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\xa1uws8m.default [2021-08-31]
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\9h3w3419.default-release [2021-09-01]
FF Homepage: Mozilla\Firefox\Profiles\9h3w3419.default-release -> web.de
FF Extension: (uBlock Origin) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\9h3w3419.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-08-19]
FF Extension: (Video DownloadHelper) - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\9h3w3419.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-06]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2021-02-04] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default [2021-09-01]
CHR StartupUrls: Default -> "hxxps://web.de/"
CHR Extension: (Präsentationen) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-29]
CHR Extension: (BetterTTV) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2021-08-29]
CHR Extension: (Docs) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-29]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (XN Price Checker) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkmdbhpfhmbgmbphejlepfcphjfaaej [2021-08-31]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-29]
CHR Extension: (uBlock Origin) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-30]
CHR Extension: (Tampermonkey) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-06-03]
CHR Extension: (Augmented Steam) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhpnfgdlenaccegplpojghhmaamnnfp [2021-07-08]
CHR Extension: (Dark Reader) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-07-08]
CHR Extension: (Tabellen) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-28]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-06-07] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9166736 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
R2 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [9901464 2021-08-31] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2021-04-16] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1955680 2021-08-07] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-08-07] (GOG Sp. z o.o. -> GOG.com)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10787232 2021-08-19] (Logitech Inc -> Logitech, Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1856816 2021-08-03] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefender; C:\WINDOWS\windefender.exe [0 0000-00-00] (Zugriff verweigert) <==== ACHTUNG (Zugriff verweigert) <==== ACHTUNG
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_799504293a3d3200\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_799504293a3d3200\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 e60MZ0380.X64; C:\WINDOWS\System32\drivers\e60MZ0380.X64.SYS [4263688 2020-10-28] (Corsair Memory, Inc. -> )
R3 ElgatoVAD; C:\WINDOWS\System32\drivers\ElgatoVAD.sys [39208 2020-11-08] (Elgato Systems LLC -> Elgato Systems GmbH)
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-08-19] (Logitech Inc -> Logitech)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2018-04-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [37200 2021-08-19] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [25928 2021-08-19] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66896 2021-08-19] (Logitech Inc -> Logitech)
R1 SvThLSNS; c:\Program Files (x86)\SAVITECH\SVLoadSense\x64\SvThLSNS.sys [15184 2015-09-21] (Savitech Corp. -> Windows (R) Win 7 DDK provider)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2019-10-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2021-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ACHTUNG (Null Byte Datei/Ordner)
R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2021-08-31] (WDKTestCert Admin,131666266076831434 -> ) [Datei ist nicht signiert] <==== ACHTUNG
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2021-01-24] (WireGuard LLC -> WireGuard LLC)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-09-01 01:37 - 2021-09-01 01:38 - 000024964 _____ C:\Users\Christopher\Downloads\FRST.txt
2021-09-01 01:35 - 2021-09-01 01:38 - 000000000 ____D C:\FRST
2021-09-01 01:35 - 2021-09-01 01:35 - 002301440 _____ (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2021-09-01 01:14 - 2021-09-01 01:14 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-01 01:14 - 2021-09-01 01:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-01 01:14 - 2021-09-01 01:14 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-01 01:13 - 2021-09-01 01:13 - 002120496 _____ (Malwarebytes) C:\Users\Christopher\Downloads\MBSetup.exe
2021-08-31 22:16 - 2021-08-31 22:16 - 114679563 _____ C:\Users\Christopher\Downloads\RGB_Fusion_B21.0608.1.zip
2021-08-31 22:16 - 2021-08-31 22:16 - 078091304 _____ C:\Users\Christopher\Downloads\mb_driver_61_intel_25.6.zip
2021-08-31 22:16 - 2021-08-31 22:16 - 052626373 _____ C:\Users\Christopher\Downloads\mb_driver_597_chipset_2.15.07.2229.zip
2021-08-31 22:15 - 2021-08-31 22:15 - 018471854 _____ C:\Users\Christopher\Downloads\mb_driver_612_realtekdch_6.0.9126.1.zip
2021-08-31 22:14 - 2021-08-31 22:14 - 011297296 _____ C:\Users\Christopher\Downloads\mb_bios_x570-aorus-elite_f35.zip
2021-08-31 12:04 - 2021-08-31 12:04 - 001400244 _____ C:\Users\Christopher\Downloads\BA - Michael Becker 2021.pdf
2021-08-31 11:39 - 2021-08-31 11:39 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-31 11:39 - 2021-08-31 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-31 11:03 - 2021-08-31 11:03 - 000036096 _____ C:\WINDOWS\system32\Drivers\WinmonProcessMonitor.sys
2021-08-31 11:02 - 2021-09-01 01:24 - 000003290 _____ C:\WINDOWS\system32\Tasks\csrss
2021-08-28 14:25 - 2021-08-28 14:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-08-28 10:20 - 2021-08-28 10:20 - 000000000 ____D C:\Users\Christopher\AppData\Local\SolidDocuments
2021-08-28 01:01 - 2021-08-28 01:01 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-08-28 01:01 - 2021-08-28 01:01 - 000000000 ____D C:\Program Files\Adobe
2021-08-28 01:00 - 2021-08-28 01:01 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-08-26 10:40 - 2021-08-29 11:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-23 11:56 - 2021-08-23 11:56 - 000000000 ____D C:\Users\Christopher\AppData\Local\Blairwitch
2021-08-22 09:38 - 2021-08-22 09:38 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\WeMod
2021-08-22 09:34 - 2021-08-22 09:38 - 000000000 ____D C:\Users\Christopher\AppData\Local\WeMod
2021-08-21 14:20 - 2021-08-21 14:20 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\Diablo II
2021-08-19 22:06 - 2021-08-19 22:06 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\Nomada
2021-08-19 17:31 - 2021-08-19 17:31 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\KillHouseGames
2021-08-19 16:56 - 2021-09-01 01:24 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\LGHUB
2021-08-19 16:56 - 2021-09-01 01:24 - 000000000 ____D C:\Users\Christopher\AppData\Local\LGHUB
2021-08-19 16:55 - 2021-08-19 16:56 - 000000000 ____D C:\ProgramData\LGHUB
2021-08-19 16:55 - 2021-08-19 16:56 - 000000000 ____D C:\Program Files\LGHUB
2021-08-19 16:55 - 2021-08-19 16:55 - 000066896 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2021-08-19 16:55 - 2021-08-19 16:55 - 000037200 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2021-08-19 16:55 - 2021-08-19 16:55 - 000025928 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2021-08-19 16:55 - 2021-08-19 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-08-16 18:58 - 2021-08-16 18:58 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-08-16 18:56 - 2021-08-06 10:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-16 18:56 - 2021-08-06 10:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-08-16 18:56 - 2021-08-06 10:45 - 001474672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-08-16 18:56 - 2021-08-06 10:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-16 18:56 - 2021-08-06 10:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-08-16 18:56 - 2021-08-06 10:45 - 001212536 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-08-16 18:56 - 2021-08-06 10:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-08-16 18:56 - 2021-08-06 10:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-08-16 18:56 - 2021-08-06 10:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-16 18:56 - 2021-08-06 10:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-08-16 18:56 - 2021-08-06 10:42 - 000716928 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-08-16 18:56 - 2021-08-06 10:42 - 000645248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-08-16 18:56 - 2021-08-06 10:42 - 000577152 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 002112144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 001595536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 001171088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 000919184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 000750200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-08-16 18:56 - 2021-08-06 10:41 - 000676480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-08-16 18:56 - 2021-08-06 10:41 - 000564352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-08-16 18:56 - 2021-08-06 10:40 - 008854136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-08-16 18:56 - 2021-08-06 10:40 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-08-16 18:56 - 2021-08-06 10:40 - 005680768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-08-16 18:56 - 2021-08-06 10:40 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-08-16 18:56 - 2021-08-06 10:40 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-08-16 18:56 - 2021-08-06 10:40 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-08-16 18:56 - 2021-08-06 10:39 - 000849024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-08-16 18:56 - 2021-08-06 10:38 - 006215808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-08-16 18:56 - 2021-08-05 23:12 - 000083062 _____ C:\WINDOWS\system32\nvinfo.pb
2021-08-13 10:06 - 2021-08-13 10:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-13 10:06 - 2021-08-13 10:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-13 10:06 - 2021-08-13 10:06 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-13 10:06 - 2021-08-13 10:06 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-13 10:06 - 2021-08-13 10:06 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-13 10:06 - 2021-08-13 10:06 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-13 10:05 - 2021-08-13 10:05 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-13 10:01 - 2021-08-13 10:01 - 000000000 ___HD C:\$WinREAgent
2021-08-11 10:51 - 2021-08-11 10:51 - 000430261 _____ C:\Users\Christopher\Downloads\Leitfaden_zur_Anfertigung_wissenschaftlicher_Arbeiten_am_Historischen_Institut.pdf
2021-08-11 09:01 - 2021-08-30 22:33 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\My Digital Editions
2021-08-11 09:01 - 2021-08-11 09:01 - 000000000 ____D C:\Users\Christopher\AppData\Local\Adobe_Systems_Incorporate
2021-08-11 08:50 - 2021-08-11 08:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2021-08-10 11:26 - 2021-08-10 11:26 - 000000000 ____D C:\Users\Christopher\AppData\Local\FlightSimulator
2021-08-05 20:07 - 2021-08-05 20:07 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\evox

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-09-01 01:29 - 2020-10-29 20:15 - 001927624 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-01 01:29 - 2019-12-07 16:51 - 000819564 _____ C:\WINDOWS\system32\perfh007.dat
2021-09-01 01:29 - 2019-12-07 16:51 - 000182262 _____ C:\WINDOWS\system32\perfc007.dat
2021-09-01 01:29 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-01 01:25 - 2020-10-29 20:24 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-01 01:25 - 2020-10-29 20:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-01 01:24 - 2020-10-30 09:56 - 000000000 ____D C:\Users\Christopher\AppData\Local\CrashDumps
2021-09-01 01:23 - 2020-09-27 09:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-01 01:23 - 2020-09-27 07:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-01 01:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-09-01 01:23 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-01 01:23 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-09-01 01:06 - 2020-10-29 20:25 - 000000000 ____D C:\Program Files (x86)\Steam
2021-08-31 22:54 - 2020-09-27 07:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-31 21:19 - 2020-10-29 22:01 - 000000000 ____D C:\Users\Christopher\AppData\Local\Spotify
2021-08-31 21:09 - 2020-10-29 22:01 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Spotify
2021-08-31 18:25 - 2020-10-29 21:11 - 000000000 ____D C:\Users\Christopher\AppData\LocalLow\Mozilla
2021-08-31 18:18 - 2020-10-29 21:10 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-31 14:54 - 2020-10-29 21:26 - 000000000 ____D C:\Users\Christopher\AppData\Local\Battle.net
2021-08-31 12:09 - 2020-10-29 20:16 - 000000000 ____D C:\Users\Christopher\AppData\Local\Packages
2021-08-31 11:41 - 2020-10-29 20:27 - 000000000 ____D C:\Program Files\WinRAR
2021-08-31 10:16 - 2020-10-29 22:18 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-08-30 22:35 - 2020-10-29 21:02 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\discord
2021-08-30 22:33 - 2020-10-29 21:02 - 000000000 ____D C:\Users\Christopher\AppData\Local\Discord
2021-08-29 14:06 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-29 14:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-29 11:09 - 2020-10-29 21:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-28 21:18 - 2020-09-27 09:36 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-28 17:17 - 2020-11-21 03:58 - 000000000 ____D C:\Users\Christopher\AppData\Local\StrongVPN
2021-08-28 15:23 - 2020-09-27 09:37 - 000000000 ____D C:\ProgramData\Packages
2021-08-28 14:25 - 2020-10-29 21:10 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-28 10:20 - 2020-10-29 20:16 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Adobe
2021-08-28 01:01 - 2020-10-29 21:11 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-08-28 01:01 - 2020-10-29 21:11 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-08-28 01:00 - 2020-10-29 21:10 - 000000000 ____D C:\ProgramData\Adobe
2021-08-27 00:05 - 2020-10-29 20:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-08-26 11:45 - 2020-10-29 20:52 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Sky Go
2021-08-23 10:49 - 2020-10-29 20:18 - 000000000 ____D C:\Users\Christopher\AppData\Local\PlaceholderTileLogoFolder
2021-08-23 09:59 - 2020-10-29 20:18 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3197034990-4118748310-3737670740-1001
2021-08-23 09:59 - 2020-10-29 20:14 - 000002417 _____ C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-22 13:25 - 2020-10-29 20:56 - 000000000 ____D C:\Users\Christopher\AppData\Local\D3DSCache
2021-08-22 09:38 - 2020-12-13 22:57 - 000000000 ____D C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2021-08-22 09:35 - 2020-10-29 21:02 - 000000000 ____D C:\Users\Christopher\AppData\Local\SquirrelTemp
2021-08-22 09:30 - 2021-04-05 20:24 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\Paradox Interactive
2021-08-21 14:32 - 2020-10-29 21:25 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-08-21 14:28 - 2020-10-29 21:25 - 000000000 ____D C:\Users\Christopher\AppData\Local\Blizzard Entertainment
2021-08-20 09:23 - 2020-12-17 23:40 - 000000000 ____D C:\Users\Christopher\OneDrive\Dokumente\My Games
2021-08-19 17:09 - 2020-10-29 20:20 - 000002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-19 16:57 - 2020-10-29 21:43 - 000000000 ____D C:\Users\Christopher\AppData\Local\Logitech
2021-08-19 16:56 - 2020-10-29 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
2021-08-19 16:19 - 2020-10-29 21:43 - 000000000 ____D C:\Users\Public\Logi
2021-08-18 16:12 - 2020-09-27 09:35 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 16:12 - 2020-09-27 09:35 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-17 21:47 - 2020-10-29 20:58 - 000000000 ____D C:\Users\Christopher\AppData\Local\Ubisoft Game Launcher
2021-08-17 20:28 - 2021-03-27 12:32 - 017023249 _____ C:\Users\Christopher\Downloads\fearlessrevolution.zip
2021-08-17 17:24 - 2021-03-18 18:40 - 000000000 ____D C:\Program Files\EA Games
2021-08-17 16:22 - 2020-10-29 20:44 - 002163152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-08-17 16:22 - 2020-10-29 20:44 - 000307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-08-17 16:22 - 2020-10-29 20:44 - 000213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-08-17 16:22 - 2020-10-29 20:44 - 000188856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-08-17 16:22 - 2020-10-29 20:44 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-08-17 16:22 - 2020-10-29 20:44 - 000061904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-08-17 16:15 - 2020-10-29 20:55 - 000000000 ____D C:\Users\Christopher\AppData\Local\NVIDIA
2021-08-15 11:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-08-15 00:39 - 2021-02-20 17:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-13 11:58 - 2020-09-27 07:33 - 000446360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-13 11:57 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-13 11:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-13 11:57 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-13 10:07 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-13 10:00 - 2020-11-01 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-13 09:59 - 2020-11-01 01:27 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-10 09:16 - 2020-10-29 20:18 - 000000000 ___RD C:\Users\Christopher\OneDrive
2021-08-07 15:41 - 2020-10-29 21:29 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2021-08-06 10:38 - 2020-10-29 20:22 - 007280848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-08-05 18:03 - 2020-10-29 20:20 - 000003632 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-05 18:03 - 2020-10-29 20:20 - 000003508 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-04 20:35 - 2020-09-27 09:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-02 23:30 - 2020-10-29 20:14 - 000000000 ____D C:\Users\Christopher

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2020-11-03 02:53 - 2020-11-03 02:53 - 000000050 _____ () C:\Users\Christopher\AppData\Roaming\Christopher
2021-04-06 10:35 - 2021-04-06 10:42 - 000000016 _____ () C:\Users\Christopher\AppData\Roaming\obs-virtualcam.txt

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

Ich bedanke mich im Voraus für jede erdenkliche Hilfe.

ChristopherN · 01.09.2021, 00:58

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-08-2021
durchgeführt von Christopher (01-09-2021 01:39:26)
Gestartet von C:\Users\Christopher\Downloads
Windows 10 Pro Version 20H2 19042.1165 (X64) (2020-10-29 18:12:05)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-3197034990-4118748310-3737670740-500 - Administrator - Disabled)
Christopher (S-1-5-21-3197034990-4118748310-3737670740-1001 - Administrator - Enabled) => C:\Users\Christopher
DefaultAccount (S-1-5-21-3197034990-4118748310-3737670740-503 - Limited - Disabled)
Gast (S-1-5-21-3197034990-4118748310-3737670740-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3197034990-4118748310-3737670740-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K Capture Utility (HKLM\...\{CE361A72-A4C8-4907-BFA4-214FD879D4AE}) (Version: 1.7.3.4757 - Elgato Systems)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 21.005.20060 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Asus Sonic Suite Plugins (HKLM-x32\...\{944d4c60-ef63-447b-b806-b3e5aee1c5d5}) (Version: 2.2.3901 - ASUSTeKcomputer.Inc)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.01075 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{F4C97B53-97C8-43B6-A6A1-97CE0286BAE0}) (Version: 4.10.01075 - Cisco Systems, Inc.) Hidden
CPUID CPU-Z 1.96 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.96 - CPUID, Inc.)
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
CrystalDiskInfo 8.9.0a (HKLM\...\CrystalDiskInfo_is1) (Version: 8.9.0a - Crystal Dew World)
Discord (HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EA Desktop (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.0.123.4987 - Electronic Arts) Hidden
EA Desktop (HKLM-x32\...\{d3e84f4a-a180-492d-985f-40cdbc8681a1}) (Version: 12.0.123.4987 - Electronic Arts)
Elgato Game Capture HD (HKLM\...\{D85B8C0A-5A15-4C9C-8AA7-6C1645D988B5}) (Version: 3.70.51.3051 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Far Cry 5 (HKLM-x32\...\Uplay Install 1803) (Version:  - Ubisoft)
Game Capture HD60 Pro v1.1.0.191 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.191 - Elgato Systems)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LauncherSetup (HKLM\...\{FF19684D-8021-463F-AA7E-571E15AA7B56}) (Version: 2.2.3901 - ASUSTeKcomputer.Inc) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.8.792 - Logitech)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.84 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.84 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.14326.20238 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{6a3b46d3-fbf1-4b22-8b42-48b675de6b81}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 91.0.2 (x64 de)) (Version: 91.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.2 - Mozilla)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
Pokémon Trading Card Game Online (HKLM-x32\...\{64016A5D-F7EF-47DF-B593-022F2F60D294}) (Version: 2.78.0 - The Pokémon Company International)
ProductDaemonSetup (HKLM\...\{75F6CB9F-0FDA-4772-9CC5-3058BAACBC9C}) (Version: 2.2.3901 - ASUSTeKcomputer.Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8468 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.45.416 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.9 - Rockstar Games)
Save Wizard for PS4 MAX  (HKLM-x32\...\{D0DDCFB5-446F-423A-8C72-6CFE537AF959}) (Version: 1.1.0.0 - DataPower)
Sky Go 21.5.2.0 (HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\com.bskyb.skygoplayer_is1) (Version: 21.5.2.0 - Sky)
SonicRadarSetup (HKLM\...\{81890295-5074-4624-A1EE-D4A3D9CE27D6}) (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (HKLM\...\{F6D01C22-98BB-4057-A08B-3EC204A76FDF}) (Version: 2.2.3901 - ASUSTeKcomputer.Inc) Hidden
Spotify (HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Spotify) (Version: 1.1.66.580.gbd43cbc9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrongVPN (HKLM\...\{1F0FB659-502A-4BF3-AB40-D25BB14FE36C}) (Version: 2.6.2.0 - Strong Technology, LLC) Hidden
StrongVPN (HKLM-x32\...\{9d65bde1-0048-4fe8-bf48-02b946435252}) (Version: 2.6.2.0 - Strong Technology, LLC)
SVLoadSense (HKLM-x32\...\{C4226734-F925-448C-8F15-0D5419F003DF}) (Version: 1.0.12 - SAVITECH)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
TegraRcmGUI (HKLM-x32\...\{FD7196C9-BD86-4736-AF9D-7CFCB9E03E67}) (Version: 2.6.0 - eliboa) Hidden
TegraRcmGUI (HKLM-x32\...\TegraRcmGUI 2.6.0) (Version: 2.6.0 - eliboa)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 115.2.10179 - Ubisoft)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4D5A9B21-79F9-11E6-AAC4-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Windows-Treiberpaket - libusbK Nintendo Switch APX Mode (04/27/2014 3.0.7.0) (HKLM\...\5C4BD94286C931BB5D47200B4AF1D1B99B3C08AB) (Version: 04/27/2014 3.0.7.0 - libusbK)
WinRAR 6.02 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)

Packages:
=========
Age of Empires IV -> C:\Program Files\WindowsApps\Microsoft.Cardinal_0.1.0.0_x64__8wekyb3d8bbwe [2021-06-17] (Microsoft Studios)
Battletoads -> C:\Program Files\WindowsApps\Microsoft.Frogspawn_1.4.2718.0_x64__8wekyb3d8bbwe [2020-10-30] (Microsoft Studios)
Bridge Constructor Portal -> C:\Program Files\WindowsApps\HeadupGames.BridgeConstructorPortal_5.0.173.2_x64__zedvb25zy7eke [2020-10-30] (Headup Games)
Call of The Sea -> C:\Program Files\WindowsApps\RawFury.CallofTheSeaW10_1.5.15.0_x64__9s0pnehqffj7t [2021-08-27] (Raw Fury)
Celeste -> C:\Program Files\WindowsApps\MattMakesGamesInc.Celeste_20.9.11.2_x64__79daxvg0dq3v6 [2021-01-06] (Matt Makes Games Inc.)
Cuphead -> C:\Program Files\WindowsApps\StudioMDHR.20872A364DAA1_1.2.4.2_x64__tm1s6a95559gt [2021-07-25] (Studio MDHR)
Curse of the Dead Gods -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.CurseoftheDeadGods-Windows1_1.0.3.0_x64__4hny5m903y3g0 [2021-08-05] (Focus Home Interactive SA)
Descenders -> C:\Program Files\WindowsApps\NoMoreRobots.GamePreviewDescenders_0.1.122.0_x64__671zbmwb2bw9p [2021-07-22] (No More Robots)
DIRT 5 -> C:\Program Files\WindowsApps\CodemastersSoftwareCompan.DiRT5_1.2741.9.0_x64__4cfye3zbe1gaw [2021-08-07] (Codemasters Software Company Limited)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.9.253.0_x64__rz1tebttyb220 [2021-08-06] (Dolby Laboratories)
FINAL FANTASY VIII Remastered WINDOWS EDITION -> C:\Program Files\WindowsApps\39EA002F.FINALFANTASYVIIIRemastered_1.0.1.0_x64__n746a19ndrrjg [2021-01-06] (SQUARE ENIX CO. LTD.)
Forza Horizon 5 -> C:\Program Files\WindowsApps\Microsoft.624F8B84B80_3.339.220.0_x64__8wekyb3d8bbwe [2021-06-17] (Microsoft Studios)
Forza Hub -> C:\Program Files\WindowsApps\Microsoft.Lucille_1.0.4.0_x64__8wekyb3d8bbwe [2021-02-14] (Microsoft Studios)
Gears 5 -> C:\Program Files\WindowsApps\Microsoft.HalifaxBaseGame_1.1.948.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios)
Gears Tactics -> C:\Program Files\WindowsApps\Microsoft.GanderBaseGame_1.0.151.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Studios)
Hades -> C:\Program Files\WindowsApps\SupergiantGamesLLC.Hades_1.0.38196.0_x64__q53c1yqmx7pha [2021-08-19] (Supergiant Games, LLC)
Halo Infinite -> C:\Program Files\WindowsApps\Microsoft.254428597CFE2_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-28] (Microsoft Studios)
Halo: The Master Chief Collection -> C:\Program Files\WindowsApps\Mutable\Microsoft.Chelan_1.2448.0.0_x64__8wekyb3d8bbwe [2021-07-24] (Microsoft Studios)
Hollow Knight -> C:\Program Files\WindowsApps\TeamCherry.HollowKnightPC_1.0.3.0_x86__y4jvztpgccj42 [2020-11-13] (Team Cherry)
Humankind™ -> C:\Program Files\WindowsApps\AmplitudeSTUDIOS.Humankind_1.2.116.0_x64__sm4da3szdwjfr [2021-08-29] (AMPLITUDE Studios)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-16] (Microsoft Corporation)
Metro 2033 Redux -> C:\Program Files\WindowsApps\DeepSilver.Metro2033Redux_1.0.8.0_x64__hmv7qcest37me [2020-10-30] (Koch Media GmbH)
Metro: Last Light Redux -> C:\Program Files\WindowsApps\DeepSilver.MetroLastLightRedux_1.0.8.0_x64__hmv7qcest37me [2020-10-30] (Koch Media GmbH)
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.18.15.0_x64__8wekyb3d8bbwe [2021-08-09] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2021-07-29] (Microsoft Studios)
Minecraft Dungeons -> C:\Program Files\WindowsApps\Microsoft.Lovika_1.10.3.0_x64__8wekyb3d8bbwe [2021-08-12] (Microsoft Studios)
MotionTwin.DeadCellsWin10 -> C:\Program Files\WindowsApps\MotionTwin.DeadCellsWin10_1.14.0.0_x64__rtjy889c6zgtg [2021-06-11] (Motion Twin)
Mount & Blade: Warband PC -> C:\Program Files\WindowsApps\Mutable\TaleWorldsEntertainment.4434B9962F96_1.0.27.0_x64__mk53pm3ay0384 [2021-06-24] (TaleWorlds Entertainment)
No Man's Sky -> C:\Program Files\WindowsApps\HelloGames.NoMansSky_3.53.8275.0_x64__bs190hzg1sesy [2021-06-17] (Hello Games)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-16] (NVIDIA Corp.)
Ori And The Will Of The Wisps -> C:\Program Files\WindowsApps\Microsoft.Patagonia_1.0.8978.0_x64__8wekyb3d8bbwe [2020-11-20] (Microsoft Studios)
Prey -> C:\Program Files\WindowsApps\BethesdaSoftworks.LiluDallas-Multipass_1.11.7.0_x64__3275kfvn8vcwc [2021-06-17] (Bethesda Softworks)
Psychonauts 2 -> C:\Program Files\WindowsApps\Microsoft.Psychonauts2_1.0.16.0_x64__8wekyb3d8bbwe [2021-08-21] (Microsoft Studios)
ReCore -> C:\Program Files\WindowsApps\Microsoft.ReCore_1.1.7468.2_x64__8wekyb3d8bbwe [2021-02-10] (Microsoft Studios)
Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.104.2646.2_x64__8wekyb3d8bbwe [2021-08-26] (ms-resource:PublisherDisplayName)
Starbound -> C:\Program Files\WindowsApps\Mutable\Chucklefish.StarboundWindows10Edition_1.0.3.0_x64__ywkyrypjzhpx8 [2021-06-24] (Chucklefish)
State of Decay 2 -> C:\Program Files\WindowsApps\Mutable\Microsoft.Dayton_2.438.134.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios)
Streets of Rage 4 -> C:\Program Files\WindowsApps\DotEmu.StreetsofRage4_1.0.23.2_x64__map6zyh9ym1xy [2021-07-17] (DotEmu)
SUPERHOT: MIND CONTROL DELETE -> C:\Program Files\WindowsApps\SUPERHOTTeam.533673F36228B_1.2.13.0_x64__hj98apedv0ctt [2021-07-19] (SUPERHOT Team)
Tetris® Effect: Connected -> C:\Program Files\WindowsApps\48710EnhanceIncorporated.TRIP2.0_1.2.2.0_x64__63vy8jfbpt4dt [2021-08-27] (Enhance Incorporated)
The Ascent -> C:\Program Files\WindowsApps\CurveDigital.TheAscent_2.1.4.0_x64__1ezqdnbhnc70m [2021-08-19] (Curve Digital)
The Gardens Between -> C:\Program Files\WindowsApps\40632TheVoxelAgents.147198BA2FF5B_1.0.10.0_x64__h7sr7gn9kt1nj [2021-02-10] (The Voxel Agents)
The Long Dark -> C:\Program Files\WindowsApps\27620HinterlandStudio.30233944AADE4_1.94.0.2_x64__y1bt56c4151zw [2021-06-29] (Hinterland Studio Inc)
The Master Chief Collection: Halo 2 -> C:\Program Files\WindowsApps\Microsoft.MCCHalo2_1.1448.0.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
The Master Chief Collection: Halo 3 -> C:\Program Files\WindowsApps\Microsoft.MCCHalo3_1.12.0.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
The Master Chief Collection: Halo 3: ODST -> C:\Program Files\WindowsApps\Microsoft.MCCHalo3ODST_1.12.0.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
The Master Chief Collection: Halo 4 -> C:\Program Files\WindowsApps\Microsoft.MCCHalo4_1.12.0.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
The Master Chief Collection: Halo CE -> C:\Program Files\WindowsApps\Microsoft.HaloCombatEvolved_1.1367.0.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
The Master Chief Collection: REACH -> C:\Program Files\WindowsApps\Microsoft.TheMasterChiefCollectionREACH_1.1.0.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
The Outer Worlds -> C:\Program Files\WindowsApps\PrivateDivision.TheOuterWorldsWindows10_1.5.696.0_x64__hv3d7yfbgr2rp [2021-03-18] (Private Division)
Wasteland 2: Director's Cut -> C:\Program Files\WindowsApps\181CBCCD.8e9b6fe9-66b3-4704-815d-44ada631592c_1.0.10.0_x64__9y3t8zad226mc [2020-10-30] (inXile entertainment, inc.)
Wasteland 3 -> C:\Program Files\WindowsApps\DeepSilver.56575194F7E04_1.0.30.0_x64__hmv7qcest37me [2021-08-07] (Koch Media GmbH)
Wasteland Remastered -> C:\Program Files\WindowsApps\Microsoft.Wasteland30thAnniversaryEdition_1.0.5088.0_x64__8wekyb3d8bbwe [2020-10-30] (Microsoft Studios)
Yakuza: Like a Dragon -> C:\Program Files\WindowsApps\SEGAofAmericaInc.Yazawa_2.14.0.0_x64__s751p9cej88mt [2021-07-28] (SEGA of America, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3197034990-4118748310-3737670740-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Christopher\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Christopher\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Christopher\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Christopher\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Christopher\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Christopher\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Christopher\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_799504293a3d3200\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2021-08-19 16:56 - 2021-08-19 16:55 - 000634880 _____ () [Datei ist nicht signiert] \\?\C:\Program Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2019-11-18 11:29 - 2019-11-18 11:29 - 000098816 _____ () [Datei ist nicht signiert] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\sradarlauncher.dll
2017-04-24 15:30 - 2017-04-24 15:30 - 000349696 _____ (Intel(R) Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\NCS2Setp.dll
2021-08-31 20:46 - 2021-08-31 20:46 - 002815488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2021-08-31 20:46 - 2021-08-31 20:46 - 000678400 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2021-08-31 20:46 - 2021-08-31 20:46 - 000046592 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2021-08-31 20:46 - 2021-08-31 20:46 - 006270976 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2021-08-31 20:46 - 2021-08-31 20:46 - 001389568 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2021-08-31 20:46 - 2021-08-31 20:46 - 000157184 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
2021-08-31 20:46 - 2021-08-31 20:46 - 000210432 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Xml.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]
AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK [64]
AlternateDataStreams: C:\Users\Christopher\AppData\Local\Temp:$DATA [16]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run: => "SVLoadSense"
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\StartupApproved\Run: => "Spotify"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{AD17A418-BD41-4C0E-A155-B9F4EFD33B50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{076F4E4C-8AAE-4D35-B311-ECF4377B4051}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{971E130C-08BC-4912-A187-27ED9627BF16}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B7610B8A-9AB9-43DE-A2E3-F15E9BECAC59}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5752ECFF-0D73-4CCC-B901-A8E3B7FFF0DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{68A44862-9B0F-4E2C-9D16-C0C7A4B6B90B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{5114744C-630C-4F5D-BCB9-B381A6E9EE62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B515EF41-9082-41C6-BAB5-92C6F36447D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13275713-0AF4-4362-9D83-223E8915AFF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61FC0331-649A-4802-B92B-B9249EA4EE27}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64744753-2EA2-4F89-859D-A2038D52A0AD}] => (Allow) F:\SteamLibrary\steamapps\common\Cloudpunk\Cloudpunk.exe () [Datei ist nicht signiert]
FirewallRules: [{49C84B2D-24CB-486B-8EEF-EF7A4DB2D661}] => (Allow) F:\SteamLibrary\steamapps\common\Cloudpunk\Cloudpunk.exe () [Datei ist nicht signiert]
FirewallRules: [{B4A9B987-7F36-4CF1-8DB1-7221F9BC7B45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A199BAED-F862-43E3-917B-DDD70BB5F997}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66806AA0-003B-4053-AC23-F177D53B2CA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2ADA5015-95B3-4626-ADCE-8ED4EB245AC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{0573B8B5-FA0F-4904-A98C-9131F3C13E3A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe => Keine Datei
FirewallRules: [UDP Query User{0341F002-A7E8-40F0-88F6-919CB2377709}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe => Keine Datei
FirewallRules: [TCP Query User{1FE16077-6BAE-463F-8091-9A767112DC93}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FBC8014D-0133-48EC-A04F-FC1834265CF0}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D1690C5D-32BC-4883-9529-708E2E693209}C:\users\christopher\appdata\local\tidal\app-2.23.0\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.23.0\tidal.exe => Keine Datei
FirewallRules: [UDP Query User{F9BAEB23-1F9D-41D7-86BE-C822BCC40B53}C:\users\christopher\appdata\local\tidal\app-2.23.0\tidal.exe] => (Allow) C:\users\christopher\appdata\local\tidal\app-2.23.0\tidal.exe => Keine Datei
FirewallRules: [{39471B32-AFFA-40D1-ABAC-560CB19AC357}] => (Allow) C:\Users\Christopher\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4449EA60-D47B-47F5-94D7-A041312146E8}] => (Allow) C:\Users\Christopher\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F76F56C6-F8BC-453D-AEC7-74344296A8E8}] => (Allow) C:\Users\Christopher\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0DA5B18E-C1A2-4907-B43D-BA4424A6122D}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [{B1DC5BC6-1D5E-4845-B19B-AE02AD55BF4A}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [{90E4696B-D4D2-43F2-913A-034EF3FF5303}] => (Allow) E:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe => Keine Datei
FirewallRules: [{92DFED39-EB9C-4455-AAC2-8F6C2A2D99A2}] => (Allow) E:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe => Keine Datei
FirewallRules: [{6DA18069-AA99-4453-983F-E6B8B2C2E40F}] => (Allow) E:\SteamLibrary\steamapps\common\TPH\TPH.exe () [Datei ist nicht signiert]
FirewallRules: [{4E6EDEE5-F7BA-407F-A644-04C6209FD4B0}] => (Allow) E:\SteamLibrary\steamapps\common\TPH\TPH.exe () [Datei ist nicht signiert]
FirewallRules: [{F2A3C8E1-5192-42CB-8109-990019B89548}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{0C5C915E-4C79-483D-B8B0-28598E4C78B2}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{850C5B0C-11E2-4D07-9ABC-69BC53948F1A}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.II.The.New.Colossus\NewColossus_x64vk.exe (MachineGames Sweden AB) [Datei ist nicht signiert]
FirewallRules: [{17FA851F-010F-4CA6-B3E6-A3C0B4AEA504}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.II.The.New.Colossus\NewColossus_x64vk.exe (MachineGames Sweden AB) [Datei ist nicht signiert]
FirewallRules: [{E73477FD-1C19-4894-B27B-D92E589A8BE9}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe (MachineGames) [Datei ist nicht signiert]
FirewallRules: [{34553A83-62D9-4772-8E7C-4B6A0EE49B68}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe (MachineGames) [Datei ist nicht signiert]
FirewallRules: [{FC93CBD1-7E52-491A-ADFB-8482333A2BE4}] => (Allow) E:\SteamLibrary\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{FB058245-5BE7-4653-9407-A71B0AE5A775}] => (Allow) E:\SteamLibrary\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [TCP Query User{C74FBF02-A4DB-4C24-AF51-FD038F6DCAFA}F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => Keine Datei
FirewallRules: [UDP Query User{2013DB59-8093-478C-8801-A967C8508F56}F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => Keine Datei
FirewallRules: [{47577EB5-3E6C-459D-A0CA-48A244ECCB87}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1C484D76-32DD-4444-BC21-3B1A9148662D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BC2C8FE6-3C25-42FC-90B8-CE1FE9B1B33F}] => (Allow) E:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [Datei ist nicht signiert]
FirewallRules: [{B07FCE97-B922-4325-BB2C-D64443B41FB9}] => (Allow) E:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [Datei ist nicht signiert]
FirewallRules: [{E9B8BBF3-CD83-49C6-AE1F-1ED4889F06FF}] => (Allow) E:\SteamLibrary\steamapps\common\Desperados III\Desperados III.exe () [Datei ist nicht signiert]
FirewallRules: [{894D1E6D-5593-4807-9E9B-EC40FB6E4A1C}] => (Allow) E:\SteamLibrary\steamapps\common\Desperados III\Desperados III.exe () [Datei ist nicht signiert]
FirewallRules: [{C2E9039C-4682-418D-8AB8-16D87C02FC04}] => (Allow) E:\SteamLibrary\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games) [Datei ist nicht signiert]
FirewallRules: [{45933E70-64F9-4950-A225-C0D8481EFBC8}] => (Allow) E:\SteamLibrary\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games) [Datei ist nicht signiert]
FirewallRules: [{C69E21DB-A319-4F8A-B919-5ADBB7B12163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe () [Datei ist nicht signiert]
FirewallRules: [{B5739B38-7D6F-4427-985C-9BB995761D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe () [Datei ist nicht signiert]
FirewallRules: [{4AC8F321-241C-4D0F-87A7-9BD233613B8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers2\DoorKickers2.exe (KillHouse Games) [Datei ist nicht signiert]
FirewallRules: [{1BBB44A1-C387-4161-9FDC-518B0F7180E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers2\DoorKickers2.exe (KillHouse Games) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{62BFE3E0-8F07-4FFD-9CF0-3A311DE54014}F:2\geargame\binaries\winstore\gears5.exe] => (Allow) F:2\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [UDP Query User{D1B952AE-DE14-4D87-A5AC-62416E28B5AD}F:2\geargame\binaries\winstore\gears5.exe] => (Allow) F:2\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [{5C75E373-79D1-464A-950E-5EFBCC72198A}] => (Allow) F:\SteamLibrary\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{23E83ADA-B34E-4993-82C9-27F5FD1E81A0}] => (Allow) F:\SteamLibrary\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{24E11185-5965-4F21-84AE-A150958F1B94}D:7\pathologic.exe] => (Allow) D:7\pathologic.exe => Keine Datei
FirewallRules: [UDP Query User{E06D53A1-AB7E-4381-860D-E0F68B9AA7CD}D:7\pathologic.exe] => (Allow) D:7\pathologic.exe => Keine Datei
FirewallRules: [{E59F8A09-5808-4B4D-80B1-BA580E1A1D09}] => (Allow) F:\SteamLibrary\steamapps\common\CookingSimulator\CookingSim.exe () [Datei ist nicht signiert]
FirewallRules: [{C7C342A2-5276-49FA-BAF1-280855C7A5C9}] => (Allow) F:\SteamLibrary\steamapps\common\CookingSimulator\CookingSim.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{5ED04C3D-15A0-4385-B73A-891F479A2942}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe => Keine Datei
FirewallRules: [UDP Query User{5A89F79D-1B26-4431-85E8-BC314364D4E0}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe => Keine Datei
FirewallRules: [{9B8486F6-2498-4EE7-A463-FED11FE34BEF}] => (Allow) F:\SteamLibrary\steamapps\common\Elite Dangerous\EDLaunch.exe => Keine Datei
FirewallRules: [{6FC3CDBD-4DC1-43B3-9773-4079CB95DE69}] => (Allow) F:\SteamLibrary\steamapps\common\Elite Dangerous\EDLaunch.exe => Keine Datei
FirewallRules: [{DF88ED86-EECA-41E9-B80B-8E168A90356F}] => (Allow) D:\SteamLibrary\steamapps\common\House Flipper\HouseFlipper.exe () [Datei ist nicht signiert]
FirewallRules: [{2CB4A607-545C-4B4E-8286-5E1B4A362D7F}] => (Allow) D:\SteamLibrary\steamapps\common\House Flipper\HouseFlipper.exe () [Datei ist nicht signiert]
FirewallRules: [{2710D508-3546-43F9-8960-BFE5B60AB7D4}] => (Allow) E:\SteamLibrary\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{DB1FBDFF-470B-4C94-BD40-FF726159A969}] => (Allow) E:\SteamLibrary\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [TCP Query User{B0127C06-5AD3-4208-8F72-995EA23A563A}C:1\geargame\binaries\winstore\gears5.exe] => (Allow) C:1\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [UDP Query User{E3F15E3F-C5B4-4AB7-93C8-FE8069284AA0}C:1\geargame\binaries\winstore\gears5.exe] => (Allow) C:1\geargame\binaries\winstore\gears5.exe => Keine Datei
FirewallRules: [TCP Query User{F200F065-8921-41CD-B7B4-8C604B6CAE72}C:7\flightsimulator.exe] => (Allow) C:7\flightsimulator.exe => Keine Datei
FirewallRules: [UDP Query User{BF06E9A1-7745-4670-928A-96D37CA40ACD}C:7\flightsimulator.exe] => (Allow) C:7\flightsimulator.exe => Keine Datei
FirewallRules: [{DEEE4792-6BE5-46B7-9019-33D9C7B17EBC}] => (Allow) D:\SteamLibrary\steamapps\common\Black Mesa\bms.exe () [Datei ist nicht signiert]
FirewallRules: [{7A77CD5E-4DE0-46BC-B562-57D6F89470BE}] => (Allow) D:\SteamLibrary\steamapps\common\Black Mesa\bms.exe () [Datei ist nicht signiert]
FirewallRules: [{AB7C3A3D-9FEC-495B-BE36-3DDF72A8BD20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mutant Year Zero\ZoneUE4.exe (Ayeware AB -> )
FirewallRules: [{31D5D223-6F66-4E7A-9447-0208997533ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mutant Year Zero\ZoneUE4.exe (Ayeware AB -> )
FirewallRules: [{7EB864EF-6342-48DD-AFAD-22C473A5824F}] => (Allow) F:\SteamLibrary\steamapps\common\John Wick Hex\John Wick Hex.exe () [Datei ist nicht signiert]
FirewallRules: [{419EEED6-80D8-48DE-BFD2-E73D1AFAF711}] => (Allow) F:\SteamLibrary\steamapps\common\John Wick Hex\John Wick Hex.exe () [Datei ist nicht signiert]
FirewallRules: [{6E9C73E1-7461-4365-A8B9-33D59E4E91F3}] => (Allow) F:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Datei ist nicht signiert]
FirewallRules: [{25A039EB-857D-4724-9493-54FC2CA724AD}] => (Allow) F:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Datei ist nicht signiert]
FirewallRules: [{03C54A24-E609-4A33-85FF-BD5BA918D005}] => (Allow) D:\SteamLibrary\steamapps\common\Startup Company\StartupCompany.exe (GitHub, Inc.) [Datei ist nicht signiert]
FirewallRules: [{01778D6A-EC57-49B8-AD88-402B5DF07B7B}] => (Allow) D:\SteamLibrary\steamapps\common\Startup Company\StartupCompany.exe (GitHub, Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A7A6AFF4-C903-4A78-A853-42101BF9F55E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Keine Datei
FirewallRules: [UDP Query User{5EE50A9D-E483-4D38-8181-B3E3DF4D623A}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Keine Datei
FirewallRules: [{BCCE71D7-E143-42AB-A9DD-4F3A558A6B89}] => (Allow) F:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{48800E42-8EF8-42D8-889B-C93FA400CCE6}] => (Allow) F:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{24256E7C-ECB5-4894-99B1-E9764B97FF55}E:\games\horizonzerodawn\hyperscape\hyperscape.exe] => (Allow) E:\games\horizonzerodawn\hyperscape\hyperscape.exe => Keine Datei
FirewallRules: [UDP Query User{D2130C8C-B53B-4213-BE4F-F559DA69E2EC}E:\games\horizonzerodawn\hyperscape\hyperscape.exe] => (Allow) E:\games\horizonzerodawn\hyperscape\hyperscape.exe => Keine Datei
FirewallRules: [TCP Query User{0FC5C07C-58A0-424D-AEF5-520B395860E4}E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => Keine Datei
FirewallRules: [UDP Query User{A1331049-3E1A-4C17-A523-82097D35169E}E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => Keine Datei
FirewallRules: [{CE117D0A-BEE2-4282-BB18-72400A813C8F}] => (Allow) E:\SteamLibrary\steamapps\common\Visage\Visage.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{A365B4E8-19AA-4A7C-B0E0-1ED0065B1984}] => (Allow) E:\SteamLibrary\steamapps\common\Visage\Visage.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{81807A9F-3D56-4B76-9A8F-9F83A6CFE909}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{1CA7FAA2-2B2F-4E31-A68E-A79C4A13EE8B}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{DC1B8614-F176-4A42-B6FC-E27651398414}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [Datei ist nicht signiert]
FirewallRules: [{CBF3B88E-5556-4052-A0C3-2A7B920FDF57}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{8F63C7C3-EB67-4079-A6CC-193DD15BF439}E:\games\horizonzerodawn\snowrunner\en_us\sources\bin\snowrunner.exe] => (Allow) E:\games\horizonzerodawn\snowrunner\en_us\sources\bin\snowrunner.exe => Keine Datei
FirewallRules: [UDP Query User{B500D6CA-40EA-4AF8-89C8-B5755FC799F8}E:\games\horizonzerodawn\snowrunner\en_us\sources\bin\snowrunner.exe] => (Allow) E:\games\horizonzerodawn\snowrunner\en_us\sources\bin\snowrunner.exe => Keine Datei
FirewallRules: [{3857FD5F-DB2E-4FAC-B642-5AE96027DEAD}] => (Allow) D:\SteamLibrary\steamapps\common\Project Wingman\ProjectWingman.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{B8FC9820-EE49-4B91-9E48-A985169D6967}] => (Allow) D:\SteamLibrary\steamapps\common\Project Wingman\ProjectWingman.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{F251B497-A473-4872-9AE8-D1F157E7E861}] => (Allow) D:\SteamLibrary\steamapps\common\Bloodstained Curse of the Moon 2\game.exe () [Datei ist nicht signiert]
FirewallRules: [{A4C00C8D-5B43-4F8D-85B1-827FDAEA7BA7}] => (Allow) D:\SteamLibrary\steamapps\common\Bloodstained Curse of the Moon 2\game.exe () [Datei ist nicht signiert]
FirewallRules: [{E58AB3FA-0E16-40C9-A7F1-82C097DF4EF8}] => (Allow) E:\Games\HorizonZeroDawn\AssassinsCreedOrigins\ACOrigins_plus.exe => Keine Datei
FirewallRules: [{6AA79340-A20A-4687-853E-EC1B339BE3C9}] => (Allow) E:\Games\HorizonZeroDawn\AssassinsCreedOrigins\ACOrigins_plus.exe => Keine Datei
FirewallRules: [{CE5BA960-C537-410D-882D-0E8482E12657}] => (Allow) E:\Games\HorizonZeroDawn\ANNO1800\Bin\Win64\Anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [TCP Query User{45CB72FD-A63A-4B12-8962-994670DDE42E}D:\games\fifa 21\fifa21_trial.exe] => (Allow) D:\games\fifa 21\fifa21_trial.exe => Keine Datei
FirewallRules: [UDP Query User{09684253-BC7B-408A-A24B-98E7B9C3CDEB}D:\games\fifa 21\fifa21_trial.exe] => (Allow) D:\games\fifa 21\fifa21_trial.exe => Keine Datei
FirewallRules: [TCP Query User{431B0282-8982-4A48-850D-5DFA28ACD28A}D:\games\fifa 21\fifa21.exe] => (Allow) D:\games\fifa 21\fifa21.exe => Keine Datei
FirewallRules: [UDP Query User{6B799C64-B5C0-46A8-8692-E1D0CEEA0A95}D:\games\fifa 21\fifa21.exe] => (Allow) D:\games\fifa 21\fifa21.exe => Keine Datei
FirewallRules: [{B341B7A1-DE93-4DB6-ABA2-9B49AE06A53F}] => (Allow) F:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{0EFE4E21-4ACE-4B39-9638-9E553E071824}] => (Allow) F:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{D58C1549-EE89-4CB9-8F28-40A2C8028272}] => (Allow) F:\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{B753B9FC-04F0-4A23-A1BF-9C30C172C074}] => (Allow) F:\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{E981EB97-8C06-4695-9796-D4D5E8929F73}] => (Allow) D:\SteamLibrary\steamapps\common\The Pedestrian\ThePed_Win_64.exe () [Datei ist nicht signiert]
FirewallRules: [{6AD65EA4-D4D8-47C2-B985-CD80F34C239D}] => (Allow) D:\SteamLibrary\steamapps\common\The Pedestrian\ThePed_Win_64.exe () [Datei ist nicht signiert]
FirewallRules: [{5263983C-A02C-4F0A-B6F4-9CCCCCF8775C}] => (Allow) F:\SteamLibrary\steamapps\common\GRIS\GRIS.exe () [Datei ist nicht signiert]
FirewallRules: [{C1998F3B-0361-4AC8-9487-170956212ED1}] => (Allow) F:\SteamLibrary\steamapps\common\GRIS\GRIS.exe () [Datei ist nicht signiert]
FirewallRules: [{3F030F1E-A3E1-4FEE-B893-74BCB1A64BB8}] => (Allow) E:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe () [Datei ist nicht signiert]
FirewallRules: [{D59408D4-A89A-49B7-9182-F06A59D4A3BE}] => (Allow) E:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{345D8210-1392-4121-B895-1D8043249683}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => Keine Datei
FirewallRules: [UDP Query User{F227ACE0-F994-426E-B707-1EDDA93849D7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => Keine Datei
FirewallRules: [{47D47EB9-1511-4010-995C-A19D4CB1E506}] => (Allow) E:\SteamLibrary\steamapps\common\Production Line\ProductionLine.exe () [Datei ist nicht signiert]
FirewallRules: [{FA53455E-1DDD-4E57-8B16-0B8FB5CEE27C}] => (Allow) E:\SteamLibrary\steamapps\common\Production Line\ProductionLine.exe () [Datei ist nicht signiert]
FirewallRules: [{A86DCE7C-16E2-4FF4-BD98-1D0E9E6037A2}] => (Allow) C:\Program Files\Elgato\4KCaptureUtility\4KCaptureUtility.exe (Corsair Memory, Inc. -> Elgato Systems)
FirewallRules: [{37F72F02-E107-47F2-8F12-DF3D0D1FF3F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A0FF0AA-D61A-4DA9-9600-3A5D8946AF41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B296F065-4CD5-48D1-BB52-CEE695F7F48E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A79E3880-1594-4BCD-9B3B-A55EFC72D027}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2441D804-8D3A-413B-A81C-3364C98FBD52}] => (Allow) E:\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe (id Software) [Datei ist nicht signiert]
FirewallRules: [{A13C0101-49A9-4BA0-BCA8-42C410844AFE}] => (Allow) E:\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe (id Software) [Datei ist nicht signiert]
FirewallRules: [{DE69EADA-2B3A-4CB6-B148-07101E87F6AB}] => (Allow) D:\SteamLibrary\steamapps\common\DOOMEternal\idTechLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [{E5A5BF93-3B9A-453B-AA24-0F1613D6B857}] => (Allow) D:\SteamLibrary\steamapps\common\DOOMEternal\idTechLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [{E1750267-D157-402A-9E87-774CB35DDF64}] => (Allow) D:\SteamLibrary\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe => Keine Datei
FirewallRules: [{65166FE1-2194-4579-AC87-CE7629E98D60}] => (Allow) D:\SteamLibrary\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe => Keine Datei
FirewallRules: [{E19ABD5B-4B3D-4A0A-9679-21428A730860}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F63098FE-DA7D-4D35-AE75-925AA4A3AA7F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5D26E613-0DDB-4E29-995F-59129BAA27ED}F:5\battletoadsgame.exe] => (Allow) F:5\battletoadsgame.exe => Keine Datei
FirewallRules: [UDP Query User{6586D914-BCBC-4DF4-9AC7-8DA2A19B1D72}F:5\battletoadsgame.exe] => (Allow) F:5\battletoadsgame.exe => Keine Datei
FirewallRules: [TCP Query User{49A7BCC2-A47F-479E-ABA4-C408B2966798}F:0\battletoadsgame.exe] => (Allow) F:0\battletoadsgame.exe => Keine Datei
FirewallRules: [UDP Query User{290C7E02-121E-48E5-8A7B-F19C694676E8}F:0\battletoadsgame.exe] => (Allow) F:0\battletoadsgame.exe => Keine Datei
FirewallRules: [{65549C5C-D3B7-4BDE-8AFA-0458C2040C15}] => (Allow) E:\Games\WatchDogsLegion\bin\WatchDogsLegion.exe => Keine Datei
FirewallRules: [{715A7380-02A4-427F-8C64-96073F7ADA9E}] => (Allow) E:\Games\WatchDogsLegion\bin\WatchDogsLegion.exe => Keine Datei
FirewallRules: [{C5410630-6176-47BB-B6BC-7835E4F596F6}] => (Allow) E:\Games\ImmortalsFenyxRising\ImmortalsFenyxRising.exe => Keine Datei
FirewallRules: [{4235ED69-D52B-449D-A2CF-D1E755669062}] => (Allow) F:\SteamLibrary\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [Datei ist nicht signiert]
FirewallRules: [{DD0C4DC9-F847-4DBB-AE11-06F50699E4E0}] => (Allow) F:\SteamLibrary\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [Datei ist nicht signiert]
FirewallRules: [{C2AFDE81-03DD-43AF-9A70-0E7E3DFC86E2}] => (Allow) F:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe (Obsidian Entertainment, Inc.) [Datei ist nicht signiert]
FirewallRules: [{DAA3CC4E-28E6-4F39-8B23-0B3CDE7053F4}] => (Allow) F:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe (Obsidian Entertainment, Inc.) [Datei ist nicht signiert]
FirewallRules: [{5E44AAC8-4CE2-48B8-860B-75F914B0562E}] => (Allow) E:\Games\Uno\uno.exe => Keine Datei
FirewallRules: [{8BADCA18-13DD-4015-965F-2FAAC421E60B}] => (Allow) E:\Games\Uno\uno.exe => Keine Datei
FirewallRules: [TCP Query User{3E03E2CF-159C-4AA1-BF91-8849B646DD09}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [UDP Query User{4DE7C1E3-FB4B-4F32-81C5-8816F0519CBC}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mccwinstore-win64-shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [{91ECF6B7-BA70-4C85-A761-AB372790093F}] => (Allow) F:\SteamLibrary\steamapps\common\Raft\Raft.exe () [Datei ist nicht signiert]
FirewallRules: [{D70A8A14-9872-4009-AC67-963DE16FC84C}] => (Allow) F:\SteamLibrary\steamapps\common\Raft\Raft.exe () [Datei ist nicht signiert]
FirewallRules: [{A2F2FFC0-269C-457E-BCA2-FBB98EBD6254}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A29C8350-B55D-43C8-8815-3F1B2AE1A6C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6AEE3858-CD47-4252-8DB3-2E353F97F6E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AF597661-D5C4-4A7C-963A-2355B07C084D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2342CDCB-EC83-411C-9374-D0FAC0EF6E07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [Datei ist nicht signiert]
FirewallRules: [{C75A15C7-95D1-4FA7-999D-C22CE7F21FDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [Datei ist nicht signiert]
FirewallRules: [{161FF045-27D7-44F7-BFC2-60B14B008429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 4\Democracy4.exe () [Datei ist nicht signiert]
FirewallRules: [{3FACF082-3D15-4424-808B-5BEE0B71BCCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 4\Democracy4.exe () [Datei ist nicht signiert]
FirewallRules: [{1817D99D-156D-457D-8C3F-2F7AE509D14A}] => (Allow) D:\SteamLibrary\steamapps\common\Bus Simulator 18\BusSimulator18.exe () [Datei ist nicht signiert]
FirewallRules: [{8CA7E5A4-6985-4EC3-A705-01909DC848D1}] => (Allow) D:\SteamLibrary\steamapps\common\Bus Simulator 18\BusSimulator18.exe () [Datei ist nicht signiert]
FirewallRules: [{4DE3BE46-2596-4CA0-902B-142F10F0C945}] => (Allow) E:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{57BFAC0F-579E-4B52-8197-9BD4DE6A58DA}] => (Allow) E:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{72CD7E2A-38B5-44D0-ABF0-7B5C8633DC73}] => (Allow) D:\SteamLibrary\steamapps\common\Pummel Party\PummelParty.exe () [Datei ist nicht signiert]
FirewallRules: [{9BD6BFCB-3ADF-418F-A45D-A376899463ED}] => (Allow) D:\SteamLibrary\steamapps\common\Pummel Party\PummelParty.exe () [Datei ist nicht signiert]
FirewallRules: [{42421CBC-C78D-4514-835C-8F2CE8767ABF}] => (Allow) D:\SteamLibrary\steamapps\common\PC Building Simulator\PCBS.exe () [Datei ist nicht signiert]
FirewallRules: [{63490FA4-0AEF-496C-8F0F-CFCC7608CFE9}] => (Allow) D:\SteamLibrary\steamapps\common\PC Building Simulator\PCBS.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{4FE283AD-1C4D-4AF0-966F-92D88F059EBB}E:\games\gtav\gta5.exe] => (Allow) E:\games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{9B77F2A0-D0D6-4537-815F-3732D81A9D35}E:\games\gtav\gta5.exe] => (Allow) E:\games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{C5C9C717-C932-400B-85A3-24B93B3578C4}F:9\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) F:9\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{441B3476-DC41-4B9C-811D-339A22D5B9AE}F:9\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) F:9\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{DD800137-3827-4100-976F-4F19B7FDDCDC}F:2\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) F:2\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{A74826FC-E512-4CE7-BA86-99B5E87A1BD2}F:2\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) F:2\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{BB73DDD7-4E2C-41D7-B0EA-B5F62E72CD30}C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe] => (Allow) C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe (Electronic Arts, Inc. -> The Qt Company Ltd.)
FirewallRules: [UDP Query User{B519630E-D974-4049-BA6F-05E2D0FC1718}C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe] => (Allow) C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe (Electronic Arts, Inc. -> The Qt Company Ltd.)
FirewallRules: [{A61012A7-5E71-40B9-A79F-5E451B898252}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B382FABB-1B0D-43A5-B723-037CBD94BD15}] => (Allow) D:\SteamLibrary\steamapps\common\Mortal Shell\Dungeonhaven.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{AF02487D-AD9D-4C5F-A03E-AD77C2A40CA1}] => (Allow) D:\SteamLibrary\steamapps\common\Mortal Shell\Dungeonhaven.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{B818B0C8-01F8-45CE-A576-1FDF9F1E83B0}] => (Allow) D:\SteamLibrary\steamapps\common\ScarletNexus\ScarletNexus.exe (BANDAI NAMCO Studios Inc.) [Datei ist nicht signiert]
FirewallRules: [{CCD2C425-1C9C-46D7-9DC2-36721B536DCC}] => (Allow) D:\SteamLibrary\steamapps\common\ScarletNexus\ScarletNexus.exe (BANDAI NAMCO Studios Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{B2F297F7-8C7F-4E3A-8DE6-D2638B342F82}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{582043C7-EEB5-472B-9F02-D2D7B89ABDBA}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{93616AB0-ACD0-4474-AE92-45A155DE738D}F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{354D89A5-034C-4312-906A-1B174937571E}F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) F:\steamlibrary\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [TCP Query User{F05CE68A-E11C-4ADF-9B89-A3CD112BA765}D:\steamlibrary\steamapps\common\blair witch\blairwitch\binaries\win64\blairwitch-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\blair witch\blairwitch\binaries\win64\blairwitch-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{294B10D3-1C9A-443C-8533-F50C85142C1F}D:\steamlibrary\steamapps\common\blair witch\blairwitch\binaries\win64\blairwitch-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\blair witch\blairwitch\binaries\win64\blairwitch-win64-shipping.exe => Keine Datei
FirewallRules: [{64094F13-4815-49A6-B932-63122BE6EEFD}] => (Allow) F:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{C99985C3-3FEE-4A8A-BEAF-7064E7C4795C}] => (Allow) F:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{6E7C8246-D482-4F10-A5E0-A676ED75A37F}] => (Allow) F:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [{32D48E99-D74A-4EFD-B349-4646C7FB696D}] => (Allow) F:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{76CDAED3-471A-45E2-8EA9-B6DEA794F311}E:9\twelveminutes.exe] => (Allow) E:9\twelveminutes.exe => Keine Datei
FirewallRules: [UDP Query User{FC806F8D-5DFD-460B-B6B6-8E5A140FFA50}E:9\twelveminutes.exe] => (Allow) E:9\twelveminutes.exe => Keine Datei
FirewallRules: [{4E0770E6-F515-4D0B-96B4-078B8F92C389}] => (Allow) E:\SteamLibrary\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{D8D15659-293C-4A24-8510-2D585D831C2F}] => (Allow) E:\SteamLibrary\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{02FD4D7B-7EC6-44A2-8C76-3F746A048EA1}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [Datei ist nicht signiert]
FirewallRules: [{E19B6254-7892-40E7-9BEA-4A63E8587299}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [Datei ist nicht signiert]
FirewallRules: [{F918576F-1F06-48B1-9E6C-3EA19B8A07AB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.84\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E67469DC-8219-4F4E-948E-A83D67959C9E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{047B0FA7-CCBB-4B4F-89ED-5A8A769C0595}] => (Allow) C:\WINDOWS\rss\csrss.exe () [Datei ist nicht signiert]
FirewallRules: [{C31268F8-1E85-44CF-BAD3-3A6DF95A1048}] => (Allow) F:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{939AEEFD-4209-46DB-A6EE-AEF4BD8E54BB}] => (Allow) F:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E7A1C75A-0FA3-48D8-A18E-02B4F0991D7B}] => (Allow) F:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{3827C27A-990D-4C7E-A003-EA761C495498}] => (Allow) F:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)

==================== Wiederherstellungspunkte =========================

30-08-2021 13:30:07 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (09/01/2021 01:24:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x36d4
Startzeit der fehlerhaften Anwendung: 0x01d79ebf4d3e938c
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 61146fef-9821-47f6-87bb-c2d3565879a8
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/01/2021 01:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x36d4
Startzeit der fehlerhaften Anwendung: 0x01d79ebf4d3e938c
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: a8cadc74-1f3a-4333-9f9a-26e968f4ebb3
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/01/2021 01:24:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x3190
Startzeit der fehlerhaften Anwendung: 0x01d79ebf4c29c333
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 3c1f549e-d79e-464b-9f2a-7d9211fd166a
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/01/2021 01:24:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x3190
Startzeit der fehlerhaften Anwendung: 0x01d79ebf4c29c333
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 6054e1ff-8e5f-4a31-b3b1-497b0008972e
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/01/2021 01:22:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x3220
Startzeit der fehlerhaften Anwendung: 0x01d79ebf1c9e20cf
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 7a766cf2-b4ab-425f-ba9b-03c5e13f0db5
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/01/2021 01:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x2df8
Startzeit der fehlerhaften Anwendung: 0x01d79ebf1b83e9ad
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 6ad95551-a7d0-4c12-8b7d-cf809ab3d13a
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/01/2021 01:22:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x2df8
Startzeit der fehlerhaften Anwendung: 0x01d79ebf1b83e9ad
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 33d0a055-a621-4a6f-a3a4-0ba5309f4470
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/01/2021 01:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ATKEX_cmd.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1151, Zeitstempel: 0x5da51925
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0012b512
ID des fehlerhaften Prozesses: 0x2504
Startzeit der fehlerhaften Anwendung: 0x01d79ebeea784a39
Pfad der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\ATKEX_cmd.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 29c90501-5b00-4d38-b771-59b7c2b43b02
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (09/01/2021 01:22:51 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "SecurityHealthService" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (09/01/2021 01:22:50 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHER-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/01/2021 01:22:50 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHER-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/01/2021 01:22:50 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHER-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/01/2021 01:22:50 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHER-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/01/2021 01:22:50 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHER-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/01/2021 01:22:50 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHER-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/01/2021 01:22:50 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHER-PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


Windows Defender:
================
Date: 2021-08-31 21:06:07
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {FD197717-A5EC-4984-87A4-60C08279041B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-08-31 11:15:04
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {066B2740-D003-415E-B099-A651DF817FDD}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: CHRISTOPHER-PC\Christopher

Date: 2021-08-31 11:09:41
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {32D874DA-0DDA-4BA3-B7A7-26E1D24CB5B4}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: CHRISTOPHER-PC\Christopher

Date: 2021-08-31 11:02:07
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Sabsik.FL.B!ml&threatid=2147780207&enterprise=0
Name: Trojan:Script/Sabsik.FL.B!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Christopher\AppData\Local\Temp\Temp2_WINRAR+602.rar-PLND-ANbvLWE8dwAABTwCAERFFwASADO3BWAA.zip\WINRAR+602.rar-PLND-ANbvLWE8dwAABTwCAERFFwASADO3BWAA.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Sicherheitsversion: AV: 1.347.770.0, AS: 1.347.770.0, NIS: 1.347.770.0
Modulversion: AM: 1.1.18400.5, NIS: 1.1.18400.5

Date: 2021-08-31 11:02:00
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.T!gen&threatid=2147755449&enterprise=0
Name: Behavior:Win32/UACBypassExp.T!gen
Schweregrad: Schwerwiegend
Kategorie: Verdächtiges Verhalten
Pfad: behavior:_pid:4052:190984660979248; regkeyvalue:_HKCU@S-1-5-21-3197034990-4118748310-3737670740-1001\Software\CLASSES\MS-SETTINGS\SHELL\OPEN\COMMAND\\
Erkennungsursprung: Unbekannt
Erkennungstype: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Sicherheitsversion: AV: 1.347.770.0, AS: 1.347.770.0, NIS: 1.347.770.0
Modulversion: AM: 1.1.18400.5, NIS: 1.1.18400.5

CodeIntegrity:
===============
Date: 2021-09-01 01:39:35
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume10\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-09-01 01:38:47
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume10\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: American Megatrends Inc. 3802 03/15/2018
Hauptplatine: ASUSTeK COMPUTER INC. MAXIMUS VIII HERO
Prozessor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 32706.37 MB
Verfügbarer physikalischer RAM: 25493.02 MB
Summe virtueller Speicher: 37570.37 MB
Verfügbarer virtueller Speicher: 23398.06 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:236.88 GB) (Free:87.55 GB) NTFS
Drive d: (Lokaler Datenträger) (Fixed) (Total:931.5 GB) (Free:393.25 GB) NTFS
Drive e: (Lokaler Datenträger) (Fixed) (Total:1863 GB) (Free:349.76 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:232.76 GB) (Free:110.11 GB) NTFS

\\?\Volume{dbc87ede-719b-4f56-9b94-3ef41a523875}\ (Wiederherstellung) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{7c8c810d-934f-42f1-905f-aee6074b311d}\ () (Fixed) (Total:0.53 GB) (Free:0.1 GB) NTFS
\\?\Volume{62912f0f-2eb6-f0af-1ae9-9623b24cc418}\ () (Fixed) (Total:18.33 GB) (Free:0 GB) NTFS
\\?\Volume{294cdc64-6c8e-8c7d-bfc0-f1663e2663b2}\ () (Fixed) (Total:0.91 GB) (Free:0 GB) NTFS
\\?\Volume{ca7d7eb6-6947-87b2-6b6d-7ed69f7cde51}\ () (Fixed) (Total:151.45 GB) (Free:0 GB) NTFS
\\?\Volume{226526b1-b4af-08da-3a1b-5b1a21a0b378}\ () (Fixed) (Total:1.54 GB) (Free:0 GB) NTFS
\\?\Volume{46b8b30a-b774-031a-3140-8e827195daab}\ () (Fixed) (Total:14.46 GB) (Free:0 GB) NTFS
\\?\Volume{9b945542-a714-ec96-d2d1-40070ea79649}\ () (Fixed) (Total:2.69 GB) (Free:0 GB) NTFS
\\?\Volume{57632eb6-2e58-aee0-c3b3-41f762d36004}\ () (Fixed) (Total:1.33 GB) (Free:0 GB) NTFS
\\?\Volume{6598ecb1-9f7c-21c7-1b8b-f214616731c6}\ () (Fixed) (Total:4 GB) (Free:0 GB) NTFS
\\?\Volume{961a929f-03fb-f8a6-54ed-49c94a893164}\ () (Fixed) (Total:27.37 GB) (Free:0 GB) NTFS
\\?\Volume{ce411661-6bbf-2d14-9d73-47f63d0bba7a}\ () (Fixed) (Total:37.77 GB) (Free:0 GB) NTFS
\\?\Volume{fd777bb3-a00a-2c3f-e601-c5fc144c3674}\ () (Fixed) (Total:38.61 GB) (Free:0 GB) NTFS
\\?\Volume{4bcd32f0-3ae2-657e-a652-b76c8d68aade}\ () (Fixed) (Total:17.16 GB) (Free:0 GB) NTFS
\\?\Volume{90af256f-0c18-c857-d590-18238faeca47}\ () (Fixed) (Total:21.18 GB) (Free:0 GB) NTFS
\\?\Volume{a826d7b7-5bd9-be87-29d7-b51bb7610af9}\ () (Fixed) (Total:7.82 GB) (Free:0 GB) NTFS
\\?\Volume{bad8cc7d-f1b0-c100-9e02-882dd062cdcd}\ () (Fixed) (Total:9.24 GB) (Free:0 GB) NTFS
\\?\Volume{c75f4231-7509-3283-68b6-f4827ac6ac15}\ () (Fixed) (Total:2.84 GB) (Free:0 GB) NTFS
\\?\Volume{809cacdc-fba7-c4a2-aaf1-24f87a59cde9}\ () (Fixed) (Total:11.2 GB) (Free:0 GB) NTFS
\\?\Volume{c2d56657-8da2-b02b-de8a-574157dd5886}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{d8e7666c-7a83-0ee5-dcca-7ccbb1ed7090}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{f81ee982-ad3a-e0f3-2325-08d886cd66c9}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{a74463e5-eb45-4ae5-3791-12ad3e320325}\ () (Fixed) (Total:1.1 GB) (Free:0 GB) NTFS
\\?\Volume{cad7cfcf-dde4-f233-90a6-6b0dfa6cff63}\ () (Fixed) (Total:10.54 GB) (Free:0 GB) NTFS
\\?\Volume{5a2f1b75-7cf3-dc65-6c28-27ec9b597b0b}\ () (Fixed) (Total:29.38 GB) (Free:0 GB) NTFS
\\?\Volume{24fe11b9-311f-75dd-59f6-9f657991d39a}\ () (Fixed) (Total:122.6 GB) (Free:0 GB) NTFS
\\?\Volume{fef99fd2-93ea-80ca-9155-61e105c116a9}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{fb1a2230-9390-b2b1-30cc-d834456616f8}\ () (Fixed) (Total:4.78 GB) (Free:0 GB) NTFS
\\?\Volume{6c13b06c-a0dc-e5f8-ab8a-7be7b50dd034}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{39facdf8-c027-8a74-e579-ac7250cc7dc1}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{e930a4ec-d1bd-3b79-11a2-3df525ee525a}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{25fe2847-8cfa-b6c1-a0a1-3b63d52288c4}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{11d48397-873b-a502-bb32-9165d1967c1a}\ () (Fixed) (Total:11.34 GB) (Free:0 GB) NTFS
\\?\Volume{597f3ecb-c2a4-10db-4e94-b35c4896fe8a}\ () (Fixed) (Total:29.16 GB) (Free:0 GB) NTFS
\\?\Volume{a7537661-921f-ed59-a758-f2ff8a6db369}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{d60e95a3-9df7-45b5-0d8f-37f72c95d1d4}\ () (Fixed) (Total:2.84 GB) (Free:0 GB) NTFS
\\?\Volume{f1a81145-98ed-cd80-3af1-c9c79eb197d7}\ () (Fixed) (Total:0.92 GB) (Free:0 GB) NTFS
\\?\Volume{4aa1a03e-1f9e-ea3a-6ce5-297eb250d3b6}\ () (Fixed) (Total:12.41 GB) (Free:0 GB) NTFS
\\?\Volume{2132be11-e903-22fc-6da2-e43b59b94feb}\ () (Fixed) (Total:54.98 GB) (Free:0 GB) NTFS
\\?\Volume{7315615c-ffe3-7221-f856-5e20ae353d35}\ () (Fixed) (Total:37.54 GB) (Free:0 GB) NTFS
\\?\Volume{568ca148-bda1-2a91-8a10-ce4054ce433b}\ () (Fixed) (Total:47.51 GB) (Free:0 GB) NTFS
\\?\Volume{a2cbf1b3-e2b0-8f10-cf28-6e15fcda124a}\ () (Fixed) (Total:10.98 GB) (Free:0 GB) NTFS
\\?\Volume{79252ef8-f285-2269-5a8e-36121bb43f5a}\ () (Fixed) (Total:2.09 GB) (Free:0 GB) NTFS
\\?\Volume{b103b603-9b74-ed5a-137e-1244589ecf8b}\ () (Fixed) (Total:7.4 GB) (Free:0 GB) NTFS
\\?\Volume{59a2667d-16a2-466d-b98f-a0e45aed622a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 0656FCAD)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 8.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 9.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 10.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 11.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 12.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 13.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 14.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 15.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 16.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 17.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 18.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 19.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 20.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 21.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 22.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 23.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 24.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 25.

==================== Ende von Addition.txt =======================

ChristopherN · 01.09.2021, 00:58

Code:

ATTFilter

Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 28-08-2021
durchgeführt von Christopher (01-09-2021 01:41:42)
Gestartet von C:\Users\Christopher\Downloads
Start-Modus: Normal

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DataPower\Save Wizard for PS4 MAX\SWPS4MAX.exe.lnk -> [LFfhSBi+00Pahttps://www.savewizard.net/manual/]


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS\VEGAS Pro 14.0\Vegas Pro 14.0 (64-bit).lnk -> C:\Program Files\VEGAS\VEGAS Pro 14.0\vegas140.exe (MAGIX Computer Products Intl. Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS\VEGAS Pro 14.0\VEGAS Pro 14.0 Liesmich.lnk -> C:\Program Files\VEGAS\VEGAS Pro 14.0\readme\Vegas_readme_deu.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TegraRcmGUI\TegraRcmGUI.lnk -> C:\Program Files (x86)\TegraRcmGUI\TegraRcmGUI.exe (eliboa)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StrongVPN\StrongVPN.lnk -> C:\Program Files\StrongVPN\StrongVPN.exe (Strong Technology, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk -> C:\Program Files\obs-studio\bin\64bit\obs64.exe (OBS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk -> C:\Program Files\obs-studio\uninstall.exe (obsproject.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetriedashboard für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetrieprotokoll für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi\Logitech G HUB.lnk -> C:\Program Files\LGHUB\lghub.exe (Logitech, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG GALAXY\GOG GALAXY.lnk -> C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (GOG.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato\Sound Capture\Sound Capture.lnk -> C:\Program Files\Elgato\SoundCapture\SoundCapture.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato\Game Capture HD\Game Capture HD.lnk -> C:\Program Files\Elgato\GameCapture\GameCapture.exe (Elgato Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato\4KCapture\4K Capture Utility.lnk -> C:\Program Files\Elgato\4KCaptureUtility\4KCaptureUtility.exe (Elgato Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\EA Desktop.lnk -> C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\EA Error Reporter.lnk -> C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\ErrorReporter.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo\CrystalDiskInfo (32bit).lnk -> C:\Program Files\CrystalDiskInfo\DiskInfo32.exe (Crystal Dew World)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo\CrystalDiskInfo (64bit).lnk -> C:\Program Files\CrystalDiskInfo\DiskInfo64.exe (Crystal Dew World)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.ini ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect Secure Mobility Client\Cisco AnyConnect Secure Mobility Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\Links\Desktop.lnk -> C:\Users\Christopher\OneDrive\Desktop ()
Shortcut: C:\Users\Christopher\Links\Downloads.lnk -> C:\Users\Christopher\Downloads ()
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Christopher\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\Christopher\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Ubisoft Connect\Ubisoft Connect.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftConnect.exe (Ubisoft)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Ubisoft Connect\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Christopher\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky\Sky Go.lnk -> C:\Users\Christopher\AppData\Roaming\Sky\Sky Go\Sky Go.exe (Sky Deutschland AG)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Rockstar Games Launcher.lnk -> C:\Program Files\Rockstar Games\Launcher\LauncherPatcher.exe (Rockstar Games)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online\Pokémon Trading Card Game Online.lnk -> C:\Users\Christopher\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Pokemon Trading Card Game Online.exe ()
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk -> C:\Users\Christopher\AppData\Local\MEGAsync\MEGA Website.url ()
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk -> C:\Users\Christopher\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk -> C:\Users\Christopher\AppData\Local\MEGAsync\uninst.exe (MEGA Limited)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DataPower\Save Wizard for PS4 MAX\Save Wizard for PS4 MAX.lnk -> C:\Users\Christopher\AppData\Roaming\Microsoft\Installer\{D0DDCFB5-446F-423A-8C72-6CFE537AF959}\StartMenuIcon.exe (Datapower)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\EA Desktop.lnk -> C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe (Electronic Arts)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\EpicGamesLauncher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GOG GALAXY.lnk -> C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (GOG.com)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OBS Studio.lnk -> C:\Program Files\obs-studio\bin\64bit\obs64.exe (OBS)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sky Go.lnk -> C:\Users\Christopher\AppData\Roaming\Sky\Sky Go\Sky Go.exe (Sky Deutschland AG)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam Client Bootstrapper.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ubisoft Connect launcher.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe (Ubisoft)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vegas Pro 14.0 (64-bit).lnk -> C:\Program Files\VEGAS\VEGAS Pro 14.0\vegas140.exe (MAGIX Computer Products Intl. Co.)
Shortcut: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Christopher\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\CPUID CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\EA Desktop.lnk -> C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\StrongVPN.lnk -> C:\Program Files\StrongVPN\StrongVPN.exe (Strong Technology, LLC)
Shortcut: C:\Users\Public\Desktop\TegraRcmGUI.lnk -> C:\Program Files (x86)\TegraRcmGUI\TegraRcmGUI.exe (eliboa)
Shortcut: C:\Users\Public\Desktop\Vegas Pro 14.0 (64-bit).lnk -> C:\Program Files\VEGAS\VEGAS Pro 14.0\vegas140.exe (MAGIX Computer Products Intl. Co.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Suite 2\Sonic Radar.lnk -> C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe (ASUSTeK COMPUTER INC.) -> /open_module SonicRadar.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Suite 2\Sonic Studio.lnk -> C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe (ASUSTeK COMPUTER INC.) -> /open_module SonicStudio.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato\Game Capture HD\Deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {D85B8C0A-5A15-4C9C-8AA7-6C1645D988B5}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato\4KCapture\Deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {CE361A72-A4C8-4907-BFA4-214FD879D4AE}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\App Recovery.lnk -> C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe (Electronic Arts) -> -recovery
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\EA Recovery Helper.lnk -> C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe (Electronic Arts) -> -recovery
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Word\Hausarbeit%20Altertum,%20C.N.309071912599951052\Hausarbeit%20Altertum,%20C.N..docx.lnk -> C:\Users\Christopher\OneDrive\Desktop\Uni\Hausarbeit Altertum, C.N..docx () -> 0
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Word\Ephoros%20Quellenpapier309071873358956168\Ephoros%20Quellenpapier.docx.lnk -> C:\Users\Christopher\OneDrive\Desktop\Uni\Ephoros Quellenpapier.docx () -> 14
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\Christopher\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {64016A5D-F7EF-47DF-B593-022F2F60D294}
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\Christopher\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Christopher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk -> C:\Users\Christopher\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Christopher\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\Users\Christopher\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Christopher\AppData\Local\MEGAsync\MEGA Website.url -> URL: hxxp://www.mega.nz

==================== Ende vom Shortcut.txt =============================

cosinus · 01.09.2021, 09:26

Ja, es sieht so aus, als hättest du dir irgendeinen Crack geladen wenn ich sowas sehe:

Zitat:

Pfad: file:_C:\Users\Christopher\AppData\Local\Temp\Temp2_WINRAR+602.rar-PLND-ANbvLWE8dwAABTwCAERFFwASADO3BWAA.zip\WINRAR+602.rar-PLND-ANbvLWE8dwAABTwCAERFFwASADO3BWAA.exe

Oder hast du ne andere Erklärung dafür?

ChristopherN · 01.09.2021, 09:37

Zitat:

Zitat von cosinus

Ja, es sieht so aus, als hättest du dir irgendeinen Crack geladen wenn ich sowas sehe:

Oder hast du ne andere Erklärung dafür?

Ich will hier nicht lügen und den Schuh muss ich mir anziehen: Ich habe es versucht, doof halt, wenn man keine Ahnung davon hat. Jetzt habe ich den Salat und muss meine Lehren hier ziehen. Ich weiß, dass das hier im Forum nicht gerne gesehen wird und mir war klar, dass das zur Sprache kommen würde. Ich bitte dennoch gnädigst um deine Hilfe.

cosinus · 01.09.2021, 09:38

Dann bechte bitte zuerst mal diesen Hinweis:

Cracks, Keygens und andere illegale Software

Bitte lesen => Cracks, Keygens und andere illegale Software

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

ChristopherN · 01.09.2021, 09:44

Hinweis durchgelesen und den Schritt vollzogen.

cosinus · 01.09.2021, 09:48

Störende, veraltete oder unnötige Programme deinstallieren

Bitte über Programme und Features (appwiz.cpl) deinstallieren:

Adobe Flash Player 11 Plugin
Google Chrome (durch Mozilla Firefox ersetzen)
WinRAR 6.02 (64-Bit)

ChristopherN · 01.09.2021, 09:51

Alle geforderten Programme wurden deinstalliert.

cosinus · 01.09.2021, 10:09

adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner bitte wiederholen falls es Funde gab.

ChristopherN · 01.09.2021, 10:45

Bin deiner Anweisung gefolgt und habe den Scan gemacht und wiederholt bei einem Fund: Das könnte mich wohl den ganzen Tag Scans durchführen lassen. Hier vorerst drei Scans:

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-01-2021
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  3
# Awaiting reboot:1
# Failed:   0


***** [ Services ] *****

Deleted       WinDefender

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\END
Needs Reboot  C:\Windows\System32\drivers\WinmonProcessMonitor.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Files ] *****

Cleaning failed   C:\Windows\System32\drivers\WinmonProcessMonitor.sys

*************************

AdwCleaner[S00].txt - [1519 octets] - [01/09/2021 11:34:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-01-2021
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  2
# Awaiting reboot:1
# Failed:   0


***** [ Services ] *****

Deleted       WinDefender

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Needs Reboot  C:\Windows\System32\drivers\WinmonProcessMonitor.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Files ] *****

Cleaning failed   C:\Windows\System32\drivers\WinmonProcessMonitor.sys

*************************

AdwCleaner[S00].txt - [1519 octets] - [01/09/2021 11:34:45]
AdwCleaner[C00].txt - [1845 octets] - [01/09/2021 11:35:21]
AdwCleaner[S01].txt - [1601 octets] - [01/09/2021 11:38:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-01-2021
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  2
# Awaiting reboot:1
# Failed:   0


***** [ Services ] *****

Deleted       WinDefender

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Needs Reboot  C:\Windows\System32\drivers\WinmonProcessMonitor.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Files ] *****

Cleaning failed   C:\Windows\System32\drivers\WinmonProcessMonitor.sys

*************************

AdwCleaner[S00].txt - [1519 octets] - [01/09/2021 11:34:45]
AdwCleaner[C00].txt - [1845 octets] - [01/09/2021 11:35:21]
AdwCleaner[S01].txt - [1601 octets] - [01/09/2021 11:38:45]
AdwCleaner[C01].txt - [1945 octets] - [01/09/2021 11:38:57]
AdwCleaner[S02].txt - [1723 octets] - [01/09/2021 11:40:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

cosinus · 01.09.2021, 12:23

Dann bitte jetzt weiter machen mit Malwarebytes Antimalware

ChristopherN · 01.09.2021, 19:31

Ich kann das nicht installieren. Jedes Mal schlägt die Installation fehl mit einem kleinen Fenster ohne, dass irgendetwas herauszulesen ist. Wenn ich darauf drücke, kann ich mich mit ca. 3 Neustarts rumschlagen, nur um am Ende die Meldung "Es ist ein Fehler aufgetreten. Malwarebytes Anti-Malware konnte nicht installiert werden."

cosinus · 01.09.2021, 22:51

Da wirst du dir mit dem Crack ein schönes rootkit eingefangen haben, MKDB gab heute einen Hinweis dazu.

Probieren wir mal etwas zu fixen und dann Malwarebytes danach nochmal. Ist aber auch gut möglich, dass das hier nichts mehr bringt und du alles neu plätten und neu installieren musst.

Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [HolySnowflake] => C:\WINDOWS\rss\csrss.exe [4655616 2021-08-31] () [Datei ist nicht signiert] <==== ACHTUNG
Task: {01264865-B482-4405-902E-71A75299F338} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [4655616 2021-08-31] () [Datei ist nicht signiert] <==== ACHTUNG
R2 WinDefender; C:\WINDOWS\windefender.exe [0 0000-00-00] (Zugriff verweigert) <==== ACHTUNG (Zugriff verweigert) <==== ACHTUNG
R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ACHTUNG (Null Byte Datei/Ordner)
R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2021-08-31] (WDKTestCert Admin,131666266076831434 -> ) [Datei ist nicht signiert] <==== ACHTUNG
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
C:\WINDOWS\System32\drivers\Winmon.sys
C:\WINDOWS\System32\drivers\WinmonFS.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\WINDOWS\system32\Tasks\csrss
C:\WINDOWS\rss
cmd: reg query "HKCU\Environment"
cmd: reg query "HKCU\Software"
cmd: netsh advfirewall reset
emptytemp:
End::

Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

ChristopherN · 01.09.2021, 23:00

Ja, das war echt unfassbar dämlich meinerseits - nach diesem Stress unterlasse ich das auch dauerhaft, das ist den Ärger einfach nicht wert.

Code:

ATTFilter

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-09-2021
durchgeführt von Christopher (01-09-2021 23:56:02) Run:1
Gestartet von C:\Users\Christopher\Downloads
Geladene Profile: Christopher
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\...\Run: [HolySnowflake] => C:\WINDOWS\rss\csrss.exe [4655616 2021-08-31] () [Datei ist nicht signiert] <==== ACHTUNG
Task: {01264865-B482-4405-902E-71A75299F338} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [4655616 2021-08-31] () [Datei ist nicht signiert] <==== ACHTUNG
R2 WinDefender; C:\WINDOWS\windefender.exe [0 0000-00-00] (Zugriff verweigert) <==== ACHTUNG (Zugriff verweigert) <==== ACHTUNG
R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ACHTUNG (Null Byte Datei/Ordner)
R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2021-08-31] (WDKTestCert Admin,131666266076831434 -> ) [Datei ist nicht signiert] <==== ACHTUNG
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
C:\WINDOWS\System32\drivers\Winmon.sys
C:\WINDOWS\System32\drivers\WinmonFS.sys
C:\Windows\System32\drivers\WinmonProcessMonitor.sys
C:\WINDOWS\system32\Tasks\csrss
C:\WINDOWS\rss
cmd: reg query "HKCU\Environment"
cmd: reg query "HKCU\Software"
cmd: netsh advfirewall reset
emptytemp:

*****************

Prozesse erfolgreich geschlossen.
"HKU\S-1-5-21-3197034990-4118748310-3737670740-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HolySnowflake" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01264865-B482-4405-902E-71A75299F338}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01264865-B482-4405-902E-71A75299F338}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\csrss => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss" => erfolgreich entfernt
WinDefender => Dienst konnte nicht gestoppt werden.
HKLM\System\CurrentControlSet\Services\WinDefender => erfolgreich entfernt
WinDefender => Dienst erfolgreich entfernt
Winmon => Dienst konnte nicht gestoppt werden.
HKLM\System\CurrentControlSet\Services\Winmon => erfolgreich entfernt
Winmon => Dienst erfolgreich entfernt
WinmonFS => Dienst konnte nicht gestoppt werden.
HKLM\System\CurrentControlSet\Services\WinmonFS => erfolgreich entfernt
WinmonFS => Dienst erfolgreich entfernt
WinmonProcessMonitor => Dienst konnte nicht gestoppt werden.
HKLM\System\CurrentControlSet\Services\WinmonProcessMonitor => erfolgreich entfernt
WinmonProcessMonitor => Dienst erfolgreich entfernt
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
Konnte nicht verschoben werden "C:\WINDOWS\System32\drivers\Winmon.sys" => ist geplant bei Neustart verschoben zu werden.
Konnte nicht verschoben werden "C:\WINDOWS\System32\drivers\WinmonFS.sys" => ist geplant bei Neustart verschoben zu werden.
C:\Windows\System32\drivers\WinmonProcessMonitor.sys => erfolgreich verschoben
"C:\WINDOWS\system32\Tasks\csrss" => nicht gefunden

"C:\WINDOWS\rss" Ordner verschieben:

Konnte nicht verschoben werden "C:\WINDOWS\rss" => ist geplant bei Neustart verschoben zu werden.


========= reg query "HKCU\Environment" =========


HKEY_CURRENT_USER\Environment
    Path    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
    TEMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
    TMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
    OneDrive    REG_EXPAND_SZ    C:\Users\Christopher\OneDrive
    OneDriveConsumer    REG_EXPAND_SZ    C:\Users\Christopher\OneDrive


========= Ende von CMD: =========


========= reg query "HKCU\Software" =========


HKEY_CURRENT_USER\Software\Activision
HKEY_CURRENT_USER\Software\Adobe
HKEY_CURRENT_USER\Software\Amazon
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\ASUSTeKcomputer.Inc
HKEY_CURRENT_USER\Software\Battlestate Games
HKEY_CURRENT_USER\Software\Berserk Games
HKEY_CURRENT_USER\Software\Blizzard Entertainment
HKEY_CURRENT_USER\Software\BugSplat
HKEY_CURRENT_USER\Software\Buhl Data Service GmbH
HKEY_CURRENT_USER\Software\Chromium
HKEY_CURRENT_USER\Software\Cisco
HKEY_CURRENT_USER\Software\Clients
HKEY_CURRENT_USER\Software\DataPower
HKEY_CURRENT_USER\Software\DirectShow
HKEY_CURRENT_USER\Software\Discord
HKEY_CURRENT_USER\Software\Electronic Arts
HKEY_CURRENT_USER\Software\Elgato Systems
HKEY_CURRENT_USER\Software\Elgato Systems GmbH
HKEY_CURRENT_USER\Software\Epic Games
HKEY_CURRENT_USER\Software\Frontier Developments
HKEY_CURRENT_USER\Software\GOG.com
HKEY_CURRENT_USER\Software\Google
HKEY_CURRENT_USER\Software\Hasbro, Inc.
HKEY_CURRENT_USER\Software\IM Providers
HKEY_CURRENT_USER\Software\Innersloth
HKEY_CURRENT_USER\Software\IO Interactive
HKEY_CURRENT_USER\Software\Khronos
HKEY_CURRENT_USER\Software\Konami Digital Entertainment Co., Ltd.
HKEY_CURRENT_USER\Software\LogiShrd
HKEY_CURRENT_USER\Software\Logitech
HKEY_CURRENT_USER\Software\Macromedia
HKEY_CURRENT_USER\Software\Magix
HKEY_CURRENT_USER\Software\Malwarebytes
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\MountAndBladeWarbandKeys
HKEY_CURRENT_USER\Software\Mozilla
HKEY_CURRENT_USER\Software\MozillaPlugins
HKEY_CURRENT_USER\Software\Nahimic
HKEY_CURRENT_USER\Software\Ndemic Creations
HKEY_CURRENT_USER\Software\Netscape
HKEY_CURRENT_USER\Software\NVIDIA Corporation
HKEY_CURRENT_USER\Software\ODBC
HKEY_CURRENT_USER\Software\Paradox Interactive
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\QtProject
HKEY_CURRENT_USER\Software\Realtek
HKEY_CURRENT_USER\Software\Rebuilt Games
HKEY_CURRENT_USER\Software\RegisteredApplications
HKEY_CURRENT_USER\Software\ROBLOX Corporation
HKEY_CURRENT_USER\Software\Rockstar Games
HKEY_CURRENT_USER\Software\Sony Creative Software
HKEY_CURRENT_USER\Software\SplitmediaLabs
HKEY_CURRENT_USER\Software\Spotify
HKEY_CURRENT_USER\Software\Strong Technology, LLC
HKEY_CURRENT_USER\Software\SyncEngines
HKEY_CURRENT_USER\Software\Team17 Digital Ltd
HKEY_CURRENT_USER\Software\TeamSpeak 3 Client
HKEY_CURRENT_USER\Software\The Creative Assembly
HKEY_CURRENT_USER\Software\The Irregular Corp
HKEY_CURRENT_USER\Software\The PokÇ¸mon Company International
HKEY_CURRENT_USER\Software\The Pok‚mon Company International
HKEY_CURRENT_USER\Software\Twitch Desktop
HKEY_CURRENT_USER\Software\Ubisoft
HKEY_CURRENT_USER\Software\UbiSoftCTU
HKEY_CURRENT_USER\Software\Unity
HKEY_CURRENT_USER\Software\Valve
HKEY_CURRENT_USER\Software\VB and VBA Program Settings
HKEY_CURRENT_USER\Software\WallpaperEngine
HKEY_CURRENT_USER\Software\WinRAR SFX
HKEY_CURRENT_USER\Software\WixSharp
HKEY_CURRENT_USER\Software\Wow6432Node
HKEY_CURRENT_USER\Software\WW1 Game Series
HKEY_CURRENT_USER\Software\ZoomUMX
HKEY_CURRENT_USER\Software\Classes

========= Ende von CMD: =========


========= netsh advfirewall reset =========

OK.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 431698233 B
Java, Flash, Steam htmlcache => 683972055 B
Windows/system/drivers => 455296155 B
Edge => 0 B
Chrome => 118542835 B
Firefox => 1100219980 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 17288 B
NetworkService => 933896 B
Christopher => 199556532 B

RecycleBin => 2120496 B
EmptyTemp: => 2.8 GB temporäre Dateien entfernt.

================================

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 01-09-2021 23:58:02)

C:\WINDOWS\System32\drivers\Winmon.sys => ist erfolgreich verschoben
C:\WINDOWS\System32\drivers\WinmonFS.sys => ist erfolgreich verschoben
C:\WINDOWS\rss => ist erfolgreich verschoben

==== Ende vom Fixlog 23:58:02 ====

01.09.2021, 10:09	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win10: Autostart plötzlich verlangsamt und Installation von Malwarebytes funktioniert nicht (Zu viele Zeichen, Logs aufgeteilt) adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner bitte wiederholen falls es Funde gab. __________________ Logfiles bitte immer in CODE-Tags posten

01.09.2021, 12:23	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win10: Autostart plötzlich verlangsamt und Installation von Malwarebytes funktioniert nicht (Zu viele Zeichen, Logs aufgeteilt) Dann bitte jetzt weiter machen mit Malwarebytes Antimalware __________________ Logfiles bitte immer in CODE-Tags posten

Win10: Autostart plötzlich verlangsamt und Installation von Malwarebytes funktioniert nicht (Zu viele Zeichen, Logs aufgeteilt)

Log-Analyse und Auswertung: Win10: Autostart plötzlich verlangsamt und Installation von Malwarebytes funktioniert nicht (Zu viele Zeichen, Logs aufgeteilt)