Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025 Ran by benma (28-12-2025 12:32:38) Running from C:\Users\benma\OneDrive\Desktop\frst Microsoft Windows 11 Pro Version 22H2 22621.6199 (X64) (2025-09-11 18:14:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1548154573-3361529061-2305374811-500 - Administrator - Disabled) benma (S-1-5-21-1548154573-3361529061-2305374811-1001 - Administrator - Enabled) => C:\Users\benma DefaultAccount (S-1-5-21-1548154573-3361529061-2305374811-503 - Limited - Disabled) Gast (S-1-5-21-1548154573-3361529061-2305374811-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1548154573-3361529061-2305374811-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 20.00 alpha (x64) (HKLM\...\7-Zip) (Version: 20.00 alpha - Igor Pavlov) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 7.11.26.2142 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.134 - Advanced Micro Devices, Inc.) Hidden AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.40.0.0 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\{a2c5e97a-dd0d-4a8c-b1fc-dfcaf9a0a4a2}) (Version: 7.11.26.2142 - Advanced Micro Devices, Inc.) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlestate Games Launcher 12.12.1.1911 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 12.12.1.1911 - Battlestate Games) CPUID CPU-Z 1.96 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.96 - CPUID, Inc.) Diablo IV (HKLM-x32\...\Diablo IV) (Version: - Blizzard Entertainment) Discord (HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\Discord) (Version: 1.0.9219 - Discord Inc.) EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.58.0.5571 - Electronic Arts) Hidden EA app (HKLM-x32\...\{ed8a2f43-547f-432b-81a0-3bd1cf37bb83}) (Version: 13.58.0.5571 - Electronic Arts) ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.12.30.18876 - Battlestate Games) fmXML version 0.3 (HKLM-x32\...\fmXML_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 143.0.7499.170 - Google LLC) iCloud Outlook (HKLM\...\{11727D12-D910-486F-9B36-B496F4AB334D}) (Version: 14.1.0.108 - Apple Inc.) Kinect for Windows Speech Recognition Language Pack (de-DE) (HKLM-x32\...\{898AA67F-99B8-4C7F-9611-B11F98EF6E78}) (Version: 11.0.7413.611 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-IE) (HKLM-x32\...\{998D5259-3BED-4710-98FF-D63387B5429E}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-NZ) (HKLM-x32\...\{07FC9CAD-FCEC-4186-BB83-EF7CCC9372BA}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc) Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.19426.20218 - Microsoft Corporation) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.19426.20218 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 144.0.3719.35 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 143.0.3650.96 - Microsoft Corporation) Hidden Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.25.18302 - Microsoft) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang) MiniTool Partition Wizard Free 13.5 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 13.5 - MiniTool Software Limited) Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 115.0.2 (x64 de)) (Version: 115.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.2 - Mozilla) MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.77 - MSI) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.2 - Notepad++ Team) NVIDIA App 11.0.5.420 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.5.420 - NVIDIA Corporation) NVIDIA FrameView SDK 1.5.11504.36206172 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.11504.36206172 - NVIDIA Corporation) NVIDIA Grafiktreiber 591.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 591.59 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.4.5.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.5.7 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation) NVIDIA USBC Driver 1.52.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.52.831.832 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19426.20170 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.19426.20170 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.3.0 - Advanced Micro Devices, Inc.) Hidden Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9815.1 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.74.1128.2024 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.8.1 - Realtek) Riot Client (HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation) TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.53.0 - TechPowerUp) thesettlers7 (HKLM-x32\...\Uplay Install 11788) (Version: - Ubisoft) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 138.3.10824 - Ubisoft) Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation) Windows 11-Installationsassistent (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.6448 - Microsoft Corporation) Windows-PC-Integritätsprüfung (HKLM\...\{E06F96B5-4369-4BDC-B64D-2A8A02FE069B}) (Version: 4.0.2410.23001 - Microsoft Corporation) WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH) XAMPP (HKLM\...\xampp) (Version: 8.2.12-0 - Apache Friends) XDefiant (HKLM-x32\...\Uplay Install 15657) (Version: - Ubisoft) Zoom (HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\ZoomUMX) (Version: 5.3.0 (52670.0921) - Zoom Video Communications, Inc.) Chrome apps: ============ Sheets (HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\cab50a5ebc384dbf4f99096e651970b2) (Version: 1.0 - Google\Chrome) Packages: ========= iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.6.113.0_x64__nzyj5cx40ttqa [2025-12-21] (Apple Inc.) [Startup Task] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa [2025-11-16] (Apple Inc.) [Startup Task] Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-12-20] () Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-04-11] (Microsoft Corporation) Microsoft 365 companion apps -> C:\Program Files\WindowsApps\Microsoft.M365Companions_2.2510.30002.0_x64__8wekyb3d8bbwe [2025-11-16] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-13] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-13] (Microsoft Corporation) [MS Ad] Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-12-20] () Notepad++ -> C:\Program Files\Notepad++\contextMenu [2025-11-19] (Notepad++) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.969.0_x64__56jybvy8sckqj [2025-12-27] (NVIDIA Corp.) OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-12-20] () Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.52.357.0_x64__dt26b99r8h8gj [2025-11-16] (Realtek Semiconductor Corp) Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001_Classes\CLSID\{082B8BD9-7501-4391-BA2A-66C5B2EC2194} -> [iCloud-Fotos] => C:\Users\benma\iCloudPhotos\Photos [2023-04-21 22:39] CustomCLSID: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001_Classes\CLSID\{69C0B2C5-7521-455F-9757-7BF32941B5B3} -> [iCloud Drive] => C:\Users\benma\OneDrive\Desktop\iCloud\iCloudDrive [2023-04-21 22:39] CustomCLSID: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\benma\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File CustomCLSID: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\benma\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File CustomCLSID: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001_Classes\CLSID\{EABAE40C-B27C-455A-B672-F234DD780948}\InprocServer32 -> C:\Users\benma\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.25.18302\x64\Microsoft.Teams.MeetingAddin.DLL (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4646b47d9477048e\nvshext.dll [2025-12-12] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2024-12-18 23:38 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll 2020-04-17 17:43 - 2020-02-06 14:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2020-09-25 11:33 - 2020-09-25 11:33 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll 2020-09-25 11:33 - 2020-09-25 11:33 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2025-12-20 14:21 - 2025-12-20 14:21 - 000000000 ___JL (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA App\MessageBusRouter.dll] C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\plugins\NVIDIA Overlay\MessageBusRouter.dll 2025-01-14 16:32 - 2025-12-20 14:21 - 000000000 ___JL (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log:F107EE40EF [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log_backup1:2DD1EC5C91 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log:CCC93B07B0 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log_backup1:AD433BF298 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log:72C8986B20 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log_backup1:97A90964FA [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log:C40F6B9209 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log_backup1:7CC29836A6 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log:AE3C879266 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log:DE1448F4D7 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer15.log:16B67B15CB [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer16.log:2B192A174C [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer17.log:3D6CA1C7DE [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer18.log:A25BF494CE [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer2.log:CCB2353F35 [5138] AlternateDataStreams: C:\ProgramData\DisplaySessionContainer2.log_backup1:0544EFE2DB [5138] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5138] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5138] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [5138] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fmXML.lnk:41372FB4CD [5138] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCUE.lnk:35C8A47BAF [4290] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCUE.lnk:97831153DE [5138] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [5138] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5138] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7472] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2025-12-20] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-08] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\sharepoint.com -> hxxps://studinternationaleba-files.sharepoint.com IE trusted site: HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Network =========================== (Currently there is no automatic fix for this section.) DNS Servers: 192.168.178.1 Windows Firewall is enabled. Network Binding: ============= Ethernet 2: Realtek PCIe GbE Family Controller #2 -> rt640x64.sys rtk_ndisprot: Realtek NDIS Protocol Driver (NDIS 6.40) rtk_teampt: Realtek Teaming Protocol Driver (NDIS 6.40) rtk_vlanpt: Realtek Vlan Protocol Driver (NDIS 6.40) ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\benma\OneDrive\Desktop\music cover\travis-scott-highest-in-the-room-desktop-wallpaper-4k-resolution-3840×2160.jpg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5) HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "Riot Vanguard" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run32: => "MSIRegister" HKLM\...\StartupApproved\Run32: => "Live Update" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "Skype for Desktop" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "FACEIT" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "Microsoft.Lists" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-1548154573-3361529061-2305374811-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_321C9B9C46B6500E0A5A39232496A26D" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E5F113E9-73B4-418B-B222-495AB3D75219}] => (Allow) D:\Steam\steamapps\common\Stronghold Crusader Definitive Edition\Stronghold Crusader Definitive Edition.exe () [File not signed] FirewallRules: [{10037531-EF30-4677-A02D-B618940C7706}] => (Allow) D:\Steam\steamapps\common\Stronghold Crusader Definitive Edition\Stronghold Crusader Definitive Edition.exe () [File not signed] FirewallRules: [UDP Query User{2B8D1F8B-84B7-4467-8022-D7B91C54815D}C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe (Blue Byte GmbH -> Blue Byte GmbH) FirewallRules: [TCP Query User{9CACD30D-89F6-45D6-97E6-67792607E7BB}C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe (Blue Byte GmbH -> Blue Byte GmbH) FirewallRules: [{4976B925-CB82-4946-8463-EA3DCCC0105F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8D39AE7F-7FD4-4E07-ACFB-EC8CFC056C49}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{6A6FE0A5-7937-4383-8D88-9E3895D66202}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{461CC0A1-E571-4C24-8FAB-38A914B1133D}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{79EAA11E-F479-4F58-8617-55C1B72D0AD6}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [{2B592D56-F152-47BD-A2DF-52B49582B48F}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [{B59CFC88-3A3B-475A-A7AE-A36BB6BE6B18}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [{D7A12B2C-F9C6-443A-A6C9-FCA11E9A3160}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [{3B64DE1E-B2C5-41C9-88CD-034AEFF4CC0D}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [{F6751EFD-B1B8-489F-A278-0F020AAD29E8}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [UDP Query User{C605ADFF-90CE-4471-AF5C-32A21C26C01A}C:\program files (x86)\minecraft launcher\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe FirewallRules: [TCP Query User{8C9036EF-8FA3-480D-A212-74D4C23D37ED}C:\program files (x86)\minecraft launcher\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe FirewallRules: [{D800E8AF-C381-44CD-8DCE-A444DE958669}] => (Allow) D:\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed] FirewallRules: [{2925138B-6BF3-4523-950C-297A93BA4637}] => (Allow) D:\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed] FirewallRules: [UDP Query User{70DFBE84-72B1-4BB0-BC14-EEE1DA5B1000}D:\call of duty\_retail_\cod.exe] => (Allow) D:\call of duty\_retail_\cod.exe => No File FirewallRules: [TCP Query User{B5E6DD05-53F0-43E5-9472-7CF040547ACE}D:\call of duty\_retail_\cod.exe] => (Allow) D:\call of duty\_retail_\cod.exe => No File FirewallRules: [UDP Query User{E9874E9A-40B6-4FC9-82D4-9CD18D25AAD7}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{8A7BA7DA-56F9-4D30-B30C-BC20AB9AEFD2}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{9E15F5D7-F738-4A0F-B106-CDA1DC05368E}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe => No File FirewallRules: [TCP Query User{0D39F907-ECF3-4FE2-A8DA-6AAA60751D1E}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe => No File FirewallRules: [UDP Query User{968CBA3F-0734-4E72-8937-52DF06685CA4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe => No File FirewallRules: [TCP Query User{CD4B8F4F-E0F8-4FA9-9CF0-48E89881D575}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe => No File FirewallRules: [{DA4F5F5E-CA00-40F1-98F2-276AF0DE50C9}] => (Allow) D:\Steam\steamapps\common\Pummel Party\PummelParty.exe () [File not signed] FirewallRules: [{E510EEFC-3AAA-4629-91ED-F708E426DE5D}] => (Allow) D:\Steam\steamapps\common\Pummel Party\PummelParty.exe () [File not signed] FirewallRules: [UDP Query User{80719234-BEEB-439D-99D1-AB4521C25E97}D:\diablo iv\diablo iv.exe] => (Allow) D:\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [TCP Query User{837163BA-9DBC-4E15-A54B-1E1B4F6F1BAA}D:\diablo iv\diablo iv.exe] => (Allow) D:\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{527D2D8E-4708-4821-9002-C23E1C85E794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2024\fm.exe (Sports Interactive) [File not signed] FirewallRules: [{9309410E-88FF-4E23-A7A5-1E63F9C9A191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2024\fm.exe (Sports Interactive) [File not signed] FirewallRules: [UDP Query User{8D89AA44-1025-4FFF-8336-341E333BFE26}D:\madden nfl 24\madden24.exe] => (Allow) D:\madden nfl 24\madden24.exe => No File FirewallRules: [TCP Query User{6928A4AE-C278-41A5-B5F9-A82495A3AFC5}D:\madden nfl 24\madden24.exe] => (Allow) D:\madden nfl 24\madden24.exe => No File FirewallRules: [{4759CC85-B663-4D91-BADE-01BFCD0F55F0}] => (Allow) D:\Madden NFL 24\EAAntiCheat.GameServiceLauncher.exe => No File FirewallRules: [{F26A6F20-63A8-403C-A496-FFC5450979E0}] => (Allow) D:\Madden NFL 24\EAAntiCheat.GameServiceLauncher.exe => No File FirewallRules: [{847C26F2-31D8-4B9C-9A14-F31E0697004C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{6292FCC1-0A9B-4635-AA99-E5C3642F5B66}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{1B0352DB-BC0B-4560-87EE-C9AF2F497B89}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{6C5771A7-08B4-4947-921D-8B5036B5DB19}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{746D7299-0D7F-4065-8D61-AA1CB384F0BC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{35E57EC8-AE0F-4081-A637-19CD0ED9AEBD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{CF683FAC-37E4-429B-8FE5-6B61DB037C6A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{87A63C2C-985E-4915-BA88-0FCDCD358F11}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{2B12812C-E739-4538-83AD-6F1086B624E1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{E5ADA283-5BF7-4934-B173-B9D248F8D676}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{BAC5C6A3-6EFA-4B71-9D83-C9778DD4FDDB}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{3CC988AF-8E35-4BD5-A490-3772375A3D7D}C:\diablo iv\diablo iv.exe] => (Allow) C:\diablo iv\diablo iv.exe => No File FirewallRules: [TCP Query User{4325C78E-AEA7-4AEA-A1B6-F4EBE5750591}C:\diablo iv\diablo iv.exe] => (Allow) C:\diablo iv\diablo iv.exe => No File FirewallRules: [UDP Query User{9AA7C9AE-2152-4080-B602-CD08471C9826}C:\users\benma\appdata\local\faceit\app-1.31.13\faceit.exe] => (Allow) C:\users\benma\appdata\local\faceit\app-1.31.13\faceit.exe => No File FirewallRules: [TCP Query User{23F9B542-206D-4EFC-AF49-71D846BC580E}C:\users\benma\appdata\local\faceit\app-1.31.13\faceit.exe] => (Allow) C:\users\benma\appdata\local\faceit\app-1.31.13\faceit.exe => No File FirewallRules: [UDP Query User{A8A4524D-F720-47AB-A003-D2750512194B}C:\users\benma\appdata\local\faceit\app-1.31.7\faceit.exe] => (Allow) C:\users\benma\appdata\local\faceit\app-1.31.7\faceit.exe => No File FirewallRules: [TCP Query User{17CAFD6B-91FB-48EC-AF41-89580BA504C4}C:\users\benma\appdata\local\faceit\app-1.31.7\faceit.exe] => (Allow) C:\users\benma\appdata\local\faceit\app-1.31.7\faceit.exe => No File FirewallRules: [UDP Query User{0E6AA6D5-7FF1-4894-B1BB-51EBEC7987E9}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{986F8124-20EF-4BC7-A937-2E40CCD65509}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{95DFFAAB-CE72-49A7-97A8-4533BAC44F53}C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe (Blue Byte GmbH -> Blue Byte GmbH) FirewallRules: [TCP Query User{841FBC09-85EF-4C8B-A6E5-98AF89AD22D9}C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers7\base\bin\settlers7r.exe (Blue Byte GmbH -> Blue Byte GmbH) FirewallRules: [UDP Query User{DD05B0B3-643C-495E-A151-2ACFE7965B42}C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers4\s4_main.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers4\s4_main.exe => No File FirewallRules: [TCP Query User{A5C4B3DE-5460-4AD1-AA59-2884056E7481}C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers4\s4_main.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\thesettlers4\s4_main.exe => No File FirewallRules: [UDP Query User{CD7B466A-A9FF-4B0C-BD7E-A4903AE517FB}C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [TCP Query User{B3B517D3-DB0D-49CE-911D-7D2D08231D01}C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{098198F5-BA99-4E60-9DDF-0C86F592F657}] => (Allow) D:\Steam\steamapps\common\Football Manager 2023\fm.exe => No File FirewallRules: [{32273222-FBE7-455B-8262-423A1FD71722}] => (Allow) D:\Steam\steamapps\common\Football Manager 2023\fm.exe => No File FirewallRules: [{A2636220-A07F-4624-8FF0-5E33D8D3EC4C}] => (Allow) D:\Steam\steamapps\common\ALTF4\ALTF4_F.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{5B2397CB-1D95-48AE-96E0-D46B1784FC03}] => (Allow) D:\Steam\steamapps\common\ALTF4\ALTF4_F.exe (Epic Games, Inc.) [File not signed] FirewallRules: [UDP Query User{3E4A7742-0CFB-4E06-B0C6-91AE44914999}C:\riot games\league of legends\leagueclientuxrender.exe] => (Allow) C:\riot games\league of legends\leagueclientuxrender.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{982868CF-586A-4C3A-A7B5-029F83744788}C:\riot games\league of legends\leagueclientuxrender.exe] => (Allow) C:\riot games\league of legends\leagueclientuxrender.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{EFF9112A-3881-49E4-BBCA-883BC43C191E}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games) FirewallRules: [{4A72B5A9-3785-47B2-A17B-83CA606ADCBE}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games) FirewallRules: [UDP Query User{12DE5E72-E581-450D-B79F-8205DE168666}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{CF2B86EC-10E6-48AC-B916-65ECB2EEA22C}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{25201798-B01F-4151-8BA9-B58A81830D12}C:\users\benma\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\benma\appdata\local\discord\app-1.0.9005\discord.exe => No File FirewallRules: [TCP Query User{1440C4E1-917F-424E-9470-9C32F5282604}C:\users\benma\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\benma\appdata\local\discord\app-1.0.9005\discord.exe => No File FirewallRules: [{D8CE5178-173C-4462-BCA0-9077155DCA66}] => (Allow) D:\Steam\steamapps\common\Yu-Gi-Oh! Master Duel\masterduel.exe () [File not signed] FirewallRules: [{4DC088FF-3FBD-4C75-861E-14123F984733}] => (Allow) D:\Steam\steamapps\common\Yu-Gi-Oh! Master Duel\masterduel.exe () [File not signed] FirewallRules: [UDP Query User{3748D1C6-4255-44B9-A026-0B160E077ED9}C:\users\benma\appdata\local\faceitapp\app-1.28.3\faceit.exe] => (Allow) C:\users\benma\appdata\local\faceitapp\app-1.28.3\faceit.exe => No File FirewallRules: [TCP Query User{D148E69E-E928-4726-935D-26833FFB5EEE}C:\users\benma\appdata\local\faceitapp\app-1.28.3\faceit.exe] => (Allow) C:\users\benma\appdata\local\faceitapp\app-1.28.3\faceit.exe => No File FirewallRules: [UDP Query User{05B23CAA-EAD8-4E14-A0B0-F3CD443BCC70}D:\call of duty vanguard\vanguard.exe] => (Allow) D:\call of duty vanguard\vanguard.exe => No File FirewallRules: [TCP Query User{CC5A31FB-A9B8-48C1-BD07-E310F250D78F}D:\call of duty vanguard\vanguard.exe] => (Allow) D:\call of duty vanguard\vanguard.exe => No File FirewallRules: [UDP Query User{47AE0360-AA26-47F7-B2D6-36761FD28326}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [TCP Query User{85830B4C-5ADF-44D3-BB3F-7F6F359065B3}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [UDP Query User{A0CA55A7-7417-4AC6-AD2F-BA7694EB8666}D:\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) D:\call of duty black ops cold war\blackopscoldwar.exe => No File FirewallRules: [TCP Query User{E9291AE4-5707-4863-AC31-8DE337D7DD44}D:\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) D:\call of duty black ops cold war\blackopscoldwar.exe => No File FirewallRules: [UDP Query User{76567711-C7F7-44E8-BCDC-E4F2767EA500}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{0AEEB2AD-FAAA-439B-AC37-911AC8AECD8C}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{81E77072-0D7A-405F-ABDA-F53AA2B0830C}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [TCP Query User{AD1D9948-09EB-4EC5-A677-D815A003325C}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [{A51B1CCB-5353-4712-9F89-3ED18A05C674}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [{38D9CB44-CF4D-4E14-9CEA-1AF69B2BAAE1}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [UDP Query User{1B1B5262-DFE4-4B15-AE28-F406F80524F1}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File FirewallRules: [TCP Query User{C2CCBF07-708B-4AA6-B64A-F488A12B3C49}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File FirewallRules: [{F6DEF003-2135-47D6-8D04-84FB76D800E4}] => (Allow) LPort=26789 FirewallRules: [{5EB3CA8F-4190-44DB-BEF6-5C7A5717D8EC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{08DF6985-7129-4CFD-8197-DE37CA3C142A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{87E98FBA-F9D3-44F8-BD40-3E61AF9CA3BC}C:\users\benma\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\benma\appdata\roaming\utorrent web\utweb.exe => No File FirewallRules: [TCP Query User{04F439C4-548F-464E-93BC-C5EA93E6CFC3}C:\users\benma\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\benma\appdata\roaming\utorrent web\utweb.exe => No File FirewallRules: [{ACC1281E-20FB-472B-8D88-25E2F775D124}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3ECE5349-2268-4D9F-A4D7-CCEDE18561A7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{8FD4D108-047C-4043-B3DF-328B405A424F}C:\users\benma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\benma\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [TCP Query User{93D0272D-646A-4E80-8F0A-4D4C6F0D91C8}C:\users\benma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\benma\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [{980058B6-3DA5-41DD-BFC1-91D96947FDF1}] => (Allow) C:\Users\benma\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{42E9D32B-B4C6-4C69-A67D-2C8C37A49FFF}] => (Allow) C:\Users\benma\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{2B9F42FE-FD37-4964-A0A6-F6C68428A9E6}] => (Allow) C:\Users\benma\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{259ED1F5-BE32-4683-9288-D43730AFEB1D}C:\program files\windowsapps\appleinc.itunes_12105.12.48001.0_x64__nzyj5cx40ttqa\itunes.exe] => (Allow) C:\program files\windowsapps\appleinc.itunes_12105.12.48001.0_x64__nzyj5cx40ttqa\itunes.exe => No File FirewallRules: [UDP Query User{2AB3E71C-B731-496F-9EEE-30E9CC8AD251}C:\program files\windowsapps\appleinc.itunes_12105.12.48001.0_x64__nzyj5cx40ttqa\itunes.exe] => (Allow) C:\program files\windowsapps\appleinc.itunes_12105.12.48001.0_x64__nzyj5cx40ttqa\itunes.exe => No File FirewallRules: [TCP Query User{CCA99D80-342A-4BD4-A69F-47507807896B}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [UDP Query User{B5652A18-01CC-45B2-9F59-C20270CBFF81}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [{6CEB277F-5ACF-461D-9998-036CEC628D63}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{E57FD1D9-6284-4229-9621-537342F151A2}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{65F6B631-EFAF-4432-8EA6-9717138BF449}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{EB9EFA28-4627-45E5-8FE8-9DF9300F91E0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [TCP Query User{7606A576-B22B-4C8A-A14A-543FBD703AF6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{6F5BE9FD-4F8C-4453-B52B-A6EECEF50819}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{68BC9B02-29B1-4A3B-87A2-32C0FBC09CC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [{90DFF797-D4D0-4371-B2F7-CAB787B1C4AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [{EDB15C6F-2230-4DFB-965E-B60108C8275C}] => (Allow) C:\Users\benma\AppData\Local\Temp\DriverPack-20200424210247\tools\aria2c.exe => No File FirewallRules: [{931FBB33-0C3D-4DFA-BD8D-992193753B8E}] => (Allow) C:\Users\benma\AppData\Roaming\DRPSu\Alice\cloud.exe => No File FirewallRules: [{434B619F-313A-4D0C-AF84-EBB029937AE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe () [File not signed] FirewallRules: [{5C8E71CD-3182-4AD6-8DD4-6C82C60CC2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe () [File not signed] FirewallRules: [TCP Query User{728EEBAD-3DA5-475A-AC93-6D3F0C97F1B6}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{F1D11AF7-1D41-4503-BF8F-510DDAB2A97C}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [{31FA6BB9-8F6D-4F5E-B93D-061D72BCA39A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File FirewallRules: [{90CC4871-5BC0-4E88-86E3-32162E80A309}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File FirewallRules: [{1FAB71F6-2738-4480-BF27-DF7F95F5B056}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25227.501.3887.7600_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5B8E4350-8E49-4DA5-91F5-F5820DF474BE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25227.501.3887.7600_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{291CE35D-7333-44EC-B7EC-5B274A692C9C}D:\diablo iv\diablo iv.exe] => (Allow) D:\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{CFCC308E-360B-4726-A291-14DA48E23298}D:\diablo iv\diablo iv.exe] => (Allow) D:\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{73C4A5E9-A2BB-46F8-8294-13E63F0B4F42}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{56C3FE16-7798-45A1-BFFD-2E26DD1EA857}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{DD4EBF78-05E7-45F7-B77B-55AF17678714}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{821E8972-5A1F-497D-903A-68ABEADD32FB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{3F3C5ACD-53D2-4686-BF47-E0EF23E271BC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{B5B69471-B79D-450A-978B-7B9162B943F5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{8A03279F-39FE-4B65-BC8B-29F4DBA95588}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{54B736FE-E241-4CD0-A151-76D49248BA45}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{549C37AD-95D3-4E9D-9D16-A55CA859204A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{5497E8A7-10B4-49F5-9107-4A33EEB9E38F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{DFD0C165-E2CC-469E-BE12-16AB8BAD9535}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{EAC8F201-EAFB-4F24-B651-42A7BC191CDE}] => (Allow) C:\Program Files\Fortect\MainService.exe => No File FirewallRules: [{69162C1C-8722-4D2D-BB64-3575CB34F087}] => (Allow) C:\Program Files\Fortect\MainService.exe => No File FirewallRules: [TCP Query User{406B6A07-E8C5-44A0-A470-4071D6A60622}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File FirewallRules: [UDP Query User{85E390DE-CF72-4E78-BEF9-C90BDDDB16AB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File FirewallRules: [{606757DD-CD29-46A1-8613-F3D360F00877}] => (Allow) LPort=32682 FirewallRules: [{91D886B6-A645-4365-9397-C48484D369E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/28/2025 12:25:42 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 15116. Meldungs-ID: [0x2509]. Error: (12/28/2025 12:03:14 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 16240. Meldungs-ID: [0x2509]. Error: (12/28/2025 12:01:50 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT) Description: Das Programm chrome.exe Version 143.0.7499.170 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“. Error: (12/28/2025 12:01:33 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT) Description: Das Programm chrome.exe Version 143.0.7499.170 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“. Error: (12/28/2025 11:59:08 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-IQ9N0PS$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 28 Dec 2025 10:59:12 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: e8d6b8a5-2a80-423f-9453-a67f1e5279d5 Methode: GET(187ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (12/28/2025 11:59:08 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 28 Dec 2025 10:59:12 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: cd958927-14aa-4154-ab50-af9b4d69a892 Methode: GET(203ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (12/28/2025 03:29:39 AM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3324. Meldungs-ID: [0x2509]. Error: (12/28/2025 03:26:49 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-IQ9N0PS$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 28 Dec 2025 02:26:53 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 9604a795-23ba-4023-ab8d-78c3ed99d645 Methode: GET(172ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) System errors: ============= Error: (12/28/2025 12:18:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IQ9N0PS) Description: Der Server "{85527100-19D0-45AF-9F09-DAB4E711C35E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/28/2025 12:14:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IQ9N0PS) Description: Der Server "{F73FD223-6B08-4C7F-BF36-27ABAA8E70CC}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/28/2025 12:13:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IQ9N0PS) Description: Der Server "{85527100-19D0-45AF-9F09-DAB4E711C35E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/28/2025 12:13:22 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IQ9N0PS) Description: Der Server "{85527100-19D0-45AF-9F09-DAB4E711C35E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/28/2025 12:00:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (12/28/2025 12:00:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht. Error: (12/28/2025 03:39:59 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IQ9N0PS) Description: Der Server "{6FA05A24-B1DF-4155-909E-7B424F2D2BB5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/28/2025 03:28:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Windows Defender: ================ Date: 2025-12-27 15:47:28 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Suschil!rfn&threatid=2147927547&enterprise=0 Name: Trojan:Win32/Suschil!rfn Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\benma\OneDrive\Dokumente\WhyNotWin11-27.zip Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-IQ9N0PS\benma Prozessname: C:\WINDOWS\explorer.exe Sicherheitsversion: AV: 1.443.360.0, AS: 1.443.360.0, NIS: 1.443.360.0 Modulversion: AM: 1.1.25110.1, NIS: 1.1.25110.1 Date: 2025-12-27 15:47:16 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Suschil!rfn&threatid=2147927547&enterprise=0 Name: Trojan:Win32/Suschil!rfn Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\benma\OneDrive\Dokumente\WhyNotWin11-27.zip Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-IQ9N0PS\benma Prozessname: C:\WINDOWS\explorer.exe Sicherheitsversion: AV: 1.443.360.0, AS: 1.443.360.0, NIS: 1.443.360.0 Modulversion: AM: 1.1.25110.1, NIS: 1.1.25110.1 Date: 2025-12-27 15:47:11 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Suschil!rfn&threatid=2147927547&enterprise=0 Name: Trojan:Win32/Suschil!rfn Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\benma\OneDrive\Dokumente\WhyNotWin11-27.zip Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-IQ9N0PS\benma Prozessname: C:\WINDOWS\explorer.exe Sicherheitsversion: AV: 1.443.360.0, AS: 1.443.360.0, NIS: 1.443.360.0 Modulversion: AM: 1.1.25110.1, NIS: 1.1.25110.1 Date: 2025-12-22 00:43:16 Description: Microsoft Defender Antivirus šςåπ нăş взéй šţôφρēδ ьëƒθŗé ςőмрŀęтîöп.%ñ %τЅĉàʼn ĪĎ:%ъ{1DC59E54-E845-40C9-8DC2-EDBFCE819B36}%ń %ţЅ¢ąη Τўρê:%вAntimalware%п %ţŠćāŋ Рαѓāmзτёŗŝ:%ъVollständige Überprüfung%ʼn %тŰšёŕ:%ьDESKTOP-IQ9N0PS\benma%ñ %ťŞтôφ Ґεªšòŋ:%ъĄъогťëδ ьÿ τнè ċļïέʼnŧ Event[0] Date: 2025-12-21 23:08:08 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: %Vorherige Version der Sicherheitsinformationen: 1.443.257.0 Update Source: Microsoft Update-Server Sicherheitstyp: AntiVirus Updatetyp: Voll Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %Vorherige Modulversion: 1.1.25110.1 Fehlercode: 0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". CodeIntegrity: =============== Date: 2025-12-27 20:42:50 Description: Code Integrity was unable to verify a page for a module verified using hypervisor enforcement. Status 0xC0000428. Date: 2025-12-26 14:44:00 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI\aimgr.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.291.0.2\OWClient.dll that did not meet the Microsoft signing level requirements. Date: 2025-12-26 14:44:00 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI\aimgr.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.291.0.2\ow-graphics-vulkan.dll that did not meet the Microsoft signing level requirements. Date: 2025-12-26 14:43:59 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI\aimgr.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements. Date: 2025-12-22 15:17:48 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume4\Program Files (x86)\MSI Afterburner\RTCore64.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}). Date: 2025-12-22 15:17:48 Description: The driver \Device\HarddiskVolume4\Program Files (x86)\MSI Afterburner\RTCore64.sys is blocked from loading as the driver has been revoked by Microsoft. Date: 2025-12-21 22:47:49 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\drivers\ene.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}). Date: 2025-12-21 22:47:49 Description: The driver \Device\HarddiskVolume4\WINDOWS\System32\drivers\ene.sys is blocked from loading as the driver has been revoked by Microsoft. ==================== Memory info =========================== BIOS: American Megatrends International, LLC. 3.L0 09/03/2025 Motherboard: Micro-Star International Co., Ltd B450 TOMAHAWK MAX (MS-7C02) Processor: AMD Ryzen 7 5700X 8-Core Processor Percentage of memory in use: 47% Total physical RAM: 16309.54 MB Available physical RAM: 8519.71 MB Total Virtual: 37813.54 MB Available Virtual: 29108.58 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.25 GB) (Free:224.87 GB) (Model: Samsung SSD 970 EVO Plus 500GB) NTFS Drive d: (Volume) (Fixed) (Total:931.5 GB) (Free:631.47 GB) (Model: WDC WD10EZEX-60WN4A1) NTFS \\?\Volume{d6fdf034-2a7c-484c-8779-ad570c175760}\ () (Fixed) (Total:0.88 GB) (Free:0.26 GB) NTFS \\?\Volume{ac1112a0-9cad-4239-9782-66ca497dc699}\ () (Fixed) (Total:0.61 GB) (Free:0.58 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 033D967A) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 033E567C) Partition: GPT. ==================== End of Addition.txt =======================