|
Diskussionsforum: Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.CWindows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben. |
09.08.2023, 11:19 | #1 |
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Hallo, der Windows Defender auf meinem Rechner mit Windows 10 hat Alarm geschlagen: Der Trojaner "Trojan:Win32/Occamy.C" sei entdeckt worden und in Quarantäne gesteckt worden. Passiert ist das ganze gestern und zwar als der Rechner dabei war eine Zip-Datei zu entpacken. Ich habe dem Rechner erst einmal gleich vom Internet getrennt und den Defender komplett durchlaufen lassen, er hat bis auf diese Meldung nichts gefunden, wobei ich den Defender angewiesen habe, den Trojaner zu entfernen. Die Datei, bei deren Entpacken der Alarm ausgelöst wurde, ist die frühere Version einer Textdatenbank . Ich wollte diese Testen, da die aktuelle Version auf meinem Rechner einige Probleme bereitet hat (in der Darstellung und Funktionalität, nichts sicherheitsrelevantes). Nun möchte ich aber noch einmal sicher gehen und habe FRST heruntergeladen und laufen lassen. Bei dem Rechner handelt es sich um meinen privaten Rechner. Hier die beiden log-files: A) FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023 Ran by ***** (administrator) on DESKTOP-UIULLTJ (Acer Spin SP314-54N) (09-08-2023 11:48:32) Running from C:\Users\*****\Downloads\FRST64.exe Loaded Profiles: ***** Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: German (Germany) -> English (United Kingdom) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6> (C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe (C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe (C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <2> (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\SyncTrayzor\SyncTrayzor.exe ->) (Stiftelsen Syncthing -> The Syncthing Authors) C:\Users\*****\AppData\Roaming\SyncTrayzor\syncthing.exe <2> (DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIServiceN.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxEMN.exe (DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\dptf_helper.exe (explorer.exe ->) () [File not signed] C:\Program Files\SyncTrayzor\SyncTrayzor.exe (explorer.exe ->) () [File not signed] D:\shamela4\app\win\64\bin\shamela.exe (explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe (explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <5> (Grammarly, Inc. -> Grammarly) C:\Users\*****\AppData\Local\Grammarly\DesktopIntegrations\Application\1.0.38.801\Grammarly.Desktop.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13> (Mozilla Corporation) [File not signed] C:\Program Files\IceCat\icecat.exe <8> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\PowerFolder.com\PowerFolder\jre\bin\javaw.exe <2> (services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe (services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (services.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe (services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIServiceN.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d18534d52d73f63\OneApp.IGCC.WinService.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d56593f46e53a9ee\IntelCpHDCPSvc.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_238aadee4b6d04be\RtkAudUService64.exe <2> (services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe (services.exe ->) (TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe (services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2> (services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2330.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe (svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\IGCC.exe (svchost.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxextN.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (svchost.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (svchost.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\*****\AppData\Local\Programs\signal-desktop\Signal.exe <4> (svchost.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_238aadee4b6d04be\RtkAudUService64.exe [1262512 2021-06-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-07-07] (Adobe Inc. -> Adobe Inc.) HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5844432 2023-07-03] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\Run: [SyncTrayzor] => C:\Program Files\SyncTrayzor\SyncTrayzor.exe [2319360 2021-08-07] () [File not signed] HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [629248 2020-01-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1782272 2020-04-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\EPSON XP-610 Series 64MonitorBE: C:\Windows\system32\E_ILMBLQE.DLL [179712 2013-10-22] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files\Chromium\Application\115.0.5790.171\Installer\chrmstp.exe [2023-08-07] (The Chromium Authors) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\elastic.lnk [2023-08-06] ShortcutTarget: elastic.lnk -> D:\new-maktaba-shamila\shamela4\elastic\bin\nircmd.exe (NirSoft) [File not signed] Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerFolder.lnk [2023-07-24] ShortcutTarget: PowerFolder.lnk -> C:\Program Files\PowerFolder.com\PowerFolder\PowerFolder.exe (dal33t GmbH -> PowerFolder.com) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {8D3F5B09-B63E-4D62-B2D1-270F09FBF9BE} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> ) Task: {27E2BB60-5EB4-442C-9F1F-8D8C317C2796} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> ) Task: {A013CD0C-E529-4A37-92FA-B98A9F7DB7DF} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> ) Task: {5F73778D-A1C6-403D-A62D-BFA9815AE7A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.) Task: {7D486FEB-6994-46FE-B8FD-A492E56CF676} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {0D7FE08C-7210-46CC-8B4F-E2BD0F84478C} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {643721E1-132C-4D10-8B1D-EE7F659C8654} - System32\Tasks\CareCenter\Adobe Creative Cloud_Reg_HKLMWow6432Run => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-07-07] (Adobe Inc. -> Adobe Inc.) Task: {22D8F67D-A132-46BB-88AE-662D51F74A69} - System32\Tasks\CareCenter\AdobeAAMUpdater-1.0_Reg_HKLMRun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {0FC6FDF4-22C1-4659-8325-690942836529} - System32\Tasks\CareCenter\AdobeGCInvoker-1.0_Reg_HKLMRun => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {A7EA24A8-F213-4B02-A8FC-1CAEC40AAD8C} - System32\Tasks\CareCenter\Cisco AnyConnect Secure Mobility Agent for Windows_Reg_HKLMWow6432Run => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1674464 2021-03-31] (Cisco Systems, Inc. -> Cisco Systems, Inc.) Task: {E8A6D050-EC94-4722-A8AA-040652EE9575} - System32\Tasks\CareCenter\CiscoMeetingDaemon_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\WebEx\ciscowebexstart.exe [4937544 2021-11-05] (Cisco WebEx LLC -> Cisco Webex LLC) Task: {32FD9AAF-4951-48B4-9B34-37227E2B9018} - System32\Tasks\CareCenter\com.squirrel.Teams.Teams_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\Microsoft\Teams\Update.exe [2587432 2023-03-13] (Microsoft 3rd Party Application Component -> Microsoft Corporation) -> --processStart "Teams.exe" --process-start-args "--system-initiated" Task: {CB2A8482-53FE-4336-BAF3-5C92168A92EF} - System32\Tasks\CareCenter\EEventManager_Reg_HKLMWow6432Run => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {AB7691EA-67EF-488C-A654-720A5D6BE6C0} - System32\Tasks\CareCenter\EPPCCMON_Reg_HKLMRun => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {BDE9A914-6461-4422-AD0A-F42068580D9F} - System32\Tasks\CareCenter\Everything_Reg_HKLMRun => C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools) Task: {372A97A6-167D-499C-8B4F-51E2C5C07576} - System32\Tasks\CareCenter\Grammarly_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [777304 2023-07-18] (Grammarly, Inc. -> Grammarly) Task: {7EB9A851-FB21-4CFA-8788-54F4BFCD2E66} - System32\Tasks\CareCenter\org.whispersystems.signal-desktop_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\Programs\signal-desktop\Signal.exe [163621088 2023-07-31] (Signal Messenger, LLC -> Signal Messenger, LLC) Task: {79C7EA18-08D8-41F0-A5A4-07CDACD0F936} - System32\Tasks\CareCenter\PowerFolder.lnk_FolderAppdata_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Program Files\PowerFolder.com\PowerFolder\PowerFolder.exe [59312 2023-06-07] (dal33t GmbH -> PowerFolder.com) Task: {77C0D800-5085-428A-9FBD-DB0F97F48E73} - System32\Tasks\CareCenter\Steam_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Program Files (x86)\Steam\steam.exe [4374376 2023-07-28] (Valve Corp. -> Valve Corporation) Task: {FCA3F0FB-1ECC-4B53-94BF-65BB01C64221} - System32\Tasks\Chocolatey Updates => Command(1): C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -> Set-ExecutionPolicy Unrestricted –Force <==== ATTENTION Task: {FCA3F0FB-1ECC-4B53-94BF-65BB01C64221} - System32\Tasks\Chocolatey Updates => Command(2): C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -> .\ .\samplescript.ps1 <==== ATTENTION Task: {5B0E75EA-D5CC-49B5-B2A6-DF776FB74F68} - System32\Tasks\EPSON XP-610 Series Invitation {41734558-72E1-452F-AA96-3CAF989BC79A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) Task: {C5E6250B-EDB2-4829-B652-E0CA03CAA383} - System32\Tasks\EPSON XP-610 Series Invitation {44A7F2B6-5662-4B10-93BE-699E6190BA69} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) Task: {B4FD13D1-1742-4D17-BCDC-2E98C74FFE10} - System32\Tasks\EPSON XP-610 Series Update {41734558-72E1-452F-AA96-3CAF989BC79A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) Task: {CC7734B3-078B-4490-AAFD-5E54C416DADC} - System32\Tasks\EPSON XP-610 Series Update {44A7F2B6-5662-4B10-93BE-699E6190BA69} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) Task: {1E3BD76B-1B86-4211-9560-B6B37D821810} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File) Task: {33171103-121F-40FE-9025-8BF0FB7C3828} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {262D83FF-C62F-4D7F-AB59-995317A980E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {7DAE9AA9-5E94-4794-8AD0-15CC79C8FE39} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {A06AD3A1-AAC1-4C21-86BD-2EBB3BDB2374} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {36542DDC-6051-4CFE-815C-E7E8E60BAAAC} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {05D92088-E40B-47ED-A7F0-F4857A747F8C} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4394600 2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {8AF6B551-C942-4469-9844-16963676DEB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {EE8D7BB5-A0D2-4DB8-AA31-B5AD41316779} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D4133C81-7AC3-4C16-AC88-F198AC62944A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DA47F765-A530-4419-AFE8-652E0497674F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2A193B9B-BCC9-4396-8A9C-827BE28A4ADA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-07] (Mozilla Corporation -> Mozilla Foundation) Task: {DAF737BA-4855-4070-B610-E9D128DFE022} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-917627657-1518166570-4135675860-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {5E6AE606-3144-4CF8-B5B0-C8F7062ECF8E} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated) Task: {DE6E6EDB-2660-4502-A906-9DD8242A0F6B} - System32\Tasks\Quick Access Wi-Fi Power Switch => C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe [211616 2022-01-03] (Acer Incorporated -> Acer Incorporated) Task: {8FBEFECA-68F1-42CC-9E2D-4BF50DB2EEA9} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {41734558-72E1-452F-AA96-3CAF989BC79A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {44A7F2B6-5662-4B10-93BE-699E6190BA69}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE Task: C:\Windows\Tasks\EPSON XP-610 Series Update {41734558-72E1-452F-AA96-3CAF989BC79A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{41734558-72E1-452F-AA96-3CAF989BC79A} /F:UpdateWORKGROUP\DESKTOP-UIULLTJ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\EPSON XP-610 Series Update {44A7F2B6-5662-4B10-93BE-699E6190BA69}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{44A7F2B6-5662-4B10-93BE-699E6190BA69} /F:UpdateWORKGROUP\DESKTOP-UIULLTJ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{164f5aa9-e20f-4b80-9f5f-30473a1eacd0}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{164f5aa9-e20f-4b80-9f5f-30473a1eacd0}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{5d537c1c-69a6-475d-bc15-cb0c08a63cfb}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{5d537c1c-69a6-475d-bc15-cb0c08a63cfb}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{d8beb2db-3430-47df-8610-41ac191fecba}: [DhcpNameServer] 141.2.98.225 141.2.149.10 Edge: ======= Edge Profile: C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-29] Edge Extension: (Edge relevant text changes) - C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-29] FireFox: ======== FF DefaultProfile: 3m668vgc.default FF DefaultProfile: o810xany.default FF DefaultProfile: g5hiqxym.default FF ProfilePath: C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default [2023-08-06] FF Extension: (Zotero Date From Last Modified) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\date-from-last-modified@iris-advies.com.xpi [2020-12-03] [Legacy] [not signed] FF Extension: (Zotero Memento) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zotero-memento@tran.org.xpi [2020-12-03] [Legacy] [not signed] FF Extension: (Zotero OCR) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zotero-ocr@bib.uni-mannheim.de.xpi [2022-05-25] [Legacy] [not signed] FF Extension: (DOI Manager) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zoteroshortdoi@wiernik.org.xpi [2022-02-17] [Legacy] [not signed] FF Extension: (ZotFile) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zotfile@columbia.edu.xpi [2022-11-01] [Legacy] [not signed] FF Extension: (Zutilo Utility for Zotero) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zutilo@www.wesailatdawn.com.xpi [2021-08-30] [Legacy] [not signed] FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\icecat\Profiles\o810xany.default [2023-08-09] FF Homepage: Mozilla\icecat\Profiles\o810xany.default -> hxxps://www.youtube.com/playlist?list=PLEoMzSkcN8oNxnj7jm5V2ZcGc52002pQU|hxxps://www.youtube.com/watch?v=Xy0YgnXFt1M&list=PLEoMzSkcN8oNxnj7jm5V2ZcGc52002pQU&index=4|hxxps://www.youtube.com/watch?v=oSy-TmoxG_Y&list=PLEoMzSkcN8oNxnj7jm5V2ZcGc52002pQU&index=7|hxxps://systemcrafters.net/videos/|hxxps://systemcrafters.net/craft-your-system-with-guix/full-system-install/|hxxps://wiki.systemcrafters.cc/guix|hxxps://wiki.systemcrafters.cc/guix/general-recommendations|hxxps://guix.gnu.org/manual/en/html_node/System-Installation.html|hxxps://wiki.systemcrafters.cc/guix/faqs|hxxps://guix.gnu.org/en/download/|hxxps://guix.gnu.org/packages/X/page/3/|hxxps://www.x.org/wiki/|hxxps://meinnvda.de/ FF Extension: (URLs List) - C:\Users\*****\AppData\Roaming\Mozilla\icecat\Profiles\o810xany.default\Extensions\{88664789-f91e-40e1-adb9-e4e9a8c48867}.xpi [2023-03-22] FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961 [2023-08-09] FF Homepage: Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961 -> chrome://browser/content/blanktab.html FF Session Restore: Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961 -> is enabled. FF Extension: (English United States Dictionary) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\@unitedstatesenglishdictionary.xpi [2022-01-14] FF Extension: (Dark Reader) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\addon@darkreader.org.xpi [2023-06-27] FF Extension: (HTTPS Everywhere) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\https-everywhere@eff.org.xpi [2021-07-14] FF Extension: (Tomato Clock) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\jid1-Kt2kYYgi32zPuw@jetpack.xpi [2022-01-23] FF Extension: (Privacy Badger) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2023-06-29] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2023-08-07] FF Extension: (Language: English (US)) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2023-08-07] FF Extension: (uBlock Origin) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\uBlock0@raymondhill.net.xpi [2023-07-28] FF Extension: (uMatrix) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\uMatrix@raymondhill.net.xpi [2021-07-20] FF Extension: (Zotero Connector) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\zotero@chnm.gmu.edu.xpi [2023-07-09] [UpdateUrl:hxxps://www.zotero.org/download/connector/firefox/release/updates.json] FF Extension: (Dunkler Modus - Nachtauge) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\{7c6d56ed-2616-48f2-bfde-d1830f1cf2ed}.xpi [2023-05-04] FF Extension: (URLs List) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\{88664789-f91e-40e1-adb9-e4e9a8c48867}.xpi [2020-09-21] FF Extension: (Lightbeam 3.0) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\{b2b71fbe-73c1-4b90-82fb-a1255bab1a55}.xpi [2020-08-28] FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\g5hiqxym.default [2020-11-30] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-10-22] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-07-07] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-07-07] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HKU\S-1-5-21-917627657-1518166570-4135675860-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-07-07] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [4466744 2019-06-07] (CANON INC. -> CANON INC.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-02] (Microsoft Corporation -> Microsoft Corporation) R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43272 2023-07-03] (Intel Corporation -> Intel) R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [212744 2023-07-03] (Intel Corporation -> Intel) R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [210872 2021-03-21] (DTS, Inc. -> DTS Inc.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation) R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-02] (Malwarebytes Inc. -> Malwarebytes) S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-12-01] (Microsoft Windows -> Microsoft Corporation) S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated) R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated) S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [804296 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) S3 ChromiumElevationService; "C:\Program Files\Chromium\Application\115.0.5790.99\elevation_service.exe" [X] S3 Intel(R) SUR QC SAM; "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [X] R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\*****\AppData\Roaming\Zoom" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DM9USB; C:\Windows\System32\drivers\dm9usb.sys [58736 2022-09-08] (WDKTestCert Administrator,132784955112911388 -> DAVICOM Semiconductor, Inc.) R3 iaLPSS2_GPIO2_ICL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_a88140dd513c6aee\iaLPSS2_GPIO2_ICL.sys [131584 2019-12-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R3 iaLPSS2_I2C_ICL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_e0e88582ca2b3459\iaLPSS2_I2C_ICL.sys [198656 2019-12-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_4ef504b29cf2a0df\gna.sys [74336 2019-08-21] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-04-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKslda1ddf04; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E45B4B9C-C59B-4964-8683-A488FAB29E36}\MpKslDrv.sys [221480 2023-08-08] (Microsoft Windows -> Microsoft Corporation) S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1140584 2022-04-19] (Realtek Semiconductor Corp. -> Realtek Corporation) R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [253224 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [264096 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates) R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1062048 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates) S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74048 2021-03-31] (Cisco Systems, Inc. -> Cisco Systems, Inc.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2023-07-25] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-07-25] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-25] (Microsoft Windows -> Microsoft Corporation) S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-09 11:48 - 2023-08-09 11:49 - 000040831 _____ C:\Users\*****\Downloads\FRST.txt 2023-08-09 11:48 - 2023-08-09 11:49 - 000000000 ____D C:\FRST 2023-08-09 11:47 - 2023-08-09 11:47 - 002384896 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe 2023-08-08 11:06 - 2023-08-08 11:06 - 000001225 _____ C:\Users\*****\Downloads\urls-list-2023-08-08-11-06-23.txt 2023-08-07 23:29 - 2023-08-08 11:13 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-08-07 11:41 - 2023-08-07 11:41 - 000001213 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\LINE.lnk 2023-08-05 12:25 - 2023-08-05 12:25 - 027311919 ____R C:\Users\*****\Downloads\[Beihefte zur Zeitschrift fur die Alttestamentliche Wissenschaft_ 103] Matthew Black, Georg Fohrer - In Memoriam Paul Kahle (1968, Verlag Alfred Töpelmann) - libgen.li.pdf 2023-08-05 11:02 - 2023-08-05 11:02 - 002957005 ____R C:\Users\*****\Downloads\v22_03_Hanitsch_051-102.pdf 2023-08-04 14:24 - 2023-08-08 11:29 - 000000816 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\المكتبة الشاملة.lnk 2023-08-04 14:24 - 2023-08-04 14:24 - 000000000 ____D C:\Users\*****\AppData\Roaming\shamela_4 2023-08-04 14:17 - 2023-08-04 14:17 - 000000000 ____D C:\Users\*****\Downloads\****2023-08-04_121558 2023-08-04 14:15 - 2023-08-04 14:16 - 127505091 _____ C:\Users\*****\Downloads\****_2023-08-04_121558.zip 2023-08-04 11:56 - 2023-08-04 11:56 - 000609938 _____ C:\Users\*****\Downloads\Blois-Qurn937CIH-2004.pdf 2023-08-04 01:27 - 2023-08-04 01:27 - 000000561 _____ C:\Users\*****\Downloads\urls-list-2023-08-04-01-27-46.txt 2023-08-03 12:45 - 2023-08-03 12:45 - 000001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2023.lnk 2023-08-03 12:11 - 2023-08-03 12:11 - 006054767 _____ C:\Users\*****\Downloads\Brunner_2014_Remarks.pdf 2023-08-03 11:55 - 2023-08-03 11:55 - 000741517 _____ C:\Users\*****\Downloads\aktuelle_analysen_26.pdf 2023-08-03 11:22 - 2023-08-03 11:22 - 000322300 _____ C:\Users\*****\Downloads\Abstract_Hanitsch_paper_1.pdf 2023-08-02 16:45 - 2023-08-02 16:45 - 000129256 ____R C:\Users\*****\Downloads\the_Formative_Period_of_Islam_and_the_Do.pdf 2023-08-02 12:33 - 2023-08-06 10:14 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2023-08-02 10:23 - 2023-08-02 10:23 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-08-02 10:22 - 2023-08-02 10:22 - 000000752 _____ C:\Users\*****\Downloads\urls-list-2023-08-02-10-22-50.txt 2023-08-01 11:23 - 2023-08-01 11:23 - 000000000 ____D C:\Program Files\Eclipse Adoptium 2023-07-31 19:54 - 2023-07-31 19:54 - 000000000 ____D C:\Users\*****\Downloads\FP5116 2023-07-31 18:21 - 2023-07-31 18:21 - 006790684 _____ C:\Users\*****\Downloads\770508600273360459.pdf 2023-07-31 18:14 - 2023-07-31 18:14 - 000000000 ____D C:\Users\*****\Downloads\waq43317 2023-07-29 19:08 - 2023-07-29 19:08 - 002940331 _____ C:\Users\*****\Downloads\1389d2b2-3af1-4ffc-8072-6d687912bc55.mp4 2023-07-28 22:31 - 2023-07-28 22:31 - 000000645 _____ C:\Users\*****\Downloads\urls-list-2023-07-28-22-31-47.txt 2023-07-28 20:59 - 2023-07-28 20:59 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 2023-07-28 16:01 - 2023-07-28 16:02 - 000282301 ____R C:\Users\*****\Downloads\Overview_traditions_in_collections - pursuit Suraqa.pdf 2023-07-28 13:18 - 2023-07-28 13:18 - 000000000 ____D C:\Users\*****\Downloads\wetransfer_abbildungen_2023-07-27_2309 2023-07-28 12:21 - 2023-07-28 12:21 - 000121841 ____R C:\Users\*****\Downloads\Diagram_asanid_traditions_alBara.pdf 2023-07-27 16:35 - 2023-07-27 16:35 - 000000000 ____D C:\Users\*****\Downloads\waq116113 2023-07-27 12:14 - 2023-07-27 12:14 - 000134921 ____R C:\Users\*****\Downloads\Diagram_asanid_traditions_alZuhri.pdf 2023-07-27 10:11 - 2023-07-27 10:11 - 001562058 _____ C:\Users\*****\Downloads\FSzI_Bd_7_HC_Cover_korr_02.pdf 2023-07-27 10:11 - 2023-07-27 10:11 - 001515675 _____ C:\Users\*****\Downloads\FSzI_Bd_7_HC_Cover_korr.pdf 2023-07-27 10:11 - 2023-07-27 10:11 - 001415399 _____ C:\Users\*****\Downloads\FSzI_Bd_7_HC_Cover_korr_03.pdf 2023-07-26 21:31 - 2023-07-26 21:31 - 000001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2023.lnk 2023-07-26 00:22 - 2023-07-26 00:22 - 000000415 _____ C:\Users\*****\Downloads\urls-list-2023-07-26-00-22-42.txt 2023-07-26 00:21 - 2023-07-26 00:21 - 000471963 _____ C:\Users\*****\Downloads\quiz-results-my-family-2023-07-25.pdf 2023-07-26 00:08 - 2023-07-26 00:08 - 000471849 _____ C:\Users\*****\Downloads\quiz-results-the-home-2023-07-25.pdf 2023-07-25 23:55 - 2023-07-25 23:55 - 000472241 _____ C:\Users\*****\Downloads\quiz-results-jih-mah-and-soh-2023-07-25.pdf 2023-07-25 23:46 - 2023-07-25 23:46 - 000468289 _____ C:\Users\*****\Downloads\quiz-results-alphabet-quiz-2023-07-25.pdf 2023-07-25 23:42 - 2023-07-25 23:42 - 000105786 _____ C:\Users\*****\Downloads\Orthography.pdf 2023-07-25 23:41 - 2023-07-25 23:41 - 000013143 _____ C:\Users\*****\Downloads\klir____.pfb 2023-07-25 23:41 - 2023-07-25 23:41 - 000009189 _____ C:\Users\*****\Downloads\klir____.afm 2023-07-25 23:41 - 2023-07-25 23:41 - 000006212 _____ C:\Users\*****\Downloads\kli_font.txt 2023-07-25 23:41 - 2023-07-25 23:41 - 000002463 _____ C:\Users\*****\Downloads\klir____.pfm 2023-07-25 23:40 - 2023-07-25 23:40 - 000024033 _____ C:\Users\*****\Downloads\klipid__.ttf 2023-07-25 23:40 - 2023-07-25 23:40 - 000019139 _____ C:\Users\*****\Downloads\kliid___.afm 2023-07-25 23:40 - 2023-07-25 23:40 - 000016413 _____ C:\Users\*****\Downloads\klir____.ttf 2023-07-25 23:40 - 2023-07-25 23:40 - 000015400 _____ C:\Users\*****\Downloads\kliid___.pfb 2023-07-25 23:40 - 2023-07-25 23:40 - 000002729 _____ C:\Users\*****\Downloads\kliid___.pfm 2023-07-25 23:28 - 2023-07-25 23:29 - 000472193 _____ C:\Users\*****\Downloads\quiz-results-basic-language-terminology-2023-07-25.pdf 2023-07-25 22:44 - 2023-07-25 22:44 - 000181779 _____ C:\Users\*****\Downloads\Membership Confirmation – Klingon Language Institute.pdf 2023-07-24 22:03 - 2023-07-24 22:03 - 003826581 _____ C:\Users\*****\Downloads\OneDrive-2023-07-24(1).zip 2023-07-24 21:59 - 2023-07-24 21:59 - 001232082 _____ C:\Users\*****\Downloads\OneDrive-2023-07-24.zip 2023-07-24 20:27 - 2023-07-24 20:27 - 000000504 _____ C:\Users\*****\Downloads\urls-list-2023-07-24-20-27-44.txt 2023-07-24 20:26 - 2023-07-24 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerFolder 2023-07-24 14:57 - 2023-07-24 14:57 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk 2023-07-23 12:00 - 2023-07-23 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2023-07-21 23:36 - 2023-07-21 23:36 - 001027394 _____ C:\Users\*****\Downloads\Datenübersicht.pdf 2023-07-17 11:24 - 2023-07-17 11:25 - 000000000 ____D C:\Users\*****\AppData\Local\WhatsApp 2023-07-15 18:46 - 2023-07-15 18:46 - 000002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk 2023-07-14 14:17 - 2023-07-15 11:43 - 000000000 ____D C:\Program Files\scoped_dir3820_1493974707 2023-07-12 12:39 - 2023-07-12 12:39 - 000264096 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxNetLwf.sys 2023-07-12 12:39 - 2023-07-12 12:39 - 000253224 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxNetAdp6.sys 2023-07-12 12:05 - 2023-07-12 12:05 - 000000000 ___HD C:\$WinREAgent 2023-07-11 10:42 - 2023-07-11 10:42 - 000000000 ____D C:\Program Files\scoped_dir2380_1778905529 2023-07-10 20:00 - 2023-07-10 20:00 - 013731999 _____ C:\Users\*****\OneDrive\Documents\2f23df6b-284c-4192-b5ad-6927ff425ad4.mp4 2023-07-10 15:04 - 2023-07-10 15:04 - 000000000 ____D C:\Program Files\scoped_dir10456_1500925394 2023-07-10 13:57 - 2023-07-10 13:57 - 000000000 ____D C:\Program Files\scoped_dir724_23497490 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-09 11:49 - 2023-01-12 12:42 - 000000000 ____D C:\Users\*****\AppData\Roaming\Signal 2023-08-09 11:49 - 2022-02-10 12:57 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-08-09 11:46 - 2020-11-30 16:07 - 000000000 ____D C:\Program Files (x86)\Steam 2023-08-09 11:46 - 2020-11-30 15:52 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Mozilla 2023-08-09 11:46 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-09 11:41 - 2022-01-31 19:30 - 000000000 ____D C:\Users\*****\AppData\Roaming\PowerFolder 2023-08-09 11:39 - 2020-11-30 15:28 - 000000000 ____D C:\Users\***** 2023-08-09 11:38 - 2020-09-27 07:50 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-09 11:12 - 2023-05-18 13:33 - 000000000 ____D C:\Users\*****\AppData\Local\Malwarebytes 2023-08-08 11:22 - 2022-05-03 11:46 - 000001688 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk 2023-08-08 11:22 - 2021-05-28 19:26 - 000000000 ___RD C:\Users\*****\Creative Cloud Files 2023-08-08 11:13 - 2020-11-30 15:44 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-08-08 11:13 - 2020-11-30 15:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-08-08 11:11 - 2023-05-02 10:59 - 000000000 ____D C:\Users\*****\AppData\Roaming\SyncTrayzor 2023-08-08 11:11 - 2020-11-30 17:47 - 000000000 __SHD C:\Users\*****\IntelGraphicsProfiles 2023-08-08 11:06 - 2020-12-01 13:32 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Word 2023-08-08 11:06 - 2020-11-30 17:46 - 000000000 ____D C:\Users\*****\AppData\Local\Everything 2023-08-08 11:06 - 2020-11-30 16:25 - 000000000 ____D C:\Users\*****\AppData\Roaming\Everything 2023-08-08 10:25 - 2019-12-07 16:52 - 000000000 ____D C:\Windows\system32\FxsTmp 2023-08-08 03:36 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Registration 2023-08-07 11:42 - 2022-09-09 17:30 - 000000000 ____D C:\Users\*****\AppData\Roaming\Telegram Desktop 2023-08-07 11:42 - 2022-09-09 17:30 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2023-08-07 11:42 - 2021-07-16 21:07 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE 2023-08-07 11:42 - 2020-12-01 14:30 - 000000000 ____D C:\Users\*****\AppData\Local\CrashDumps 2023-08-07 11:41 - 2023-05-12 16:59 - 000002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2023-08-07 11:41 - 2023-05-12 16:59 - 000000000 ____D C:\Program Files\Chromium 2023-08-07 11:39 - 2020-11-30 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2023-08-07 11:39 - 2020-11-30 16:17 - 000000000 ____D C:\Program Files\Calibre2 2023-08-07 11:17 - 2021-01-15 12:27 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Skype for Desktop 2023-08-07 11:16 - 2020-11-30 15:28 - 000000000 ___SD C:\Users\*****\AppData\Roaming\Microsoft\Credentials 2023-08-06 21:45 - 2020-12-08 14:42 - 000000000 ____D C:\Users\*****\AppData\Roaming\.emacs.d 2023-08-06 19:03 - 2023-01-10 18:24 - 000479500 _____ C:\Windows\system32\perfh011.dat 2023-08-06 19:03 - 2023-01-10 18:24 - 000133362 _____ C:\Windows\system32\perfc011.dat 2023-08-06 19:03 - 2021-12-19 01:56 - 000000000 ____D C:\Windows\SystemTemp 2023-08-06 19:03 - 2020-12-01 14:27 - 000550068 _____ C:\Windows\system32\perfh008.dat 2023-08-06 19:03 - 2020-12-01 14:27 - 000091078 _____ C:\Windows\system32\perfc008.dat 2023-08-06 19:03 - 2020-11-30 15:31 - 002984860 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-06 19:03 - 2019-12-07 16:50 - 000739866 _____ C:\Windows\system32\perfh007.dat 2023-08-06 19:03 - 2019-12-07 16:50 - 000152130 _____ C:\Windows\system32\perfc007.dat 2023-08-06 19:03 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF 2023-08-06 18:57 - 2020-09-27 09:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-06 18:57 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-06 18:57 - 2020-04-30 09:36 - 000000000 ___HD C:\Intel 2023-08-06 18:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState 2023-08-06 18:56 - 2019-12-07 11:03 - 001048576 _____ C:\Windows\system32\config\BBI 2023-08-06 18:34 - 2023-05-09 14:03 - 000000000 ____D C:\Users\*****\Transfer 2023-08-06 18:15 - 2020-09-27 07:50 - 000556352 _____ C:\Windows\system32\FNTCACHE.DAT 2023-08-06 13:40 - 2020-12-01 16:42 - 000000000 ____D C:\Users\*****\AppData\Local\D3DSCache 2023-08-06 13:38 - 2022-08-04 10:58 - 000000000 ____D C:\Users\*****\AppData\Roaming\com.adobe.dunamis 2023-08-06 13:38 - 2020-11-30 15:34 - 000000000 ____D C:\Users\*****\OneDrive\Documents\Adobe 2023-08-05 01:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-05 01:17 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-04 14:24 - 2020-12-02 17:33 - 000000000 ____D C:\Users\*****\AppData\Roaming\vlc 2023-08-03 23:34 - 2020-12-03 18:00 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Adobe 2023-08-03 12:45 - 2020-12-01 16:42 - 000000000 ____D C:\Program Files\Common Files\Adobe 2023-08-03 12:45 - 2020-12-01 16:42 - 000000000 ____D C:\Program Files\Adobe 2023-08-02 15:57 - 2020-11-30 16:08 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-08-02 12:32 - 2020-12-01 13:17 - 000000000 ____D C:\Program Files\Microsoft Office 2023-08-02 12:18 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp 2023-08-02 10:25 - 2020-11-30 16:25 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-08-02 10:24 - 2020-11-30 16:24 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-08-02 10:24 - 2020-11-30 16:24 - 000000000 ____D C:\Program Files\Malwarebytes 2023-08-02 10:23 - 2023-06-07 22:34 - 000000000 ____D C:\ProgramData\ChocolateyHttpCache 2023-08-02 10:23 - 2020-11-30 15:40 - 000000000 ____D C:\ProgramData\chocolatey 2023-08-01 11:22 - 2021-08-24 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2023-07-30 13:19 - 2021-04-07 14:01 - 000000000 ____D C:\Users\*****\AppData\Local\T2GP Launcher 2023-07-30 00:08 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports 2023-07-29 21:15 - 2022-08-21 22:12 - 000001607 _____ C:\Windows\system32\config\VSMIDK 2023-07-29 11:27 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-07-29 11:26 - 2022-08-21 22:37 - 000000445 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2023-07-28 22:32 - 2020-12-01 13:32 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Office 2023-07-28 20:59 - 2020-12-01 16:46 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0 2023-07-27 17:32 - 2020-11-30 17:40 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2023-07-27 09:42 - 2023-05-02 11:00 - 000000000 ____D C:\Users\*****\AppData\Local\Syncthing 2023-07-26 23:09 - 2020-12-18 11:00 - 000000000 ____D C:\Windows\Minidump 2023-07-25 09:59 - 2020-11-30 15:31 - 000000000 ____D C:\Users\*****\AppData\Local\Packages 2023-07-25 09:45 - 2021-04-14 23:13 - 000000000 ____D C:\Program Files\Zoom 2023-07-25 09:43 - 2020-12-01 13:22 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pandoc 2023-07-25 09:43 - 2020-12-01 13:22 - 000000000 ____D C:\Users\*****\AppData\Local\Pandoc 2023-07-25 08:08 - 2020-09-27 09:51 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-07-24 15:21 - 2020-12-03 13:11 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Excel 2023-07-24 14:57 - 2020-11-30 15:31 - 000000000 ____D C:\Users\*****\AppData\Roaming\Adobe 2023-07-23 11:57 - 2022-02-06 23:20 - 000001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenRefine.lnk 2023-07-21 17:45 - 2020-11-30 15:34 - 000000000 ___SD C:\Users\*****\OneDrive\Documents\Privat 2023-07-21 17:36 - 2021-03-17 16:40 - 000000000 ____D C:\Users\*****\Downloads\URLs 2023-07-21 14:13 - 2020-11-30 15:34 - 000000000 ___SD C:\Users\*****\OneDrive\Documents\Current_Projects 2023-07-18 11:55 - 2021-10-14 15:49 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2023-07-17 11:25 - 2021-10-14 15:49 - 000000000 ____D C:\Users\*****\AppData\Roaming\WhatsApp 2023-07-17 11:25 - 2020-12-01 11:42 - 000000000 ____D C:\Users\*****\AppData\Local\SquirrelTemp 2023-07-15 18:46 - 2022-10-29 23:19 - 000000000 ____D C:\Program Files (x86)\Gpg4win 2023-07-15 18:46 - 2022-10-29 23:19 - 000000000 ____D C:\Program Files (x86)\GnuPG 2023-07-13 03:41 - 2022-08-19 22:23 - 000000000 ____D C:\Windows\system32\lxss 2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources 2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup 2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe 2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr 2023-07-12 14:23 - 2020-09-27 09:53 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-07-12 12:39 - 2023-04-20 09:39 - 000202784 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2023-07-12 12:39 - 2023-04-20 09:38 - 001062048 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxSup.sys 2023-07-12 12:04 - 2021-12-08 16:20 - 000000000 ____D C:\Program Files\dotnet 2023-07-12 12:04 - 2020-11-30 15:46 - 000000000 ____D C:\ProgramData\Package Cache 2023-07-12 12:03 - 2021-12-08 16:20 - 000000000 ____D C:\Program Files (x86)\dotnet 2023-07-12 12:00 - 2020-12-16 12:33 - 000000000 ____D C:\Windows\system32\MRT 2023-07-12 11:55 - 2020-12-16 12:33 - 173351160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-07-12 11:43 - 2022-10-14 12:04 - 000002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk 2023-07-12 11:43 - 2022-10-14 12:04 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2023-07-11 20:07 - 2020-09-27 09:52 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-07-11 20:07 - 2020-09-27 09:52 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore ==================== Files in the root of some directories ======== 2020-12-01 23:42 - 2020-12-01 23:42 - 000000000 _____ () C:\Users\*****\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== |
09.08.2023, 11:19 | #2 |
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Hier Teil 2:
__________________B) additions.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023 Ran by ***** (09-08-2023 11:51:05) Running from C:\Users\*****\Downloads Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2020-11-30 13:25:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-917627657-1518166570-4135675860-500 - Administrator - Disabled) ***** (S-1-5-21-917627657-1518166570-4135675860-1001 - Administrator - Enabled) => C:\Users\***** DefaultAccount (S-1-5-21-917627657-1518166570-4135675860-503 - Limited - Disabled) Gast (S-1-5-21-917627657-1518166570-4135675860-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-917627657-1518166570-4135675860-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov) Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.003.20244 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.11.0.522.1 - Adobe Inc.) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.49 - Adobe Inc.) Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_7) (Version: 27.7 - Adobe Inc.) Adobe InDesign 2023 (HKLM-x32\...\IDSN_18_5) (Version: 18.5 - Adobe Inc.) Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_7) (Version: 24.7.0.643 - Adobe Inc.) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Anki (HKLM-x32\...\Anki) (Version: 2.1.54 - ) Arabisch (Special) (HKLM\...\{263C9F95-ED75-4012-A108-ADBCC0AF9450}) (Version: 1.0.3.40 - al-Ghaliun Production) balenaEtcher 1.18.11 (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.18.11 - Balena Ltd.) calibre 64bit (HKLM\...\{C034EE35-6695-4523-BEBE-12ED15960189}) (Version: 6.24.0 - Kovid Goyal) Canon Generic Plus PCL6 Printer Driver Uninstaller (HKLM\...\Canon Generic Plus PCL6) (Version: 7, 3, 0, 0 - Canon Inc.) Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated) Chromium (HKLM-x32\...\Chromium) (Version: 115.0.5790.171 - The Chromium Authors) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.00093 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{6B15DEBB-2AB9-42DD-8ECF-82EF8F21CC69}) (Version: 4.10.00093 - Cisco Systems, Inc.) Hidden Cisco Webex Meetings (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC) Colour Contrast Analyser (CCA) (HKLM\...\{B0B9ED31-E653-4B5A-A410-203684792BCC}) (Version: 3.1.1.0 - Cédric Trévisan) DB Browser for SQLite (HKLM\...\{5211034D-495B-4A5E-9B8D-8961BBB2B9E2}) (Version: 3.12.2 - DB Browser for SQLite Team) Deutsch (Orientalistik) (HKLM\...\{ACDBE22B-ABED-4D0B-A5C6-FC741E4DBAB9}) (Version: 1.0.3.40 - Institut für Iranistik) DjVuLibre DjView 3.5.28+4.12 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.28+4.12 - DjVuZone) Documentation Manager (HKLM\...\{17C797EF-1D27-41CF-8A52-024F33A8A8FE}) (Version: 22.80.1.1 - Intel Corporation) Hidden Documentation Manager (HKLM\...\{619AF8CA-69CA-4463-88F7-86E2E387FB66}) (Version: 22.230.0.8 - Intel Corporation) Hidden Eclipse Temurin JRE mit Hotspot 8u382-b05 (x64) (HKLM\...\{5DA5EFCA-79E7-41A3-AD52-9383EF948EBB}) (Version: 8.0.382.5 - Eclipse Adoptium) EditPad Pro 7 v.7.6.7 (HKLM\...\EditPad Pro 7) (Version: v.7.6.7 - Just Great Software) Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation) EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation) EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools) FlightGear v2020.3.6 (HKLM\...\FlightGear_is1) (Version: - The FlightGear Team) Gephi 0.10.1 (HKLM\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: 0.10.1 - Gephi) Git (HKLM\...\Git_is1) (Version: 2.41.0 - The Git Development Community) GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.4.3 - The GnuPG Project) Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google) Gpg4win (4.2.0) (HKLM-x32\...\Gpg4win) (Version: 4.2.0 - The Gpg4win Project) Grammarly for Windows (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\Grammarly Desktop Integrations) (Version: 1.0.38.801 - Grammarly) Graphviz (HKLM-x32\...\Graphviz) (Version: 8.1.0 - Graphviz) HandBrake 1.6.1 (HKLM-x32\...\HandBrake) (Version: 1.6.1 - ) IceCat (x64 en-US) (HKLM\...\IceCat 91.9.1 (x64 en-US)) (Version: 91.9.1 - Mozilla) Intel Driver && Support Assistant (HKLM-x32\...\{0F7F6F7B-684E-435A-9FCE-C8A1F71EDA14}) (Version: 23.3.25.6 - Intel) Hidden Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden Intel(R) Graphics Driver Software (HKLM-x32\...\{56b89a97-2659-4931-bffa-4b136a521eb1}) (Version: 3.11.1.0 - Intel) Hidden Intel(R) Graphics Driver Software (HKLM-x32\...\{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden Intel(R) Graphics Driver Software (HKLM-x32\...\{899f8bb6-99cd-4f33-a004-c70d9ec22260}) (Version: 3.11.1.0 - Intel) Hidden Intel(R) Graphics Driver Software (HKLM-x32\...\{d0e4f33b-f383-4c75-8d81-ec92db2939eb}) (Version: 3.11.1.0 - Intel) Hidden Intel(R) Graphics Driver Software (HKLM-x32\...\{ed8a48d8-7f70-4dcd-b524-163792643281}) (Version: 3.11.1.0 - Intel) Hidden Intel(R) SUR QC Software Asset Manager (HKLM\...\{B3804557-9824-4918-AA88-0DFAC94CD3B5}) (Version: 3.5.5033 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000230-0220-1031-84C8-B8D95FA3C8C3}) (Version: 22.230.0.2 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{0ddcdf18-17cd-44ad-af4e-ba6821421c30}) (Version: 23.3.25.6 - Intel) Intel® Software Installer (HKLM-x32\...\{09b61d86-bc76-4353-a7d8-ebc9e2822195}) (Version: 22.230.0.8 - Intel Corporation) Hidden LernBar Studio 4 (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\LernBarStudio) (Version: - ) LibreOffice 7.1.2.2 (HKLM\...\{07426A34-E0CD-4EC4-843B-F7A47C7BC835}) (Version: 7.1.2.2 - The Document Foundation) LINE (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\LINE) (Version: 8.2.0.3154 - LINE Corporation) Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes) Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation) Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.20 (x64) (HKLM\...\{217B2755-3BAD-486B-9606-CCD0E6CF3BE8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.20 (x86) (HKLM-x32\...\{82F89EDB-1DF1-402B-BED6-01C736967B6F}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.20 (x64) (HKLM\...\{76FA02FF-603F-48BB-9E3F-17ED5DB861E8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.20 (x86) (HKLM-x32\...\{561137EF-2ECE-48F0-A6D6-6260AC7112A5}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.20 (x64) (HKLM\...\{6CE8AD8C-E6D5-4BF7-91C3-7F8106A5CD93}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.20 (x86) (HKLM-x32\...\{6E4984A9-4321-4D96-861F-D03578E68C8B}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.16626.20134 - Microsoft Corporation) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.20 (x64) (HKLM\...\{53531ED1-E480-4012-9912-BF1C67547BF3}) (Version: 48.83.63194 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.20 (x64) (HKLM-x32\...\{8e256e2b-a36f-4f85-a4c7-37fdf661778c}) (Version: 6.0.20.32621 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{39139702-799e-4843-8d90-cfe9330b285a}) (Version: 6.0.20.32621 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{FC641ACB-FE5E-4F88-B392-9421BDCA1143}) (Version: 48.83.63194 - Microsoft Corporation) Hidden Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 116.0.2 (x64 de)) (Version: 116.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 116.0 - Mozilla) Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 115.1.0 (x64 de)) (Version: 115.1.0 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Oracle VM VirtualBox 7.0.10 (HKLM\...\{16919967-9ED2-47C0-B86C-987992BA491F}) (Version: 7.0.10 - Oracle and/or its affiliates) Oxygen XML Editor 25.1 (64-bit) (HKLM\...\8531-1278-6363-8538) (Version: 25.1 - SyncRO Soft) Pandoc 3.1.6 (HKLM\...\{2436203B-0BDD-4FC7-BC74-03A4A690F12C}) (Version: 3.1.6 - John MacFarlane) PowerFolder (HKLM-x32\...\PowerFolder) (Version: 19.2.100.0 - PowerFolder.com) Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated) QuickSteuer Deluxe 2021 (HKLM-x32\...\{A2846AC5-3D80-4229-8408-782C760CD0D2}) (Version: 26.45.124 - Haufe-Lexware GmbH & Co.KG) QuickSteuer Deluxe 2022 (HKLM-x32\...\{7D964C53-6E60-4483-99F6-C393BA285169}) (Version: 27.32.81 - Haufe-Lexware GmbH & Co.KG) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8929.1 - Realtek Semiconductor Corp.) ReinstallWindows (HKLM\...\{BF6DE64B-BCE9-433A-865A-2871F7AD5980}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Signal 6.27.0 (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.27.0 - Signal Messenger, LLC) Skype 8.100 (HKLM-x32\...\{7822B534-EC4E-4139-9320-03303496E0C3}) (Version: 8.100.0.203 - Skype Technologies S.A.) Skype version 8.100 (HKLM-x32\...\Skype_is1) (Version: 8.100 - Skype Technologies S.A.) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Strawberry Perl (64-bit) (HKLM\...\{2DC518D0-750A-1014-A07D-5301D6FAD9F8}) (Version: 5.32.1001 - strawberryperl.com project) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk) SyncTrayzor (x64) version 1.1.29.0 (HKLM\...\{c004dcef-b848-46a5-9c30-4dbf736396fa}_is1) (Version: 1.1.29.0 - SyncTrayzor) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation) Telegram Desktop (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.8.10 - Telegram FZ-LLC) TeX Live 2022 (HKLM-x32\...\TeXLive2022) (Version: 2022 - TeX Live) tiptoi® Manager 5.0.2 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.0.2 - Ravensburger AG) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VidyoConnect (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\VidyoConnect) (Version: 21.6.0.17451 - Vidyo Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.17.4 - VideoLAN) Windows Driver Package - DAVICOM Semiconductor, Inc. (DM9USB) Net (07/03/2012 5.0.3.0703) (HKLM\...\A843D426B14509A56ED9B3F9E0ADC07ADD2F8409) (Version: 07/03/2012 5.0.3.0703 - DAVICOM Semiconductor, Inc.) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation) Zoom (64-bit) (HKLM\...\{CBCEFA59-8DE2-4FA4-8596-FC41BCC14D50}) (Version: 5.15.19404 - Zoom) Zotero (HKLM-x32\...\Zotero 6.0.26 (x86 en-US)) (Version: 6.0.26 - Corporation for Digital Scholarship) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-12-07] (Adobe Systems Incorporated) Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2022-04-25] (Adobe Systems Incorporated) Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-01-13] (Acer Incorporated) Debian -> C:\Program Files\WindowsApps\TheDebianProject.DebianGNULinux_1.15.0.0_x64__76v4gfsz19hv4 [2023-07-05] (The Debian Project) DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.14.0_x64__t5j2fzbtdg37r [2023-07-07] (DTS, Inc.) Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task] Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-18] (INTEL CORP) Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-01-10] (Microsoft Corporation) QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-02-10] (Acer Incorporated) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2021-08-31] (Realtek Semiconductor Corp) Thunderbolt™ Kontrollcenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-09-26] (INTEL CORP) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2330.7.0_x64__cv1g1gvanyjgm [2023-08-03] (WhatsApp Inc.) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-93846ED5F987} -> [Creative Cloud Files] => C:\Users\*****\Creative Cloud Files [2021-05-28 19:26] CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\*****\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed] CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel) CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{5107667c-149a-47c8-b0c9-e4bf9132f17d} -> [PowerFolder] => C:\Users\*****\PowerFolders [2022-01-31 19:30] CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\*****\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{e26efb18-339f-4433-9b3d-c2832a3fe6cb}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => No File CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ PowerFolderIgnored] -> {0800cf35-8302-4030-8add-40ac1e3f8834} => C:\Program Files\PowerFolder.com\PowerFolder\IgnoredOverlay_x64.dll [2023-06-07] () [File not signed] ShellIconOverlayIdentifiers: [ PowerFolderLocked] -> {0800cf35-8302-4030-8add-40ac1e3f8835} => C:\Program Files\PowerFolder.com\PowerFolder\LockedOverlay_x64.dll [2023-06-07] () [File not signed] ShellIconOverlayIdentifiers: [ PowerFolderOK] -> {0800cf35-8302-4030-8add-40ac1e3f8831} => C:\Program Files\PowerFolder.com\PowerFolder\OKOverlay_x64.dll [2023-06-07] () [File not signed] ShellIconOverlayIdentifiers: [ PowerFolderSyncing] -> {0800cf35-8302-4030-8add-40ac1e3f8832} => C:\Program Files\PowerFolder.com\PowerFolder\SyncingOverlay_x64.dll [2023-06-07] () [File not signed] ShellIconOverlayIdentifiers: [ PowerFolderWarning] -> {0800cf35-8302-4030-8add-40ac1e3f8833} => C:\Program Files\PowerFolder.com\PowerFolder\WarningOverlay_x64.dll [2023-06-07] () [File not signed] ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-06-14] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH) [File not signed] ContextMenuHandlers1: [LiferayNativityContextMenus] -> {0800cf35-8302-4030-8add-40ac1e3f8830} => C:\Program Files\PowerFolder.com\PowerFolder\LiferayNativityContextMenus_x64.dll [2023-06-07] () [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH) [File not signed] ContextMenuHandlers4: [LiferayNativityContextMenus] -> {0800cf35-8302-4030-8add-40ac1e3f8830} => C:\Program Files\PowerFolder.com\PowerFolder\LiferayNativityContextMenus_x64.dll [2023-06-07] () [File not signed] ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-06-14] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\elastic.lnk -> D:\new-maktaba-shamila\shamela4\elastic\bin\nircmd.exe (NirSoft) -> exec hide "d:\new-maktaba-shamila\shamela4\elastic\bin\elasticsearch64.bat" ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Jitsi Meet.lnk -> C:\Program Files\Chromium\Application\chrome_proxy.exe (The Chromium Authors) -> --profile-directory=Default --app-id=ibiognfelmneebngbnbeonnllapmffmb ==================== Loaded Modules (Whitelisted) ============= 2023-08-02 10:26 - 2023-07-31 22:03 - 004684288 _____ () [File not signed] \\?\C:\Users\*****\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules\@signalapp\better-sqlite3\build\Release\better_sqlite3.node 2023-08-02 10:26 - 2023-07-31 22:03 - 004961792 _____ () [File not signed] \\?\C:\Users\*****\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules\@signalapp\libsignal-client\prebuilds\win32-x64\node.napi.node 2023-08-02 10:26 - 2023-07-31 22:03 - 011730432 _____ () [File not signed] \\?\C:\Users\*****\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules\@signalapp\ringrtc\build\win32\libringrtc-x64.node 2020-11-30 15:46 - 2022-05-28 10:45 - 000031232 _____ () [File not signed] C:\Program Files\IceCat\libEGL.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 004999680 _____ () [File not signed] C:\Program Files\IceCat\libGLESv2.dll 2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\IgnoredOverlay_x64.dll 2023-06-07 15:48 - 2023-06-07 15:48 - 000169472 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\LiferayNativityUtil_x64.dll 2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\LockedOverlay_x64.dll 2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\OKOverlay_x64.dll 2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\SyncingOverlay_x64.dll 2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\WarningOverlay_x64.dll 2023-08-02 12:33 - 2023-06-07 15:55 - 000059392 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\desktoputils.dll 2023-08-02 12:33 - 2023-06-07 15:55 - 001203750 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\jnotify.dll 2023-08-02 12:33 - 2023-06-07 15:55 - 000014848 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\LiferayNativityWindowsUtil.dll 2023-08-02 12:33 - 2023-06-07 15:55 - 000281088 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\udt.dll 2023-08-02 12:33 - 2023-06-07 15:55 - 000061952 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\udt4j.dll 2023-08-06 19:09 - 2023-06-09 01:27 - 000457216 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\_jpype.cp37-win_amd64.pyd 2023-08-06 19:08 - 2023-06-09 01:27 - 012723712 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\fitz\_fitz.cp37-win_amd64.pyd 2023-08-06 19:09 - 2023-06-09 01:27 - 000104448 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\msgpack._cmsgpack.cp37-win_amd64.pyd 2023-08-06 19:09 - 2023-06-09 01:27 - 002522112 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\PIL\_imaging.cp37-win_amd64.pyd 2023-08-06 19:10 - 2023-06-09 01:27 - 000553984 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\pythoncom37.dll 2023-08-06 19:10 - 2023-06-09 01:27 - 000140800 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\pywintypes37.dll 2023-08-06 19:09 - 2023-06-09 01:27 - 000667136 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\regex._regex.cp37-win_amd64.pyd 2023-08-06 19:09 - 2023-06-09 01:27 - 000134144 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\win32api.pyd 2023-08-06 19:09 - 2023-06-09 01:27 - 000523776 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\win32com.shell.shell.pyd 2023-08-06 19:10 - 2023-05-31 01:40 - 000153600 _____ () [File not signed] D:\shamela4\app\win\64\bin\nvdaControllerClient64.dll 2016-06-30 11:15 - 2016-06-30 11:15 - 000012288 _____ (Institut für Iranistik) [File not signed] C:\Windows\system32\dtsch-or.dll 2021-10-15 12:38 - 2022-05-28 10:45 - 000182272 _____ (Mozilla Foundation) [File not signed] [File is in use] C:\Program Files\IceCat\AccessibleHandler.dll 2021-10-15 12:38 - 2022-05-28 10:45 - 000073216 _____ (Mozilla Foundation) [File not signed] [File is in use] C:\Program Files\IceCat\ia2marshal.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 112619008 _____ (Mozilla Foundation) [File not signed] [File is in use] C:\Program Files\IceCat\xul.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 000731648 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\freebl3.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 000035840 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\lgpllibs.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 002115584 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\mozavcodec.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 000198144 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\mozavutil.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 000650240 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\mozglue.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 002315776 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\nss3.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 000399360 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\nssckbi.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 000377856 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\osclientcerts.dll 2020-11-30 15:46 - 2022-05-28 10:45 - 000265728 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\softokn3.dll 2015-12-17 12:11 - 2015-12-17 12:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll 2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll 2020-12-15 23:28 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll 2020-12-15 23:28 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\sharepoint.com -> hxxps://goetheuniversitaet-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2023-07-24 20:28 - 000000830 _____ C:\Windows\system32\drivers\etc\hosts 2022-08-21 22:37 - 2023-07-29 11:26 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics 172.21.208.1 DESKTOP-UIULLTJ.mshome.net # 2028 7 4 27 9 26 51 764 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Eclipse Adoptium\jre-8.0.382.5-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\Calibre2\;C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\GnuPG\bin;C:\texlive\2022\bin\win32;C:\Program Files\Git\cmd;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin HKCU\Environment\\Path -> C:\Program Files\Eclipse Adoptium\jre-8.0.352.8-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\Calibre2\;C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\Program Files\MiKTeX\miktex\bin\x64\;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Program Files\Git\cmd;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin;C:\Program Files (x86)\GnuPG\bin;C:\Program Files\Eclipse Adoptium\jre-8.0.352.8-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\Calibre2\;C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\Program Files\MiKTeX\miktex\bin\x64\;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Program Files\Git\cmd;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin;C:\Program Files (x86)\GnuP;C:\Users\*****\AppData\Local\Pandoc\;C:\Program Files\Oracle\VirtualBox; HKU\S-1-5-21-917627657-1518166570-4135675860-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. Network Binding: ============= VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet 5: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) WLAN: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "PDF24" HKLM\...\StartupApproved\Run: => "Everything" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKLM\...\StartupApproved\Run32: => "EEventManager" HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6316AB26-D844-4216-ADC1-E281DAB3EE7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3E3F3E05-5583-458E-A2ED-DAD18E59A4E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{54400108-44E5-4EB4-9819-B87070D23332}] => (Allow) C:\Program Files\IceCat\icecat.exe (Mozilla Corporation) [File not signed] FirewallRules: [{5417BF67-5BBD-4837-B544-65542B5A9982}] => (Allow) C:\Program Files\IceCat\icecat.exe (Mozilla Corporation) [File not signed] FirewallRules: [{146DBE79-28C8-4CCB-891D-B1D786AEBC4E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{9864282C-5A9F-41BE-A9C5-B78F57C25B97}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{26C9CB4E-7D95-45FB-9D93-171B71AAD04B}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Allow) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc) FirewallRules: [UDP Query User{A34F2747-2A0B-4112-BBCE-4E885F3AAEAF}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Allow) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc) FirewallRules: [{9F55A48A-AB81-4AE5-979A-DD4368B86AE6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7E7EAD15-889F-44F4-9087-CC102D7ABA64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7C327271-0E24-46D1-8161-E1BF9320BDB6}] => (Allow) C:\Program Files\Canon\DIAS\CnxDIAS.exe (CANON INC. -> CANON INC.) FirewallRules: [{CD43FA0D-EEC7-4C49-BD28-78225C470B07}] => (Allow) C:\Users\*****\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File FirewallRules: [{73FE525C-74AE-42BB-B8E6-C14163D65071}] => (Allow) C:\Users\*****\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File FirewallRules: [{08A2E773-4262-48BB-A35A-496642E91AD3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [{24509F41-D82E-46F1-B69B-DDEB3FC81336}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [{5F8ACE13-226C-43B0-B547-C7818886931E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B485A504-ADA1-42A4-B4FF-DA3C56173BA6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{37883EBE-3136-49E0-9356-6987273A6F37}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A695D91F-9146-4797-94B7-8BDE3B80861D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B6BD8654-A40C-44E4-AFAF-A0F36CECCF62}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{5B728A5A-7D74-484A-B23C-72F52C3CDB75}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{D9D60D83-AB00-48D3-8A69-FA743BE8A67E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{E254E46B-07B5-423A-84B3-15FF74A2B0A5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A60F5E64-1E9A-44A1-A906-E3F8022E9009}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K) FirewallRules: [{38F721BC-3028-477F-BFCD-B8EDAAF6BB68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K) FirewallRules: [{E857E69F-0D10-41F7-B51C-931EDB27BE0E}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgfs.exe () [File not signed] FirewallRules: [{F269B616-7271-424E-A7BF-C34BBB589478}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgfs.exe () [File not signed] FirewallRules: [{172DF7BF-3B8C-49D8-A5A5-937782164487}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgcom.exe () [File not signed] FirewallRules: [{A2EEEE1B-5C5C-40C6-9065-84626C7AA6BF}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgcom.exe () [File not signed] FirewallRules: [TCP Query User{568C277E-E824-4A78-9D06-62F56494BDCC}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Block) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc) FirewallRules: [UDP Query User{4A82AAFB-0ECD-4904-8754-8EEFE67ABF97}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Block) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc) FirewallRules: [{4C238347-B9F9-4360-A96A-28A627A7C396}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe => No File FirewallRules: [{4ED0778D-7419-4C47-8D24-7AEA4B93EFB4}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe => No File FirewallRules: [{F2468B3E-91FF-4F24-9D89-C699E2CE3752}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe => No File FirewallRules: [{1F4E0520-39E9-4645-8649-44CEB46B634C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) FirewallRules: [{321053D3-E470-4092-A8AF-D6F28349C0CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) FirewallRules: [TCP Query User{DC16E46A-C3B8-4683-AD12-B2BB855616C1}C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe => No File FirewallRules: [UDP Query User{0330DBC6-A582-4A27-A734-3B72013D16AE}C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe => No File FirewallRules: [TCP Query User{A9AEBBD3-0318-42E9-AE10-62481938FD81}C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe => No File FirewallRules: [UDP Query User{642F024F-5CF4-4FA9-9AFA-EAE41EBA2A4B}C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe => No File FirewallRules: [TCP Query User{A054D41C-9704-4CB9-B514-53580E144BD1}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{9CCDD46B-7FB4-454C-9C78-7E662743545D}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{BD5B6F5C-C2FB-4642-A7B5-3695B298BC94}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{A1B1B43A-5E8A-495D-A8B6-3F5D217AA787}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{76F396C9-5D9A-49B8-9D6E-0F94406A4941}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LINE.exe => No File FirewallRules: [{062E312A-51B2-4FE8-AE23-5D6B7C8461B1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LINE.exe => No File FirewallRules: [{90851A1D-1C22-43BF-8D50-15809132D83C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LineUpdater.exe => No File FirewallRules: [{F926D051-4FBD-44F0-9F5A-A3D5024A5B3E}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LineUpdater.exe => No File FirewallRules: [TCP Query User{0F3B9017-A50D-4C04-95B8-52B4CD86D7E9}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File FirewallRules: [UDP Query User{FB487A13-8F0D-4DB6-8A45-A4554FC2480D}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File FirewallRules: [TCP Query User{0AC380A7-7EDF-43A2-BA55-045DABB6810E}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File FirewallRules: [UDP Query User{0F751712-2694-43A3-9F41-00E6CB5575B2}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File FirewallRules: [{AAC0EF56-4C9A-47E4-8747-5C1D21BFF128}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LINE.exe => No File FirewallRules: [{47002FCA-DB46-4C13-82F3-F4961DECF8B2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LINE.exe => No File FirewallRules: [{BB4F5EB0-7B7B-4125-AB9E-0C07D9E9BD1F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LineUpdater.exe => No File FirewallRules: [{E190D797-76DC-48C5-ACCC-0E78D2FE63A9}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LineUpdater.exe => No File FirewallRules: [{3015F7FE-9687-4B8F-9CEF-CED908D26C83}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LINE.exe => No File FirewallRules: [{DB55E16F-4038-4A39-97CD-D730D58A8510}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LINE.exe => No File FirewallRules: [{9900E0D0-770F-439B-8962-1F77A93FAE94}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LineUpdater.exe => No File FirewallRules: [{3078745A-74BB-4374-ACBD-2A28AE78601B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LineUpdater.exe => No File FirewallRules: [TCP Query User{B9E6FDF2-C0E6-4DAF-A6D7-F1204FDAA9AC}C:\users\*****\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\*****\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [UDP Query User{4DE9D834-0A45-4955-A280-F18A77DE3B82}C:\users\*****\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\*****\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [{E101662A-9D83-41FC-98D4-935F0E6BD19F}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) FirewallRules: [{EA3A7763-572B-4401-A687-DE0513A7C23F}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) FirewallRules: [{4BE1C042-FE83-4FE3-8151-481695EFB0DB}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) FirewallRules: [{C99D57A6-C7EE-46CB-A916-9DBAB69F288F}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) FirewallRules: [{B6A36035-D932-4163-9196-432EA13C8B56}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LINE.exe => No File FirewallRules: [{18342CC9-A870-47CE-9EE4-FE03239D3150}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LINE.exe => No File FirewallRules: [{267DAF34-6818-4335-923E-D8DCA7CE2A96}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LineUpdater.exe => No File FirewallRules: [{56BC041B-46F5-4D76-BA30-7F101FE9B7F4}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LineUpdater.exe => No File FirewallRules: [{215A08CE-2A0E-4946-805E-2F433EA941AB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LINE.exe => No File FirewallRules: [{F6807250-7EB8-486B-815E-3FEF46AAB44C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LINE.exe => No File FirewallRules: [{EFE78CC0-B6C6-4B2A-BC3F-9BA7FDDBDEDB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LineUpdater.exe => No File FirewallRules: [{83539C23-E40D-4E99-A888-B5201985788D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LineUpdater.exe => No File FirewallRules: [{50DDEC3D-D781-4AB1-9B76-9B99E5669037}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LINE.exe => No File FirewallRules: [{348DA317-A5A2-42F6-80C3-33599021C7FF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LINE.exe => No File FirewallRules: [{80073697-F352-4F1F-BEA6-5C68707AE3C7}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LineUpdater.exe => No File FirewallRules: [{B617AD60-7F85-4B32-88E4-D44D067E18BC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LineUpdater.exe => No File FirewallRules: [{D9ABF39A-F16D-4C21-AB0D-FC79D757D4F8}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LINE.exe => No File FirewallRules: [{6BE49B60-609E-44F7-AABF-C27DCDF7A4FA}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LINE.exe => No File FirewallRules: [{C0F5D0F5-5A02-4C05-B021-948E0B1E00FA}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LineUpdater.exe => No File FirewallRules: [{E98BAFF6-691A-41AA-BE48-48D29C9A2873}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LineUpdater.exe => No File FirewallRules: [TCP Query User{152E1FE4-C450-4162-B952-91310C8ACB78}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{46B04126-57CD-417B-95CB-6F4262B8D3F6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{2D1100A0-9B41-4412-B97F-E28A28407350}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LINE.exe => No File FirewallRules: [{FD91625C-A92B-473A-9E2E-16533E07F576}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LINE.exe => No File FirewallRules: [{67CF3EE2-8084-4622-BFD3-B3E66D5E752F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LineUpdater.exe => No File FirewallRules: [{3B759B51-4BAA-493A-87A3-D115233F2FBF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LineUpdater.exe => No File FirewallRules: [{F71F2A97-E3F8-4386-9E69-0EACEF3FE834}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LINE.exe => No File FirewallRules: [{DF8B8A5A-FADD-49F2-B82F-F9DE9FBD0FA5}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LINE.exe => No File FirewallRules: [{4968D978-9DA5-490E-9DE3-098CF8ACDE4A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LineUpdater.exe => No File FirewallRules: [{3717605E-21A4-423B-BB52-D0316257F195}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LineUpdater.exe => No File FirewallRules: [TCP Query User{28D4D67C-DCEC-4674-863B-F2AAF3F79B90}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Allow) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe FirewallRules: [UDP Query User{F2AF663C-F6C2-4C6E-8C71-83DBBA1A9C68}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Allow) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe FirewallRules: [TCP Query User{8A6E8A4F-3F69-4653-BEC7-FB0C10B531EF}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Block) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe FirewallRules: [UDP Query User{9493710A-28B6-49E4-8BB9-67B09A6CEE6D}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Block) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe FirewallRules: [{04FA014B-1EC3-4E0A-98C3-CB0B22237025}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LINE.exe => No File FirewallRules: [{ED4FA95B-98CE-4FB4-91B9-F5C264712CAF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LINE.exe => No File FirewallRules: [{1DF0EFAE-4CDE-416C-BB36-259AAC2A2510}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LineUpdater.exe => No File FirewallRules: [{F2FD42FC-CCFF-4787-A458-D49ABB879B0A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LineUpdater.exe => No File FirewallRules: [{177E7FD9-1E5C-4136-B373-89C4E1F4254A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LINE.exe => No File FirewallRules: [{6A4F1B1A-EA62-4329-812C-34B2E9255391}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LINE.exe => No File FirewallRules: [{9DD82D09-7D40-45B4-AFF4-E544CD109FB8}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LineUpdater.exe => No File FirewallRules: [{1C240301-DDBC-43E7-95D9-3A36CCDE67EE}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LineUpdater.exe => No File FirewallRules: [{BCC37E02-03FB-45E0-B3E6-6E753DFC0472}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LINE.exe => No File FirewallRules: [{48955ED8-6BE6-47DC-9F40-51D3CA46585A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LINE.exe => No File FirewallRules: [{6D38438F-CFDE-4117-9702-125D17530684}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LineUpdater.exe => No File FirewallRules: [{F5BD4C3F-BBA3-4884-AB72-C6E4A00ABCB1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LineUpdater.exe => No File FirewallRules: [{BD74503C-C199-467C-A730-9B004EA06B69}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LINE.exe => No File FirewallRules: [{7F0ED3ED-B6A0-4B39-B0E8-7D5AAC4FC70A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LINE.exe => No File FirewallRules: [{92DF69B8-5E2E-4D27-A32A-6508AE1E70B4}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LineUpdater.exe => No File FirewallRules: [{2BCF2C18-1E3C-4800-AB1B-31328E9EEB5C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LineUpdater.exe => No File FirewallRules: [{C8F3D64E-1C07-4D8E-A9E2-0572DD57336C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LINE.exe => No File FirewallRules: [{9538A11C-CF1F-463C-8E6B-3D53D99A8790}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LINE.exe => No File FirewallRules: [{4620F342-2459-4D50-8134-5C69D6C5D75D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LineUpdater.exe => No File FirewallRules: [{2230AD97-0838-4230-A1A3-AB903D643E06}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LineUpdater.exe => No File FirewallRules: [{F19BA587-5EE6-4233-A709-B34451FAF3BC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LINE.exe => No File FirewallRules: [{5915557F-05C4-47A6-8E83-F76816E92073}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LINE.exe => No File FirewallRules: [{D6353043-517F-459A-8F54-B20325C1A47D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LineUpdater.exe => No File FirewallRules: [{EE4A6A58-A8AF-4AAE-A752-449C0AA48D41}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LineUpdater.exe => No File FirewallRules: [{DFC0F6D2-454F-4A01-BB7F-0AFB7D5706AF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LINE.exe => No File FirewallRules: [{AE4E0712-328F-46E2-8937-816C2197A356}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LINE.exe => No File FirewallRules: [{618455A1-03CD-4CD5-8090-AF69E48D3C70}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LineUpdater.exe => No File FirewallRules: [{3CAD46D7-D64D-4715-B3E5-8DF881734FBE}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LineUpdater.exe => No File FirewallRules: [{0E6F00E1-F789-4CBC-B575-F79A2629CCCC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LINE.exe => No File FirewallRules: [{5C491A52-0F61-4C71-ADDB-D43F222D9219}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LINE.exe => No File FirewallRules: [{96624448-1525-4366-935D-410EDDD3D2A1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LineUpdater.exe => No File FirewallRules: [{8A8477FF-6288-4792-B7AD-4BA3DF150647}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LineUpdater.exe => No File FirewallRules: [{0E0F98F0-4B16-4D9E-8BEA-9EAAAC3E613D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LINE.exe => No File FirewallRules: [{FEF35869-CFB9-4DE1-90AF-AFB89458300B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LINE.exe => No File FirewallRules: [{61FCCE96-C1A0-4C30-B23E-A5CE0F131FD3}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LineUpdater.exe => No File FirewallRules: [{93CA1D86-11B2-4ADD-89E4-E10273CD4AD0}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LineUpdater.exe => No File FirewallRules: [{76C148C4-63E8-4AB1-80DD-495E477CD303}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LINE.exe => No File FirewallRules: [{8B0207B9-176D-4B06-84BB-C66DA9C4B521}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LINE.exe => No File FirewallRules: [{EFBCB701-0F4E-4CB8-9524-9DF86F0A72E2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LineUpdater.exe => No File FirewallRules: [{99F72A0A-FBAC-42C2-A37E-85339A0D09B2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LineUpdater.exe => No File FirewallRules: [{E589ED3C-1331-4FC7-AF84-9525792AFFF9}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LINE.exe => No File FirewallRules: [{4996CEFC-1DB6-47FD-BB3C-34E873DEC5CF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LINE.exe => No File FirewallRules: [{6FC035A4-A781-4DD9-BF5A-68FA2DDA0687}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LineUpdater.exe => No File FirewallRules: [{C00358A2-55BC-494F-BDC8-444ED5045845}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LineUpdater.exe => No File FirewallRules: [{58E6B588-A682-4948-90EA-20BF84BA5C80}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LINE.exe => No File FirewallRules: [{E0C81D17-E9A8-4C86-8858-8C0FCF581884}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LINE.exe => No File FirewallRules: [{370A7F63-D546-4A5F-BDF1-2EF3923A488B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LineUpdater.exe => No File FirewallRules: [{607CAAF6-5FC9-4985-85AD-4FBCB7E778AB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LineUpdater.exe => No File FirewallRules: [{033CC489-F5E4-4680-875E-EB1B13E8EC31}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LINE.exe => No File FirewallRules: [{8589F426-604D-484A-8774-D8F6E3557A2B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LINE.exe => No File FirewallRules: [{AAB3B351-6743-4174-96F8-1569231AB3F3}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LineUpdater.exe => No File FirewallRules: [{059F481F-B8FC-4664-8CEB-924AE34BE73D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LineUpdater.exe => No File FirewallRules: [{53A7A7AA-542A-4459-BB9B-29FE230A1C23}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LINE.exe => No File FirewallRules: [{32506715-28C7-440C-A218-A8A48A5A32D4}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LINE.exe => No File FirewallRules: [{7CE67A8F-DC44-4B22-B3F7-EE23CD822253}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LineUpdater.exe => No File FirewallRules: [{806675CE-EEED-4F9E-A5BE-23B2C9DD09AA}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LineUpdater.exe => No File FirewallRules: [{420BD97C-B169-4AB1-8FD8-B2271F373567}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LINE.exe => No File FirewallRules: [{E6B7192B-5BF6-44F0-B775-46E7E7CB6C94}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LINE.exe => No File FirewallRules: [{9EDAC0CA-342E-4B98-A3A3-D8FE3768C45B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LineUpdater.exe => No File FirewallRules: [{E8FF69D3-E7B6-4970-951A-33CF071E11C6}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LineUpdater.exe => No File FirewallRules: [{E6DB9EF5-404B-4EB4-A375-31697FC3F138}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LINE.exe => No File FirewallRules: [{A70793A5-0D2A-4641-BE57-037E0E60464F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LINE.exe => No File FirewallRules: [{ED5C952E-80C5-4E3F-BF24-CDFC651B56F1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LineUpdater.exe => No File FirewallRules: [{C49FFA7F-8F88-41DA-A442-C1E10C9D2160}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LineUpdater.exe => No File FirewallRules: [{BEB49696-F7D2-4D5B-BD92-393ACD17CEB5}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LINE.exe => No File FirewallRules: [{8EE69272-CDE0-4072-B4F0-957C9625063C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LINE.exe => No File FirewallRules: [{723F9887-E9E5-4199-9D55-E195AD780618}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LineUpdater.exe => No File FirewallRules: [{BB08D898-68C8-47E2-AC92-1310FC5C6980}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LineUpdater.exe => No File FirewallRules: [{FB5E9EBF-0AB5-460B-AF83-A176C8738249}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LINE.exe => No File FirewallRules: [{47910B20-512F-46B0-89DC-E2B15CF6C620}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LINE.exe => No File FirewallRules: [{FA5EE6B9-CA92-4DCA-A2CF-30D6AF1A370F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LineUpdater.exe => No File FirewallRules: [{73196871-FD19-4667-B700-D536B567BDCB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LineUpdater.exe => No File FirewallRules: [TCP Query User{887ABC2F-61E9-4AA0-AC22-828871ACA0BE}C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors) FirewallRules: [UDP Query User{8CB05EBC-3491-445F-8D5B-562ADB5BC143}C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors) FirewallRules: [{9DFCA52F-BC83-4C33-A1B6-2ED9C7E49DCF}] => (Block) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors) FirewallRules: [{7D0C0398-D976-4257-AD83-0DCDA5DB1130}] => (Block) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors) FirewallRules: [{C3F7B0C9-D9F1-4A2B-9D1A-611C219AE4E7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{653E1444-C5AD-4AC6-8B1A-74EB110289B5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7C23D7E1-EA2C-4779-92CE-35A3B9D967FE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5E41C835-2B4C-438F-A27F-197A9D287B0F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{02F94DF1-562B-42A1-8843-0DE854C3350B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9239636B-44C9-442E-A536-596D616F5A20}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LINE.exe => No File FirewallRules: [{7133AB5C-45AA-48A3-B14F-54ED945DD879}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LINE.exe => No File FirewallRules: [{11F49329-885E-40C5-9F29-1B436FC5E731}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LineUpdater.exe => No File FirewallRules: [{A5E9E8E4-E36B-450C-B054-711872CBA22C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LineUpdater.exe => No File FirewallRules: [{052294B8-6D5E-4FF8-88D6-172BEA3D45D3}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{41B90149-A740-42B2-982E-58964100AFE2}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{0BD29992-A39F-4866-9BCE-2C750F027931}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{99C7E4B0-67EF-4390-9A82-73BF651F1B9E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AD7FCF6A-F31E-493F-98A9-7BC22A1B02EC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LINE.exe => No File FirewallRules: [{359CF708-6134-4237-895A-72250EEBB417}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LINE.exe => No File FirewallRules: [{8B141409-513B-4C1C-93EC-6087F0543775}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LineUpdater.exe => No File FirewallRules: [{0A90BF05-4FFF-435D-82D3-89DAF10025C2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LineUpdater.exe => No File FirewallRules: [{149FF591-371B-402D-BA35-BC1B820C3FE0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{77405491-D3C6-4B24-BB31-2BFC9739BA1A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F128B2B6-308E-4D1F-847D-93F2C0F2CC43}] => (Allow) C:\Program Files\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: Unknown USB Device (Device Descriptor Request Failed) Description: Unknown USB Device (Device Descriptor Request Failed) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Unknown USB Device (Port Reset Failed) Description: Unknown USB Device (Port Reset Failed) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ======================== Application errors: ================== Error: (08/09/2023 11:47:19 AM) (Source: COM) (EventID: 10035) (User: ) Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {00000000-0000-0000-0000-000000000000}. The error code was 0x80010114. Error: (08/09/2023 11:47:19 AM) (Source: COM) (EventID: 10035) (User: ) Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {96D57EB0-0274-0000-C4C5-93F984000000}. The error code was 0x80010114. Error: (08/09/2023 11:46:55 AM) (Source: COM) (EventID: 10035) (User: ) Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {00000000-0000-0000-0000-000000000000}. The error code was 0x80010114. Error: (08/09/2023 11:46:55 AM) (Source: COM) (EventID: 10035) (User: ) Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {3F39C830-7FFC-0000-E0EB-143FFC7F0000}. The error code was 0x80010114. Error: (08/09/2023 10:22:55 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (08/09/2023 10:22:54 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: ) Description: Event-ID 12007 Error: (08/09/2023 10:22:54 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/09/2023 12:39:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimiser couldn't complete erneut optimieren on BIBLIOTHEKA (F:) because: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A) System errors: ============= Error: (08/09/2023 11:52:29 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (08/09/2023 11:46:41 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (08/09/2023 11:40:14 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (08/09/2023 11:38:14 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (08/08/2023 08:59:52 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (08/08/2023 12:36:02 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (08/08/2023 11:11:26 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {16486a00-f8bb-4860-841f-555111c02171}, had event 74 Error: (08/07/2023 07:00:29 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Windows Defender: ================ Date: 2023-08-09 09:02:07 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {502DC5D1-99B0-4A71-A571-545623C786F3} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2023-08-08 11:13:57 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Name: Trojan:Win32/Occamy.C Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_D:\new-maktaba-shamila\shamela_4\1441.095\launcher.bin Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-UIULLTJ\***** Prozessname: C:\Program Files\7-Zip\7zG.exe Sicherheitsversion: AV: 1.393.2546.0, AS: 1.393.2546.0, NIS: 1.393.2546.0 Modulversion: AM: 1.1.23060.1005, NIS: 1.1.23060.1005 Date: 2023-08-08 08:57:42 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {670A039C-E493-48D3-80A3-6596C7F12BC1} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2023-08-07 11:42:37 Description: C:\Program Files\Adobe\Adobe InDesign 2023\InDesign.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Documents\tmp00000001 zu ändern. Erkennungszeit: 2023-08-07T09:42:37.983Z Benutzer: DESKTOP-UIULLTJ\***** Pfad: %userprofile%\OneDrive\Documents\tmp00000001 Prozessname: C:\Program Files\Adobe\Adobe InDesign 2023\InDesign.exe Sicherheitsversion: 1.393.2455.0 Modulversion: 1.1.23060.1005 Produktversion: 4.18.23050.9 Date: 2023-08-06 18:17:58 Description: C:\Program Files\PowerFolder.com\PowerFolder\jre\bin\javaw.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Documents\Privat\.PowerFolder\meta\.PowerFolder\ zu ändern. Erkennungszeit: 2023-08-06T16:17:58.880Z Benutzer: DESKTOP-UIULLTJ\***** Pfad: %userprofile%\OneDrive\Documents\Privat\.PowerFolder\meta\.PowerFolder\ Prozessname: C:\Program Files\PowerFolder.com\PowerFolder\jre\bin\javaw.exe Sicherheitsversion: 1.393.2424.0 Modulversion: 1.1.23060.1005 Produktversion: 4.18.23050.9 Event[0]: Date: 2023-07-15 10:32:14 Description: Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features. Feature: Bei Zugriff Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: Die Elementenüberprüfung des Filtertreibers wurde übersprungen, und er befindet sich nun im Durchleitungsmodus. Dies ist möglicherweise auf Ressourcenmangel zurückzuführen. Date: 2023-05-31 10:21:05 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: 1.391.20.0 %Vorherige Version der Sicherheitsinformationen: 1.389.2778.0 Update Source: Benutzer Sicherheitstyp: AntiSpyware Updatetyp: Delta Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.20300.3 %Vorherige Modulversion: 1.1.20300.3 Fehlercode: 0x80070666 Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. Date: 2023-05-31 10:21:05 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: 1.391.20.0 %Vorherige Version der Sicherheitsinformationen: 1.389.2778.0 Update Source: Benutzer Sicherheitstyp: AntiVirus Updatetyp: Delta Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.20300.3 %Vorherige Modulversion: 1.1.20300.3 Fehlercode: 0x80070666 Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. Date: 2023-05-31 10:20:08 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: 1.391.20.0 %Vorherige Version der Sicherheitsinformationen: 1.389.2778.0 Update Source: Benutzer Sicherheitstyp: AntiSpyware Updatetyp: Voll Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.23050.3 %Vorherige Modulversion: 1.1.20300.3 Fehlercode: 0x80509004 Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". Date: 2023-05-31 10:20:08 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: 1.391.20.0 %Vorherige Version der Sicherheitsinformationen: 1.389.2778.0 Update Source: Benutzer Sicherheitstyp: AntiVirus Updatetyp: Voll Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.23050.3 %Vorherige Modulversion: 1.1.20300.3 Fehlercode: 0x80509004 Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". CodeIntegrity: =============== Date: 2023-08-09 11:51:57 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d56593f46e53a9ee\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Insyde Corp. V1.13 06/28/2021 Motherboard: IL Lenny_IL Processor: Intel(R) Core(TM) i5-1035G4 CPU @ 1.10GHz Percentage of memory in use: 96% Total physical RAM: 7980.05 MB Available physical RAM: 275.59 MB Total Virtual: 21975.88 MB Available Virtual: 8539.04 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:237.35 GB) (Free:17.43 GB) (Model: NVMe KINGSTON RBUSNS8) (Protected) NTFS Drive d: () (Removable) (Total:238.23 GB) (Free:126.08 GB) exFAT Drive f: (BIBLIOTHEKA) (Fixed) (Total:931.51 GB) (Free:538.07 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS Drive h: (Intenso) (Fixed) (Total:476.92 GB) (Free:395 GB) (Model: Intenso Portable SSD SCSI Disk Device) exFAT \\?\Volume{6977ce3a-8aab-4d25-b7fb-3d7fca67f04f}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.29 GB) NTFS \\?\Volume{080a0e14-cf2a-4f36-bf0d-a6d5f5cfe7fe}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 8B83DD96) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 4 (Protective MBR) (Size: 238.3 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= Ich habe überall meinen Benutzernamen durch "*****" ersetzt, da es sonst meine Identität leicht zu erkennen wäre. Ich würde mich über Hilfe sehr freuen, vielen lieben Dank, Piristibulus |
09.08.2023, 11:26 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Was soll das genau sein, eine Textdatenbank?
__________________Was für ein Programm, aus welcher Quelle? Die ZIP-Datei hast du noch?
__________________ |
09.08.2023, 11:38 | #4 |
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Das ist eine Datenbank arabischer Texte, v.a. aus dem Mittelalter. Die aktuelle Version gibt es hier: https://shamela.ws/ (leider alles auf Arabisch) Die ältere Version habe ich von archive.org heruntergeladen: https://archive.org/details/shamela_4_2. Ich habe das Entpacken unterbrochen und Zip-Datei wie auch das bisher entpackte gelöscht. Ich nutze die schon seit ca. 2006, ohne dass bisher irgendwelche Trojaner-Sachen passiert wären. Im Prinzip kann man da arabische Text durchsuchen und wenn dort Personen erwähnt werden, nach diesen in biographischen Werken suchen lassen bzw. Paralleltexte und Varianten anzeigen lassen. |
09.08.2023, 11:51 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Dass das ein Fehlalarm ist, wurde noch nicht in Betracht gezogen?
__________________ Logfiles bitte immer in CODE-Tags posten |
09.08.2023, 11:54 | #6 |
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C ähm, nein ... ich habe es kurz überlegt. aber dann war ich doch verunsichert, weil eben die anderen versionen incl. der gerade aktuellen keinen solchen alarm geschlagen haben. |
09.08.2023, 12:47 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Ich verschiebe mal nach Diskussion, es wurde ja nichts ausgeführt, sondern nur entpackt.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.08.2023, 12:51 | #8 |
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Oh, danke Dir. Was heisst das jetzt genau? Also kann ich erst einmal davon ausgehen, dass alles in Ordnung sein sollte? |
09.08.2023, 12:53 | #9 | |
/// TB-Ausbilder | Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Bitte mal diese Datei bei VirusTotal hochladen und - sobald die Datei ausgewertet wurde - den Link aus der Adresszeile kopieren: Zitat:
|
09.08.2023, 22:38 | #10 |
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C ok, super ... mache ich dann nachher mal. Hier der Link: https://www.virustotal.com/gui/file/1285e55390743a3630116c7d6e47545f6872c51628526f4d1589d4994c0b44fc |
10.08.2023, 09:13 | #11 | |
/// TB-Ausbilder | Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Das sind schon einige Scanner, die hier anschlagen... Ich persönlich würde solche Software nicht nutzen, weil es mir zu heikel wäre. Lade mal bitte noch diese Datei bei VirusTotal hoch: Zitat:
|
10.08.2023, 12:09 | #12 |
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C Danke ... Oha, das schlägt auch ganz schön aus: https://www.virustotal.com/gui/file/31b3b228382dc359f22ae97b2602eee81dc743fb21196061eacc6619533881f5 Das file bzw. der Order gehört zu der späteren Version, die ich versucht habe zu entpacken. Ich sehe gerade, dass sich der Ordner gar nicht löschen lässt. Ich meine, die hätte ich auch einmal ausgeführt und dann gelassen, weil es nicht funktioniert hat, wie es soll. |
10.08.2023, 13:31 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C nircmd.exe ist ein Tool von von https://www.nirsoft.net Das sollte ok sein. Weil damit aber auch Unsinn gemacht werden kann, flaggen viele Virenscanner die Software von https://www.nirsoft.net gerne mal als (potentiellen) Schädling.
__________________ Logfiles bitte immer in CODE-Tags posten |
10.08.2023, 15:24 | #14 | ||||
/// TB-Ausbilder | Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.CZitat:
Wir können den Startup-Eintrag schon entfernen, dann kannst du es selbst löschen. Wie du magst. Hast du Chromium bewusst/absichtlich installiert? Zitat:
Zitat:
Zitat:
|
10.08.2023, 16:18 | #15 | ||
| Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.CZitat:
Aber da "Laufwerk D" ohnehin nur eine SD-Karte ist, auf der auch einige Ordner mit PDFs liegen und ich auch viel auf einem anderen PC mit Debian mache, habe ich die Karte einfach dort gemountet und den betreffenden Ordner gelöscht. Zitat:
Ich werde von der Software in Zukunft die Finger lassen und das auch mal so an die liebe Kollegschaft weitergeben... Vielen Dank für die Hilfe, soll/muss ich sonst noch etwas tun? |
Themen zu Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C |
administrator, adobe, browser, defender, firefox, google, home, homepage, internet, malwarebytes, microsoft, mozilla, pdf, performance, photoshop, realtek, registry, rundll, services.exe, software, svchost.exe, trojan, trojaner, usb, windows |