Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Diskussionsforum (https://www.trojaner-board.de/diskussionsforum/)
-   -   Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C (https://www.trojaner-board.de/207215-windows-10-windows-defender-alarm-trojan-win32-occamy-c.html)

Piristibulus 09.08.2023 11:19
Windows 10: Windows Defender Alarm - Trojan:Win32/Occamy.C
 
Hallo,

der Windows Defender auf meinem Rechner mit Windows 10 hat Alarm geschlagen: Der Trojaner "Trojan:Win32/Occamy.C" sei entdeckt worden und in Quarantäne gesteckt worden.

Passiert ist das ganze gestern und zwar als der Rechner dabei war eine Zip-Datei zu entpacken. Ich habe dem Rechner erst einmal gleich vom Internet getrennt und den Defender komplett durchlaufen lassen, er hat bis auf diese Meldung nichts gefunden, wobei ich den Defender angewiesen habe, den Trojaner zu entfernen.

Die Datei, bei deren Entpacken der Alarm ausgelöst wurde, ist die frühere Version einer Textdatenbank . Ich wollte diese Testen, da die aktuelle Version auf meinem Rechner einige Probleme bereitet hat (in der Darstellung und Funktionalität, nichts sicherheitsrelevantes).

Nun möchte ich aber noch einmal sicher gehen und habe FRST heruntergeladen und laufen lassen.

Bei dem Rechner handelt es sich um meinen privaten Rechner.

Hier die beiden log-files:

A) FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023
Ran by ***** (administrator) on DESKTOP-UIULLTJ (Acer Spin SP314-54N) (09-08-2023 11:48:32)
Running from C:\Users\*****\Downloads\FRST64.exe
Loaded Profiles: *****
Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\SyncTrayzor\SyncTrayzor.exe ->) (Stiftelsen Syncthing -> The Syncthing Authors) C:\Users\*****\AppData\Roaming\SyncTrayzor\syncthing.exe <2>
(DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIServiceN.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\dptf_helper.exe
(explorer.exe ->) () [File not signed] C:\Program Files\SyncTrayzor\SyncTrayzor.exe
(explorer.exe ->) () [File not signed] D:\shamela4\app\win\64\bin\shamela.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <5>
(Grammarly, Inc. -> Grammarly) C:\Users\*****\AppData\Local\Grammarly\DesktopIntegrations\Application\1.0.38.801\Grammarly.Desktop.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Mozilla Corporation) [File not signed] C:\Program Files\IceCat\icecat.exe <8>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\PowerFolder.com\PowerFolder\jre\bin\javaw.exe <2>
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIServiceN.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d18534d52d73f63\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d56593f46e53a9ee\IntelCpHDCPSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_238aadee4b6d04be\RtkAudUService64.exe <2>
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2>
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2330.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxextN.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(svchost.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\*****\AppData\Local\Programs\signal-desktop\Signal.exe <4>
(svchost.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_238aadee4b6d04be\RtkAudUService64.exe [1262512 2021-06-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-07-07] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5844432 2023-07-03] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\Run: [SyncTrayzor] => C:\Program Files\SyncTrayzor\SyncTrayzor.exe [2319360 2021-08-07] () [File not signed]
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [629248 2020-01-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1782272 2020-04-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-610 Series 64MonitorBE: C:\Windows\system32\E_ILMBLQE.DLL [179712 2013-10-22] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files\Chromium\Application\115.0.5790.171\Installer\chrmstp.exe [2023-08-07] (The Chromium Authors) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\elastic.lnk [2023-08-06]
ShortcutTarget: elastic.lnk -> D:\new-maktaba-shamila\shamela4\elastic\bin\nircmd.exe (NirSoft) [File not signed]
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerFolder.lnk [2023-07-24]
ShortcutTarget: PowerFolder.lnk -> C:\Program Files\PowerFolder.com\PowerFolder\PowerFolder.exe (dal33t GmbH -> PowerFolder.com)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8D3F5B09-B63E-4D62-B2D1-270F09FBF9BE} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )
Task: {27E2BB60-5EB4-442C-9F1F-8D8C317C2796} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {A013CD0C-E529-4A37-92FA-B98A9F7DB7DF} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {5F73778D-A1C6-403D-A62D-BFA9815AE7A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {7D486FEB-6994-46FE-B8FD-A492E56CF676} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0D7FE08C-7210-46CC-8B4F-E2BD0F84478C} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {643721E1-132C-4D10-8B1D-EE7F659C8654} - System32\Tasks\CareCenter\Adobe Creative Cloud_Reg_HKLMWow6432Run => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-07-07] (Adobe Inc. -> Adobe Inc.)
Task: {22D8F67D-A132-46BB-88AE-662D51F74A69} - System32\Tasks\CareCenter\AdobeAAMUpdater-1.0_Reg_HKLMRun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0FC6FDF4-22C1-4659-8325-690942836529} - System32\Tasks\CareCenter\AdobeGCInvoker-1.0_Reg_HKLMRun => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A7EA24A8-F213-4B02-A8FC-1CAEC40AAD8C} - System32\Tasks\CareCenter\Cisco AnyConnect Secure Mobility Agent for Windows_Reg_HKLMWow6432Run => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1674464 2021-03-31] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
Task: {E8A6D050-EC94-4722-A8AA-040652EE9575} - System32\Tasks\CareCenter\CiscoMeetingDaemon_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\WebEx\ciscowebexstart.exe [4937544 2021-11-05] (Cisco WebEx LLC -> Cisco Webex LLC)
Task: {32FD9AAF-4951-48B4-9B34-37227E2B9018} - System32\Tasks\CareCenter\com.squirrel.Teams.Teams_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\Microsoft\Teams\Update.exe [2587432 2023-03-13] (Microsoft 3rd Party Application Component -> Microsoft Corporation) -> --processStart "Teams.exe" --process-start-args "--system-initiated"
Task: {CB2A8482-53FE-4336-BAF3-5C92168A92EF} - System32\Tasks\CareCenter\EEventManager_Reg_HKLMWow6432Run => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {AB7691EA-67EF-488C-A654-720A5D6BE6C0} - System32\Tasks\CareCenter\EPPCCMON_Reg_HKLMRun => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {BDE9A914-6461-4422-AD0A-F42068580D9F} - System32\Tasks\CareCenter\Everything_Reg_HKLMRun => C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools)
Task: {372A97A6-167D-499C-8B4F-51E2C5C07576} - System32\Tasks\CareCenter\Grammarly_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [777304 2023-07-18] (Grammarly, Inc. -> Grammarly)
Task: {7EB9A851-FB21-4CFA-8788-54F4BFCD2E66} - System32\Tasks\CareCenter\org.whispersystems.signal-desktop_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Users\*****\AppData\Local\Programs\signal-desktop\Signal.exe [163621088 2023-07-31] (Signal Messenger, LLC -> Signal Messenger, LLC)
Task: {79C7EA18-08D8-41F0-A5A4-07CDACD0F936} - System32\Tasks\CareCenter\PowerFolder.lnk_FolderAppdata_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Program Files\PowerFolder.com\PowerFolder\PowerFolder.exe [59312 2023-06-07] (dal33t GmbH -> PowerFolder.com)
Task: {77C0D800-5085-428A-9FBD-DB0F97F48E73} - System32\Tasks\CareCenter\Steam_Reg_HKCURun_S-1-5-21-917627657-1518166570-4135675860-1001 => C:\Program Files (x86)\Steam\steam.exe [4374376 2023-07-28] (Valve Corp. -> Valve Corporation)
Task: {FCA3F0FB-1ECC-4B53-94BF-65BB01C64221} - System32\Tasks\Chocolatey Updates => Command(1): C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -> Set-ExecutionPolicy Unrestricted –Force <==== ATTENTION
Task: {FCA3F0FB-1ECC-4B53-94BF-65BB01C64221} - System32\Tasks\Chocolatey Updates => Command(2): C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -> .\ .\samplescript.ps1 <==== ATTENTION
Task: {5B0E75EA-D5CC-49B5-B2A6-DF776FB74F68} - System32\Tasks\EPSON XP-610 Series Invitation {41734558-72E1-452F-AA96-3CAF989BC79A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {C5E6250B-EDB2-4829-B652-E0CA03CAA383} - System32\Tasks\EPSON XP-610 Series Invitation {44A7F2B6-5662-4B10-93BE-699E6190BA69} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {B4FD13D1-1742-4D17-BCDC-2E98C74FFE10} - System32\Tasks\EPSON XP-610 Series Update {41734558-72E1-452F-AA96-3CAF989BC79A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {CC7734B3-078B-4490-AAFD-5E54C416DADC} - System32\Tasks\EPSON XP-610 Series Update {44A7F2B6-5662-4B10-93BE-699E6190BA69} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {1E3BD76B-1B86-4211-9560-B6B37D821810} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {33171103-121F-40FE-9025-8BF0FB7C3828} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {262D83FF-C62F-4D7F-AB59-995317A980E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {7DAE9AA9-5E94-4794-8AD0-15CC79C8FE39} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {A06AD3A1-AAC1-4C21-86BD-2EBB3BDB2374} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {36542DDC-6051-4CFE-815C-E7E8E60BAAAC} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {05D92088-E40B-47ED-A7F0-F4857A747F8C} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4394600 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {8AF6B551-C942-4469-9844-16963676DEB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE8D7BB5-A0D2-4DB8-AA31-B5AD41316779} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D4133C81-7AC3-4C16-AC88-F198AC62944A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DA47F765-A530-4419-AFE8-652E0497674F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A193B9B-BCC9-4396-8A9C-827BE28A4ADA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {DAF737BA-4855-4070-B610-E9D128DFE022} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-917627657-1518166570-4135675860-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {5E6AE606-3144-4CF8-B5B0-C8F7062ECF8E} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {DE6E6EDB-2660-4502-A906-9DD8242A0F6B} - System32\Tasks\Quick Access Wi-Fi Power Switch => C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe [211616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {8FBEFECA-68F1-42CC-9E2D-4BF50DB2EEA9} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {41734558-72E1-452F-AA96-3CAF989BC79A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {44A7F2B6-5662-4B10-93BE-699E6190BA69}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {41734558-72E1-452F-AA96-3CAF989BC79A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{41734558-72E1-452F-AA96-3CAF989BC79A} /F:UpdateWORKGROUP\DESKTOP-UIULLTJ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {44A7F2B6-5662-4B10-93BE-699E6190BA69}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{44A7F2B6-5662-4B10-93BE-699E6190BA69} /F:UpdateWORKGROUP\DESKTOP-UIULLTJ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{164f5aa9-e20f-4b80-9f5f-30473a1eacd0}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{164f5aa9-e20f-4b80-9f5f-30473a1eacd0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5d537c1c-69a6-475d-bc15-cb0c08a63cfb}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{5d537c1c-69a6-475d-bc15-cb0c08a63cfb}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d8beb2db-3430-47df-8610-41ac191fecba}: [DhcpNameServer] 141.2.98.225 141.2.149.10

Edge:
=======
Edge Profile: C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-29]
Edge Extension: (Edge relevant text changes) - C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-29]

FireFox:
========
FF DefaultProfile: 3m668vgc.default
FF DefaultProfile: o810xany.default
FF DefaultProfile: g5hiqxym.default
FF ProfilePath: C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default [2023-08-06]
FF Extension: (Zotero Date From Last Modified) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\date-from-last-modified@iris-advies.com.xpi [2020-12-03] [Legacy] [not signed]
FF Extension: (Zotero Memento) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zotero-memento@tran.org.xpi [2020-12-03] [Legacy] [not signed]
FF Extension: (Zotero OCR) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zotero-ocr@bib.uni-mannheim.de.xpi [2022-05-25] [Legacy] [not signed]
FF Extension: (DOI Manager) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zoteroshortdoi@wiernik.org.xpi [2022-02-17] [Legacy] [not signed]
FF Extension: (ZotFile) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zotfile@columbia.edu.xpi [2022-11-01] [Legacy] [not signed]
FF Extension: (Zutilo Utility for Zotero) - C:\Users\*****\AppData\Roaming\Zotero\Zotero\Profiles\3m668vgc.default\Extensions\zutilo@www.wesailatdawn.com.xpi [2021-08-30] [Legacy] [not signed]
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\icecat\Profiles\o810xany.default [2023-08-09]
FF Homepage: Mozilla\icecat\Profiles\o810xany.default -> hxxps://www.youtube.com/playlist?list=PLEoMzSkcN8oNxnj7jm5V2ZcGc52002pQU|hxxps://www.youtube.com/watch?v=Xy0YgnXFt1M&list=PLEoMzSkcN8oNxnj7jm5V2ZcGc52002pQU&index=4|hxxps://www.youtube.com/watch?v=oSy-TmoxG_Y&list=PLEoMzSkcN8oNxnj7jm5V2ZcGc52002pQU&index=7|hxxps://systemcrafters.net/videos/|hxxps://systemcrafters.net/craft-your-system-with-guix/full-system-install/|hxxps://wiki.systemcrafters.cc/guix|hxxps://wiki.systemcrafters.cc/guix/general-recommendations|hxxps://guix.gnu.org/manual/en/html_node/System-Installation.html|hxxps://wiki.systemcrafters.cc/guix/faqs|hxxps://guix.gnu.org/en/download/|hxxps://guix.gnu.org/packages/X/page/3/|hxxps://www.x.org/wiki/|hxxps://meinnvda.de/
FF Extension: (URLs List) - C:\Users\*****\AppData\Roaming\Mozilla\icecat\Profiles\o810xany.default\Extensions\{88664789-f91e-40e1-adb9-e4e9a8c48867}.xpi [2023-03-22]
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961 [2023-08-09]
FF Homepage: Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961 -> chrome://browser/content/blanktab.html
FF Session Restore: Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961 -> is enabled.
FF Extension: (English United States Dictionary) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\@unitedstatesenglishdictionary.xpi [2022-01-14]
FF Extension: (Dark Reader) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\addon@darkreader.org.xpi [2023-06-27]
FF Extension: (HTTPS Everywhere) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (Tomato Clock) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\jid1-Kt2kYYgi32zPuw@jetpack.xpi [2022-01-23]
FF Extension: (Privacy Badger) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2023-06-29]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2023-08-07]
FF Extension: (Language: English (US)) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2023-08-07]
FF Extension: (uBlock Origin) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\uBlock0@raymondhill.net.xpi [2023-07-28]
FF Extension: (uMatrix) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\uMatrix@raymondhill.net.xpi [2021-07-20]
FF Extension: (Zotero Connector) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\zotero@chnm.gmu.edu.xpi [2023-07-09] [UpdateUrl:hxxps://www.zotero.org/download/connector/firefox/release/updates.json]
FF Extension: (Dunkler Modus - Nachtauge) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\{7c6d56ed-2616-48f2-bfde-d1830f1cf2ed}.xpi [2023-05-04]
FF Extension: (URLs List) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\{88664789-f91e-40e1-adb9-e4e9a8c48867}.xpi [2020-09-21]
FF Extension: (Lightbeam 3.0) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\oijrtuiw.default-release-1597097208961\Extensions\{b2b71fbe-73c1-4b90-82fb-a1255bab1a55}.xpi [2020-08-28]
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\g5hiqxym.default [2020-11-30]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-10-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-07-07] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-07-07] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKU\S-1-5-21-917627657-1518166570-4135675860-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-07-07] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [4466744 2019-06-07] (CANON INC. -> CANON INC.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43272 2023-07-03] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [212744 2023-07-03] (Intel Corporation -> Intel)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [210872 2021-03-21] (DTS, Inc. -> DTS Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-12-01] (Microsoft Windows -> Microsoft Corporation)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [804296 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ChromiumElevationService; "C:\Program Files\Chromium\Application\115.0.5790.99\elevation_service.exe" [X]
S3 Intel(R) SUR QC SAM; "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [X]
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\*****\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DM9USB; C:\Windows\System32\drivers\dm9usb.sys [58736 2022-09-08] (WDKTestCert Administrator,132784955112911388 -> DAVICOM Semiconductor, Inc.)
R3 iaLPSS2_GPIO2_ICL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_a88140dd513c6aee\iaLPSS2_GPIO2_ICL.sys [131584 2019-12-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_e0e88582ca2b3459\iaLPSS2_I2C_ICL.sys [198656 2019-12-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_4ef504b29cf2a0df\gna.sys [74336 2019-08-21] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslda1ddf04; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E45B4B9C-C59B-4964-8683-A488FAB29E36}\MpKslDrv.sys [221480 2023-08-08] (Microsoft Windows -> Microsoft Corporation)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1140584 2022-04-19] (Realtek Semiconductor Corp. -> Realtek Corporation)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [253224 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [264096 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1062048 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74048 2021-03-31] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2023-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-09 11:48 - 2023-08-09 11:49 - 000040831 _____ C:\Users\*****\Downloads\FRST.txt
2023-08-09 11:48 - 2023-08-09 11:49 - 000000000 ____D C:\FRST
2023-08-09 11:47 - 2023-08-09 11:47 - 002384896 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2023-08-08 11:06 - 2023-08-08 11:06 - 000001225 _____ C:\Users\*****\Downloads\urls-list-2023-08-08-11-06-23.txt
2023-08-07 23:29 - 2023-08-08 11:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-07 11:41 - 2023-08-07 11:41 - 000001213 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\LINE.lnk
2023-08-05 12:25 - 2023-08-05 12:25 - 027311919 ____R C:\Users\*****\Downloads\[Beihefte zur Zeitschrift fur die Alttestamentliche Wissenschaft_ 103] Matthew Black, Georg Fohrer - In Memoriam Paul Kahle (1968, Verlag Alfred Töpelmann) - libgen.li.pdf
2023-08-05 11:02 - 2023-08-05 11:02 - 002957005 ____R C:\Users\*****\Downloads\v22_03_Hanitsch_051-102.pdf
2023-08-04 14:24 - 2023-08-08 11:29 - 000000816 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\المكتبة الشاملة.lnk
2023-08-04 14:24 - 2023-08-04 14:24 - 000000000 ____D C:\Users\*****\AppData\Roaming\shamela_4
2023-08-04 14:17 - 2023-08-04 14:17 - 000000000 ____D C:\Users\*****\Downloads\****2023-08-04_121558
2023-08-04 14:15 - 2023-08-04 14:16 - 127505091 _____ C:\Users\*****\Downloads\****_2023-08-04_121558.zip
2023-08-04 11:56 - 2023-08-04 11:56 - 000609938 _____ C:\Users\*****\Downloads\Blois-Qurn937CIH-2004.pdf
2023-08-04 01:27 - 2023-08-04 01:27 - 000000561 _____ C:\Users\*****\Downloads\urls-list-2023-08-04-01-27-46.txt
2023-08-03 12:45 - 2023-08-03 12:45 - 000001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2023.lnk
2023-08-03 12:11 - 2023-08-03 12:11 - 006054767 _____ C:\Users\*****\Downloads\Brunner_2014_Remarks.pdf
2023-08-03 11:55 - 2023-08-03 11:55 - 000741517 _____ C:\Users\*****\Downloads\aktuelle_analysen_26.pdf
2023-08-03 11:22 - 2023-08-03 11:22 - 000322300 _____ C:\Users\*****\Downloads\Abstract_Hanitsch_paper_1.pdf
2023-08-02 16:45 - 2023-08-02 16:45 - 000129256 ____R C:\Users\*****\Downloads\the_Formative_Period_of_Islam_and_the_Do.pdf
2023-08-02 12:33 - 2023-08-06 10:14 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-08-02 10:23 - 2023-08-02 10:23 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-08-02 10:22 - 2023-08-02 10:22 - 000000752 _____ C:\Users\*****\Downloads\urls-list-2023-08-02-10-22-50.txt
2023-08-01 11:23 - 2023-08-01 11:23 - 000000000 ____D C:\Program Files\Eclipse Adoptium
2023-07-31 19:54 - 2023-07-31 19:54 - 000000000 ____D C:\Users\*****\Downloads\FP5116
2023-07-31 18:21 - 2023-07-31 18:21 - 006790684 _____ C:\Users\*****\Downloads\770508600273360459.pdf
2023-07-31 18:14 - 2023-07-31 18:14 - 000000000 ____D C:\Users\*****\Downloads\waq43317
2023-07-29 19:08 - 2023-07-29 19:08 - 002940331 _____ C:\Users\*****\Downloads\1389d2b2-3af1-4ffc-8072-6d687912bc55.mp4
2023-07-28 22:31 - 2023-07-28 22:31 - 000000645 _____ C:\Users\*****\Downloads\urls-list-2023-07-28-22-31-47.txt
2023-07-28 20:59 - 2023-07-28 20:59 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-07-28 16:01 - 2023-07-28 16:02 - 000282301 ____R C:\Users\*****\Downloads\Overview_traditions_in_collections - pursuit Suraqa.pdf
2023-07-28 13:18 - 2023-07-28 13:18 - 000000000 ____D C:\Users\*****\Downloads\wetransfer_abbildungen_2023-07-27_2309
2023-07-28 12:21 - 2023-07-28 12:21 - 000121841 ____R C:\Users\*****\Downloads\Diagram_asanid_traditions_alBara.pdf
2023-07-27 16:35 - 2023-07-27 16:35 - 000000000 ____D C:\Users\*****\Downloads\waq116113
2023-07-27 12:14 - 2023-07-27 12:14 - 000134921 ____R C:\Users\*****\Downloads\Diagram_asanid_traditions_alZuhri.pdf
2023-07-27 10:11 - 2023-07-27 10:11 - 001562058 _____ C:\Users\*****\Downloads\FSzI_Bd_7_HC_Cover_korr_02.pdf
2023-07-27 10:11 - 2023-07-27 10:11 - 001515675 _____ C:\Users\*****\Downloads\FSzI_Bd_7_HC_Cover_korr.pdf
2023-07-27 10:11 - 2023-07-27 10:11 - 001415399 _____ C:\Users\*****\Downloads\FSzI_Bd_7_HC_Cover_korr_03.pdf
2023-07-26 21:31 - 2023-07-26 21:31 - 000001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2023.lnk
2023-07-26 00:22 - 2023-07-26 00:22 - 000000415 _____ C:\Users\*****\Downloads\urls-list-2023-07-26-00-22-42.txt
2023-07-26 00:21 - 2023-07-26 00:21 - 000471963 _____ C:\Users\*****\Downloads\quiz-results-my-family-2023-07-25.pdf
2023-07-26 00:08 - 2023-07-26 00:08 - 000471849 _____ C:\Users\*****\Downloads\quiz-results-the-home-2023-07-25.pdf
2023-07-25 23:55 - 2023-07-25 23:55 - 000472241 _____ C:\Users\*****\Downloads\quiz-results-jih-mah-and-soh-2023-07-25.pdf
2023-07-25 23:46 - 2023-07-25 23:46 - 000468289 _____ C:\Users\*****\Downloads\quiz-results-alphabet-quiz-2023-07-25.pdf
2023-07-25 23:42 - 2023-07-25 23:42 - 000105786 _____ C:\Users\*****\Downloads\Orthography.pdf
2023-07-25 23:41 - 2023-07-25 23:41 - 000013143 _____ C:\Users\*****\Downloads\klir____.pfb
2023-07-25 23:41 - 2023-07-25 23:41 - 000009189 _____ C:\Users\*****\Downloads\klir____.afm
2023-07-25 23:41 - 2023-07-25 23:41 - 000006212 _____ C:\Users\*****\Downloads\kli_font.txt
2023-07-25 23:41 - 2023-07-25 23:41 - 000002463 _____ C:\Users\*****\Downloads\klir____.pfm
2023-07-25 23:40 - 2023-07-25 23:40 - 000024033 _____ C:\Users\*****\Downloads\klipid__.ttf
2023-07-25 23:40 - 2023-07-25 23:40 - 000019139 _____ C:\Users\*****\Downloads\kliid___.afm
2023-07-25 23:40 - 2023-07-25 23:40 - 000016413 _____ C:\Users\*****\Downloads\klir____.ttf
2023-07-25 23:40 - 2023-07-25 23:40 - 000015400 _____ C:\Users\*****\Downloads\kliid___.pfb
2023-07-25 23:40 - 2023-07-25 23:40 - 000002729 _____ C:\Users\*****\Downloads\kliid___.pfm
2023-07-25 23:28 - 2023-07-25 23:29 - 000472193 _____ C:\Users\*****\Downloads\quiz-results-basic-language-terminology-2023-07-25.pdf
2023-07-25 22:44 - 2023-07-25 22:44 - 000181779 _____ C:\Users\*****\Downloads\Membership Confirmation – Klingon Language Institute.pdf
2023-07-24 22:03 - 2023-07-24 22:03 - 003826581 _____ C:\Users\*****\Downloads\OneDrive-2023-07-24(1).zip
2023-07-24 21:59 - 2023-07-24 21:59 - 001232082 _____ C:\Users\*****\Downloads\OneDrive-2023-07-24.zip
2023-07-24 20:27 - 2023-07-24 20:27 - 000000504 _____ C:\Users\*****\Downloads\urls-list-2023-07-24-20-27-44.txt
2023-07-24 20:26 - 2023-07-24 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerFolder
2023-07-24 14:57 - 2023-07-24 14:57 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk
2023-07-23 12:00 - 2023-07-23 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2023-07-21 23:36 - 2023-07-21 23:36 - 001027394 _____ C:\Users\*****\Downloads\Datenübersicht.pdf
2023-07-17 11:24 - 2023-07-17 11:25 - 000000000 ____D C:\Users\*****\AppData\Local\WhatsApp
2023-07-15 18:46 - 2023-07-15 18:46 - 000002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2023-07-14 14:17 - 2023-07-15 11:43 - 000000000 ____D C:\Program Files\scoped_dir3820_1493974707
2023-07-12 12:39 - 2023-07-12 12:39 - 000264096 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2023-07-12 12:39 - 2023-07-12 12:39 - 000253224 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2023-07-12 12:05 - 2023-07-12 12:05 - 000000000 ___HD C:\$WinREAgent
2023-07-11 10:42 - 2023-07-11 10:42 - 000000000 ____D C:\Program Files\scoped_dir2380_1778905529
2023-07-10 20:00 - 2023-07-10 20:00 - 013731999 _____ C:\Users\*****\OneDrive\Documents\2f23df6b-284c-4192-b5ad-6927ff425ad4.mp4
2023-07-10 15:04 - 2023-07-10 15:04 - 000000000 ____D C:\Program Files\scoped_dir10456_1500925394
2023-07-10 13:57 - 2023-07-10 13:57 - 000000000 ____D C:\Program Files\scoped_dir724_23497490

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-09 11:49 - 2023-01-12 12:42 - 000000000 ____D C:\Users\*****\AppData\Roaming\Signal
2023-08-09 11:49 - 2022-02-10 12:57 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-09 11:46 - 2020-11-30 16:07 - 000000000 ____D C:\Program Files (x86)\Steam
2023-08-09 11:46 - 2020-11-30 15:52 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Mozilla
2023-08-09 11:46 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-09 11:41 - 2022-01-31 19:30 - 000000000 ____D C:\Users\*****\AppData\Roaming\PowerFolder
2023-08-09 11:39 - 2020-11-30 15:28 - 000000000 ____D C:\Users\*****
2023-08-09 11:38 - 2020-09-27 07:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-09 11:12 - 2023-05-18 13:33 - 000000000 ____D C:\Users\*****\AppData\Local\Malwarebytes
2023-08-08 11:22 - 2022-05-03 11:46 - 000001688 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2023-08-08 11:22 - 2021-05-28 19:26 - 000000000 ___RD C:\Users\*****\Creative Cloud Files
2023-08-08 11:13 - 2020-11-30 15:44 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-08 11:13 - 2020-11-30 15:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-08 11:11 - 2023-05-02 10:59 - 000000000 ____D C:\Users\*****\AppData\Roaming\SyncTrayzor
2023-08-08 11:11 - 2020-11-30 17:47 - 000000000 __SHD C:\Users\*****\IntelGraphicsProfiles
2023-08-08 11:06 - 2020-12-01 13:32 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Word
2023-08-08 11:06 - 2020-11-30 17:46 - 000000000 ____D C:\Users\*****\AppData\Local\Everything
2023-08-08 11:06 - 2020-11-30 16:25 - 000000000 ____D C:\Users\*****\AppData\Roaming\Everything
2023-08-08 10:25 - 2019-12-07 16:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-08-08 03:36 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Registration
2023-08-07 11:42 - 2022-09-09 17:30 - 000000000 ____D C:\Users\*****\AppData\Roaming\Telegram Desktop
2023-08-07 11:42 - 2022-09-09 17:30 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2023-08-07 11:42 - 2021-07-16 21:07 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE
2023-08-07 11:42 - 2020-12-01 14:30 - 000000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2023-08-07 11:41 - 2023-05-12 16:59 - 000002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2023-08-07 11:41 - 2023-05-12 16:59 - 000000000 ____D C:\Program Files\Chromium
2023-08-07 11:39 - 2020-11-30 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2023-08-07 11:39 - 2020-11-30 16:17 - 000000000 ____D C:\Program Files\Calibre2
2023-08-07 11:17 - 2021-01-15 12:27 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Skype for Desktop
2023-08-07 11:16 - 2020-11-30 15:28 - 000000000 ___SD C:\Users\*****\AppData\Roaming\Microsoft\Credentials
2023-08-06 21:45 - 2020-12-08 14:42 - 000000000 ____D C:\Users\*****\AppData\Roaming\.emacs.d
2023-08-06 19:03 - 2023-01-10 18:24 - 000479500 _____ C:\Windows\system32\perfh011.dat
2023-08-06 19:03 - 2023-01-10 18:24 - 000133362 _____ C:\Windows\system32\perfc011.dat
2023-08-06 19:03 - 2021-12-19 01:56 - 000000000 ____D C:\Windows\SystemTemp
2023-08-06 19:03 - 2020-12-01 14:27 - 000550068 _____ C:\Windows\system32\perfh008.dat
2023-08-06 19:03 - 2020-12-01 14:27 - 000091078 _____ C:\Windows\system32\perfc008.dat
2023-08-06 19:03 - 2020-11-30 15:31 - 002984860 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-06 19:03 - 2019-12-07 16:50 - 000739866 _____ C:\Windows\system32\perfh007.dat
2023-08-06 19:03 - 2019-12-07 16:50 - 000152130 _____ C:\Windows\system32\perfc007.dat
2023-08-06 19:03 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-06 18:57 - 2020-09-27 09:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-06 18:57 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-06 18:57 - 2020-04-30 09:36 - 000000000 ___HD C:\Intel
2023-08-06 18:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2023-08-06 18:56 - 2019-12-07 11:03 - 001048576 _____ C:\Windows\system32\config\BBI
2023-08-06 18:34 - 2023-05-09 14:03 - 000000000 ____D C:\Users\*****\Transfer
2023-08-06 18:15 - 2020-09-27 07:50 - 000556352 _____ C:\Windows\system32\FNTCACHE.DAT
2023-08-06 13:40 - 2020-12-01 16:42 - 000000000 ____D C:\Users\*****\AppData\Local\D3DSCache
2023-08-06 13:38 - 2022-08-04 10:58 - 000000000 ____D C:\Users\*****\AppData\Roaming\com.adobe.dunamis
2023-08-06 13:38 - 2020-11-30 15:34 - 000000000 ____D C:\Users\*****\OneDrive\Documents\Adobe
2023-08-05 01:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-05 01:17 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-04 14:24 - 2020-12-02 17:33 - 000000000 ____D C:\Users\*****\AppData\Roaming\vlc
2023-08-03 23:34 - 2020-12-03 18:00 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Adobe
2023-08-03 12:45 - 2020-12-01 16:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-08-03 12:45 - 2020-12-01 16:42 - 000000000 ____D C:\Program Files\Adobe
2023-08-02 15:57 - 2020-11-30 16:08 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-08-02 12:32 - 2020-12-01 13:17 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-02 12:18 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-02 10:25 - 2020-11-30 16:25 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-02 10:24 - 2020-11-30 16:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-02 10:24 - 2020-11-30 16:24 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-02 10:23 - 2023-06-07 22:34 - 000000000 ____D C:\ProgramData\ChocolateyHttpCache
2023-08-02 10:23 - 2020-11-30 15:40 - 000000000 ____D C:\ProgramData\chocolatey
2023-08-01 11:22 - 2021-08-24 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2023-07-30 13:19 - 2021-04-07 14:01 - 000000000 ____D C:\Users\*****\AppData\Local\T2GP Launcher
2023-07-30 00:08 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-07-29 21:15 - 2022-08-21 22:12 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-07-29 11:27 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-29 11:26 - 2022-08-21 22:37 - 000000445 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-07-28 22:32 - 2020-12-01 13:32 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Office
2023-07-28 20:59 - 2020-12-01 16:46 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-07-27 17:32 - 2020-11-30 17:40 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2023-07-27 09:42 - 2023-05-02 11:00 - 000000000 ____D C:\Users\*****\AppData\Local\Syncthing
2023-07-26 23:09 - 2020-12-18 11:00 - 000000000 ____D C:\Windows\Minidump
2023-07-25 09:59 - 2020-11-30 15:31 - 000000000 ____D C:\Users\*****\AppData\Local\Packages
2023-07-25 09:45 - 2021-04-14 23:13 - 000000000 ____D C:\Program Files\Zoom
2023-07-25 09:43 - 2020-12-01 13:22 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pandoc
2023-07-25 09:43 - 2020-12-01 13:22 - 000000000 ____D C:\Users\*****\AppData\Local\Pandoc
2023-07-25 08:08 - 2020-09-27 09:51 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-07-24 15:21 - 2020-12-03 13:11 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Excel
2023-07-24 14:57 - 2020-11-30 15:31 - 000000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2023-07-23 11:57 - 2022-02-06 23:20 - 000001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenRefine.lnk
2023-07-21 17:45 - 2020-11-30 15:34 - 000000000 ___SD C:\Users\*****\OneDrive\Documents\Privat
2023-07-21 17:36 - 2021-03-17 16:40 - 000000000 ____D C:\Users\*****\Downloads\URLs
2023-07-21 14:13 - 2020-11-30 15:34 - 000000000 ___SD C:\Users\*****\OneDrive\Documents\Current_Projects
2023-07-18 11:55 - 2021-10-14 15:49 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2023-07-17 11:25 - 2021-10-14 15:49 - 000000000 ____D C:\Users\*****\AppData\Roaming\WhatsApp
2023-07-17 11:25 - 2020-12-01 11:42 - 000000000 ____D C:\Users\*****\AppData\Local\SquirrelTemp
2023-07-15 18:46 - 2022-10-29 23:19 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2023-07-15 18:46 - 2022-10-29 23:19 - 000000000 ____D C:\Program Files (x86)\GnuPG
2023-07-13 03:41 - 2022-08-19 22:23 - 000000000 ____D C:\Windows\system32\lxss
2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-07-13 03:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-07-12 14:23 - 2020-09-27 09:53 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-07-12 12:39 - 2023-04-20 09:39 - 000202784 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2023-07-12 12:39 - 2023-04-20 09:38 - 001062048 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxSup.sys
2023-07-12 12:04 - 2021-12-08 16:20 - 000000000 ____D C:\Program Files\dotnet
2023-07-12 12:04 - 2020-11-30 15:46 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-12 12:03 - 2021-12-08 16:20 - 000000000 ____D C:\Program Files (x86)\dotnet
2023-07-12 12:00 - 2020-12-16 12:33 - 000000000 ____D C:\Windows\system32\MRT
2023-07-12 11:55 - 2020-12-16 12:33 - 173351160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-07-12 11:43 - 2022-10-14 12:04 - 000002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-07-12 11:43 - 2022-10-14 12:04 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-07-11 20:07 - 2020-09-27 09:52 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-11 20:07 - 2020-09-27 09:52 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-12-01 23:42 - 2020-12-01 23:42 - 000000000 _____ () C:\Users\*****\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
- da beide Logfiles zusammen zu lang sind, kommt der Rest ins nächste Posting

Piristibulus 09.08.2023 11:19
Hier Teil 2:

B) additions.txt

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023
Ran by ***** (09-08-2023 11:51:05)
Running from C:\Users\*****\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2020-11-30 13:25:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-917627657-1518166570-4135675860-500 - Administrator - Disabled)
***** (S-1-5-21-917627657-1518166570-4135675860-1001 - Administrator - Enabled) => C:\Users\*****
DefaultAccount (S-1-5-21-917627657-1518166570-4135675860-503 - Limited - Disabled)
Gast (S-1-5-21-917627657-1518166570-4135675860-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-917627657-1518166570-4135675860-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.003.20244 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.11.0.522.1 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.49 - Adobe Inc.)
Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_7) (Version: 27.7 - Adobe Inc.)
Adobe InDesign 2023 (HKLM-x32\...\IDSN_18_5) (Version: 18.5 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_7) (Version: 24.7.0.643 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Anki (HKLM-x32\...\Anki) (Version: 2.1.54 - )
Arabisch (Special) (HKLM\...\{263C9F95-ED75-4012-A108-ADBCC0AF9450}) (Version: 1.0.3.40 - al-Ghaliun Production)
balenaEtcher 1.18.11 (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.18.11 - Balena Ltd.)
calibre 64bit (HKLM\...\{C034EE35-6695-4523-BEBE-12ED15960189}) (Version: 6.24.0 - Kovid Goyal)
Canon Generic Plus PCL6 Printer Driver Uninstaller (HKLM\...\Canon Generic Plus PCL6) (Version: 7, 3, 0, 0 - Canon Inc.)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
Chromium (HKLM-x32\...\Chromium) (Version: 115.0.5790.171 - The Chromium Authors)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.00093 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{6B15DEBB-2AB9-42DD-8ECF-82EF8F21CC69}) (Version: 4.10.00093 - Cisco Systems, Inc.) Hidden
Cisco Webex Meetings (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
Colour Contrast Analyser (CCA) (HKLM\...\{B0B9ED31-E653-4B5A-A410-203684792BCC}) (Version: 3.1.1.0 - Cédric Trévisan)
DB Browser for SQLite (HKLM\...\{5211034D-495B-4A5E-9B8D-8961BBB2B9E2}) (Version: 3.12.2 - DB Browser for SQLite Team)
Deutsch (Orientalistik) (HKLM\...\{ACDBE22B-ABED-4D0B-A5C6-FC741E4DBAB9}) (Version: 1.0.3.40 - Institut für Iranistik)
DjVuLibre DjView  3.5.28+4.12 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.28+4.12 - DjVuZone)
Documentation Manager (HKLM\...\{17C797EF-1D27-41CF-8A52-024F33A8A8FE}) (Version: 22.80.1.1 - Intel Corporation) Hidden
Documentation Manager (HKLM\...\{619AF8CA-69CA-4463-88F7-86E2E387FB66}) (Version: 22.230.0.8 - Intel Corporation) Hidden
Eclipse Temurin JRE mit Hotspot 8u382-b05 (x64) (HKLM\...\{5DA5EFCA-79E7-41A3-AD52-9383EF948EBB}) (Version: 8.0.382.5 - Eclipse Adoptium)
EditPad Pro 7 v.7.6.7 (HKLM\...\EditPad Pro 7) (Version: v.7.6.7 - Just Great Software)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
FlightGear v2020.3.6 (HKLM\...\FlightGear_is1) (Version:  - The FlightGear Team)
Gephi 0.10.1 (HKLM\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: 0.10.1 - Gephi)
Git (HKLM\...\Git_is1) (Version: 2.41.0 - The Git Development Community)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.4.3 - The GnuPG Project)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
Gpg4win (4.2.0) (HKLM-x32\...\Gpg4win) (Version: 4.2.0 - The Gpg4win Project)
Grammarly for Windows (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\Grammarly Desktop Integrations) (Version: 1.0.38.801 - Grammarly)
Graphviz (HKLM-x32\...\Graphviz) (Version: 8.1.0 - Graphviz)
HandBrake 1.6.1 (HKLM-x32\...\HandBrake) (Version: 1.6.1 - )
IceCat (x64 en-US) (HKLM\...\IceCat 91.9.1 (x64 en-US)) (Version: 91.9.1 - Mozilla)
Intel Driver && Support Assistant (HKLM-x32\...\{0F7F6F7B-684E-435A-9FCE-C8A1F71EDA14}) (Version: 23.3.25.6 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{56b89a97-2659-4931-bffa-4b136a521eb1}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{899f8bb6-99cd-4f33-a004-c70d9ec22260}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{d0e4f33b-f383-4c75-8d81-ec92db2939eb}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ed8a48d8-7f70-4dcd-b524-163792643281}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) SUR QC Software Asset Manager (HKLM\...\{B3804557-9824-4918-AA88-0DFAC94CD3B5}) (Version: 3.5.5033 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000230-0220-1031-84C8-B8D95FA3C8C3}) (Version: 22.230.0.2 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{0ddcdf18-17cd-44ad-af4e-ba6821421c30}) (Version: 23.3.25.6 - Intel)
Intel® Software Installer (HKLM-x32\...\{09b61d86-bc76-4353-a7d8-ebc9e2822195}) (Version: 22.230.0.8 - Intel Corporation) Hidden
LernBar Studio 4 (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\LernBarStudio) (Version:  - )
LibreOffice 7.1.2.2 (HKLM\...\{07426A34-E0CD-4EC4-843B-F7A47C7BC835}) (Version: 7.1.2.2 - The Document Foundation)
LINE (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\LINE) (Version: 8.2.0.3154 - LINE Corporation)
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.20 (x64) (HKLM\...\{217B2755-3BAD-486B-9606-CCD0E6CF3BE8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.20 (x86) (HKLM-x32\...\{82F89EDB-1DF1-402B-BED6-01C736967B6F}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x64) (HKLM\...\{76FA02FF-603F-48BB-9E3F-17ED5DB861E8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x86) (HKLM-x32\...\{561137EF-2ECE-48F0-A6D6-6260AC7112A5}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM\...\{6CE8AD8C-E6D5-4BF7-91C3-7F8106A5CD93}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x86) (HKLM-x32\...\{6E4984A9-4321-4D96-861F-D03578E68C8B}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.20 (x64) (HKLM\...\{53531ED1-E480-4012-9912-BF1C67547BF3}) (Version: 48.83.63194 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.20 (x64) (HKLM-x32\...\{8e256e2b-a36f-4f85-a4c7-37fdf661778c}) (Version: 6.0.20.32621 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{39139702-799e-4843-8d90-cfe9330b285a}) (Version: 6.0.20.32621 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{FC641ACB-FE5E-4F88-B392-9421BDCA1143}) (Version: 48.83.63194 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 116.0.2 (x64 de)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 116.0 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 115.1.0 (x64 de)) (Version: 115.1.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 7.0.10 (HKLM\...\{16919967-9ED2-47C0-B86C-987992BA491F}) (Version: 7.0.10 - Oracle and/or its affiliates)
Oxygen XML Editor 25.1 (64-bit) (HKLM\...\8531-1278-6363-8538) (Version: 25.1 - SyncRO Soft)
Pandoc 3.1.6 (HKLM\...\{2436203B-0BDD-4FC7-BC74-03A4A690F12C}) (Version: 3.1.6 - John MacFarlane)
PowerFolder (HKLM-x32\...\PowerFolder) (Version: 19.2.100.0 - PowerFolder.com)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
QuickSteuer Deluxe 2021 (HKLM-x32\...\{A2846AC5-3D80-4229-8408-782C760CD0D2}) (Version: 26.45.124 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2022 (HKLM-x32\...\{7D964C53-6E60-4483-99F6-C393BA285169}) (Version: 27.32.81 - Haufe-Lexware GmbH & Co.KG)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8929.1 - Realtek Semiconductor Corp.)
ReinstallWindows (HKLM\...\{BF6DE64B-BCE9-433A-865A-2871F7AD5980}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Signal 6.27.0 (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.27.0 - Signal Messenger, LLC)
Skype 8.100 (HKLM-x32\...\{7822B534-EC4E-4139-9320-03303496E0C3}) (Version: 8.100.0.203 - Skype Technologies S.A.)
Skype version 8.100 (HKLM-x32\...\Skype_is1) (Version: 8.100 - Skype Technologies S.A.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strawberry Perl (64-bit) (HKLM\...\{2DC518D0-750A-1014-A07D-5301D6FAD9F8}) (Version: 5.32.1001 - strawberryperl.com project)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk)
SyncTrayzor (x64) version 1.1.29.0 (HKLM\...\{c004dcef-b848-46a5-9c30-4dbf736396fa}_is1) (Version: 1.1.29.0 - SyncTrayzor)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
Telegram Desktop (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.8.10 - Telegram FZ-LLC)
TeX Live 2022 (HKLM-x32\...\TeXLive2022) (Version: 2022 - TeX Live)
tiptoi® Manager 5.0.2 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.0.2 - Ravensburger AG)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VidyoConnect (HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\VidyoConnect) (Version: 21.6.0.17451 - Vidyo Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows Driver Package - DAVICOM Semiconductor, Inc. (DM9USB) Net  (07/03/2012 5.0.3.0703) (HKLM\...\A843D426B14509A56ED9B3F9E0ADC07ADD2F8409) (Version: 07/03/2012 5.0.3.0703 - DAVICOM Semiconductor, Inc.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation)
Zoom (64-bit) (HKLM\...\{CBCEFA59-8DE2-4FA4-8596-FC41BCC14D50}) (Version: 5.15.19404 - Zoom)
Zotero (HKLM-x32\...\Zotero 6.0.26 (x86 en-US)) (Version: 6.0.26 - Corporation for Digital Scholarship)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-12-07] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2022-04-25] (Adobe Systems Incorporated)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-01-13] (Acer Incorporated)
Debian -> C:\Program Files\WindowsApps\TheDebianProject.DebianGNULinux_1.15.0.0_x64__76v4gfsz19hv4 [2023-07-05] (The Debian Project)
DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.14.0_x64__t5j2fzbtdg37r [2023-07-07] (DTS, Inc.)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-18] (INTEL CORP)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-01-10] (Microsoft Corporation)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-02-10] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2021-08-31] (Realtek Semiconductor Corp)
Thunderbolt™ Kontrollcenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-09-26] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2330.7.0_x64__cv1g1gvanyjgm [2023-08-03] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-93846ED5F987} -> [Creative Cloud Files] => C:\Users\*****\Creative Cloud Files [2021-05-28 19:26]
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\*****\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{5107667c-149a-47c8-b0c9-e4bf9132f17d} -> [PowerFolder] => C:\Users\*****\PowerFolders [2022-01-31 19:30]
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\*****\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{e26efb18-339f-4433-9b3d-c2832a3fe6cb}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => No File
CustomCLSID: HKU\S-1-5-21-917627657-1518166570-4135675860-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [  AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  PowerFolderIgnored] -> {0800cf35-8302-4030-8add-40ac1e3f8834} => C:\Program Files\PowerFolder.com\PowerFolder\IgnoredOverlay_x64.dll [2023-06-07] () [File not signed]
ShellIconOverlayIdentifiers: [  PowerFolderLocked] -> {0800cf35-8302-4030-8add-40ac1e3f8835} => C:\Program Files\PowerFolder.com\PowerFolder\LockedOverlay_x64.dll [2023-06-07] () [File not signed]
ShellIconOverlayIdentifiers: [  PowerFolderOK] -> {0800cf35-8302-4030-8add-40ac1e3f8831} => C:\Program Files\PowerFolder.com\PowerFolder\OKOverlay_x64.dll [2023-06-07] () [File not signed]
ShellIconOverlayIdentifiers: [  PowerFolderSyncing] -> {0800cf35-8302-4030-8add-40ac1e3f8832} => C:\Program Files\PowerFolder.com\PowerFolder\SyncingOverlay_x64.dll [2023-06-07] () [File not signed]
ShellIconOverlayIdentifiers: [  PowerFolderWarning] -> {0800cf35-8302-4030-8add-40ac1e3f8833} => C:\Program Files\PowerFolder.com\PowerFolder\WarningOverlay_x64.dll [2023-06-07] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-06-14] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH) [File not signed]
ContextMenuHandlers1: [LiferayNativityContextMenus] -> {0800cf35-8302-4030-8add-40ac1e3f8830} => C:\Program Files\PowerFolder.com\PowerFolder\LiferayNativityContextMenus_x64.dll [2023-06-07] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH) [File not signed]
ContextMenuHandlers4: [LiferayNativityContextMenus] -> {0800cf35-8302-4030-8add-40ac1e3f8830} => C:\Program Files\PowerFolder.com\PowerFolder\LiferayNativityContextMenus_x64.dll [2023-06-07] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-06-14] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\elastic.lnk -> D:\new-maktaba-shamila\shamela4\elastic\bin\nircmd.exe (NirSoft) -> exec hide "d:\new-maktaba-shamila\shamela4\elastic\bin\elasticsearch64.bat"
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Jitsi Meet.lnk -> C:\Program Files\Chromium\Application\chrome_proxy.exe (The Chromium Authors) ->  --profile-directory=Default --app-id=ibiognfelmneebngbnbeonnllapmffmb

==================== Loaded Modules (Whitelisted) =============

2023-08-02 10:26 - 2023-07-31 22:03 - 004684288 _____ () [File not signed] \\?\C:\Users\*****\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules\@signalapp\better-sqlite3\build\Release\better_sqlite3.node
2023-08-02 10:26 - 2023-07-31 22:03 - 004961792 _____ () [File not signed] \\?\C:\Users\*****\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules\@signalapp\libsignal-client\prebuilds\win32-x64\node.napi.node
2023-08-02 10:26 - 2023-07-31 22:03 - 011730432 _____ () [File not signed] \\?\C:\Users\*****\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules\@signalapp\ringrtc\build\win32\libringrtc-x64.node
2020-11-30 15:46 - 2022-05-28 10:45 - 000031232 _____ () [File not signed] C:\Program Files\IceCat\libEGL.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 004999680 _____ () [File not signed] C:\Program Files\IceCat\libGLESv2.dll
2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\IgnoredOverlay_x64.dll
2023-06-07 15:48 - 2023-06-07 15:48 - 000169472 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\LiferayNativityUtil_x64.dll
2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\LockedOverlay_x64.dll
2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\OKOverlay_x64.dll
2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\SyncingOverlay_x64.dll
2023-06-07 15:48 - 2023-06-07 15:48 - 000395264 _____ () [File not signed] C:\Program Files\PowerFolder.com\PowerFolder\WarningOverlay_x64.dll
2023-08-02 12:33 - 2023-06-07 15:55 - 000059392 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\desktoputils.dll
2023-08-02 12:33 - 2023-06-07 15:55 - 001203750 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\jnotify.dll
2023-08-02 12:33 - 2023-06-07 15:55 - 000014848 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\LiferayNativityWindowsUtil.dll
2023-08-02 12:33 - 2023-06-07 15:55 - 000281088 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\udt.dll
2023-08-02 12:33 - 2023-06-07 15:55 - 000061952 _____ () [File not signed] C:\Users\*****\AppData\Local\Temp\udt4j.dll
2023-08-06 19:09 - 2023-06-09 01:27 - 000457216 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\_jpype.cp37-win_amd64.pyd
2023-08-06 19:08 - 2023-06-09 01:27 - 012723712 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\fitz\_fitz.cp37-win_amd64.pyd
2023-08-06 19:09 - 2023-06-09 01:27 - 000104448 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\msgpack._cmsgpack.cp37-win_amd64.pyd
2023-08-06 19:09 - 2023-06-09 01:27 - 002522112 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\PIL\_imaging.cp37-win_amd64.pyd
2023-08-06 19:10 - 2023-06-09 01:27 - 000553984 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\pythoncom37.dll
2023-08-06 19:10 - 2023-06-09 01:27 - 000140800 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\pywintypes37.dll
2023-08-06 19:09 - 2023-06-09 01:27 - 000667136 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\regex._regex.cp37-win_amd64.pyd
2023-08-06 19:09 - 2023-06-09 01:27 - 000134144 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\win32api.pyd
2023-08-06 19:09 - 2023-06-09 01:27 - 000523776 _____ () [File not signed] D:\shamela4\app\win\64\bin\lib\win32com.shell.shell.pyd
2023-08-06 19:10 - 2023-05-31 01:40 - 000153600 _____ () [File not signed] D:\shamela4\app\win\64\bin\nvdaControllerClient64.dll
2016-06-30 11:15 - 2016-06-30 11:15 - 000012288 _____ (Institut für Iranistik) [File not signed] C:\Windows\system32\dtsch-or.dll
2021-10-15 12:38 - 2022-05-28 10:45 - 000182272 _____ (Mozilla Foundation) [File not signed] [File is in use] C:\Program Files\IceCat\AccessibleHandler.dll
2021-10-15 12:38 - 2022-05-28 10:45 - 000073216 _____ (Mozilla Foundation) [File not signed] [File is in use] C:\Program Files\IceCat\ia2marshal.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 112619008 _____ (Mozilla Foundation) [File not signed] [File is in use] C:\Program Files\IceCat\xul.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 000731648 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\freebl3.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 000035840 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\lgpllibs.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 002115584 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\mozavcodec.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 000198144 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\mozavutil.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 000650240 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\mozglue.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 002315776 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\nss3.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 000399360 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\nssckbi.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 000377856 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\osclientcerts.dll
2020-11-30 15:46 - 2022-05-28 10:45 - 000265728 _____ (Mozilla Foundation) [File not signed] C:\Program Files\IceCat\softokn3.dll
2015-12-17 12:11 - 2015-12-17 12:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2020-12-15 23:28 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2020-12-15 23:28 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\sharepoint.com -> hxxps://goetheuniversitaet-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2023-07-24 20:28 - 000000830 _____ C:\Windows\system32\drivers\etc\hosts

2022-08-21 22:37 - 2023-07-29 11:26 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.21.208.1 DESKTOP-UIULLTJ.mshome.net # 2028 7 4 27 9 26 51 764

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Eclipse Adoptium\jre-8.0.382.5-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\Calibre2\;C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\GnuPG\bin;C:\texlive\2022\bin\win32;C:\Program Files\Git\cmd;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin
HKCU\Environment\\Path -> C:\Program Files\Eclipse Adoptium\jre-8.0.352.8-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\Calibre2\;C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\Program Files\MiKTeX\miktex\bin\x64\;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Program Files\Git\cmd;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin;C:\Program Files (x86)\GnuPG\bin;C:\Program Files\Eclipse Adoptium\jre-8.0.352.8-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\Calibre2\;C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\Program Files\MiKTeX\miktex\bin\x64\;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Program Files\Git\cmd;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin;C:\Program Files (x86)\GnuP;C:\Users\*****\AppData\Local\Pandoc\;C:\Program Files\Oracle\VirtualBox;
HKU\S-1-5-21-917627657-1518166570-4135675860-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 5: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
WLAN: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "PDF24"
HKLM\...\StartupApproved\Run: => "Everything"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-917627657-1518166570-4135675860-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6316AB26-D844-4216-ADC1-E281DAB3EE7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3E3F3E05-5583-458E-A2ED-DAD18E59A4E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54400108-44E5-4EB4-9819-B87070D23332}] => (Allow) C:\Program Files\IceCat\icecat.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{5417BF67-5BBD-4837-B544-65542B5A9982}] => (Allow) C:\Program Files\IceCat\icecat.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{146DBE79-28C8-4CCB-891D-B1D786AEBC4E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9864282C-5A9F-41BE-A9C5-B78F57C25B97}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{26C9CB4E-7D95-45FB-9D93-171B71AAD04B}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Allow) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc)
FirewallRules: [UDP Query User{A34F2747-2A0B-4112-BBCE-4E885F3AAEAF}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Allow) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc)
FirewallRules: [{9F55A48A-AB81-4AE5-979A-DD4368B86AE6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E7EAD15-889F-44F4-9087-CC102D7ABA64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C327271-0E24-46D1-8161-E1BF9320BDB6}] => (Allow) C:\Program Files\Canon\DIAS\CnxDIAS.exe (CANON INC. -> CANON INC.)
FirewallRules: [{CD43FA0D-EEC7-4C49-BD28-78225C470B07}] => (Allow) C:\Users\*****\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{73FE525C-74AE-42BB-B8E6-C14163D65071}] => (Allow) C:\Users\*****\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{08A2E773-4262-48BB-A35A-496642E91AD3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{24509F41-D82E-46F1-B69B-DDEB3FC81336}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{5F8ACE13-226C-43B0-B547-C7818886931E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B485A504-ADA1-42A4-B4FF-DA3C56173BA6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37883EBE-3136-49E0-9356-6987273A6F37}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A695D91F-9146-4797-94B7-8BDE3B80861D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B6BD8654-A40C-44E4-AFAF-A0F36CECCF62}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5B728A5A-7D74-484A-B23C-72F52C3CDB75}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{D9D60D83-AB00-48D3-8A69-FA743BE8A67E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E254E46B-07B5-423A-84B3-15FF74A2B0A5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A60F5E64-1E9A-44A1-A906-E3F8022E9009}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{38F721BC-3028-477F-BFCD-B8EDAAF6BB68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{E857E69F-0D10-41F7-B51C-931EDB27BE0E}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgfs.exe () [File not signed]
FirewallRules: [{F269B616-7271-424E-A7BF-C34BBB589478}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgfs.exe () [File not signed]
FirewallRules: [{172DF7BF-3B8C-49D8-A5A5-937782164487}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgcom.exe () [File not signed]
FirewallRules: [{A2EEEE1B-5C5C-40C6-9065-84626C7AA6BF}] => (Allow) C:\Program Files\FlightGear 2020.3.6\bin\fgcom.exe () [File not signed]
FirewallRules: [TCP Query User{568C277E-E824-4A78-9D06-62F56494BDCC}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Block) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc)
FirewallRules: [UDP Query User{4A82AAFB-0ECD-4904-8754-8EEFE67ABF97}C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe] => (Block) C:\users\*****\appdata\local\vidyoconnect\vidyoconnect.exe (Vidyo Inc. -> Vidyo, Inc)
FirewallRules: [{4C238347-B9F9-4360-A96A-28A627A7C396}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe => No File
FirewallRules: [{4ED0778D-7419-4C47-8D24-7AEA4B93EFB4}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe => No File
FirewallRules: [{F2468B3E-91FF-4F24-9D89-C699E2CE3752}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe => No File
FirewallRules: [{1F4E0520-39E9-4645-8649-44CEB46B634C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{321053D3-E470-4092-A8AF-D6F28349C0CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{DC16E46A-C3B8-4683-AD12-B2BB855616C1}C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe => No File
FirewallRules: [UDP Query User{0330DBC6-A582-4A27-A734-3B72013D16AE}C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.109.0530.0001\filecoauth.exe => No File
FirewallRules: [TCP Query User{A9AEBBD3-0318-42E9-AE10-62481938FD81}C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe => No File
FirewallRules: [UDP Query User{642F024F-5CF4-4FA9-9AFA-EAE41EBA2A4B}C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.119.0613.0001\filecoauth.exe => No File
FirewallRules: [TCP Query User{A054D41C-9704-4CB9-B514-53580E144BD1}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9CCDD46B-7FB4-454C-9C78-7E662743545D}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{BD5B6F5C-C2FB-4642-A7B5-3695B298BC94}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{A1B1B43A-5E8A-495D-A8B6-3F5D217AA787}C:\windows\system32\bdeuisrv.exe] => (Block) C:\windows\system32\bdeuisrv.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{76F396C9-5D9A-49B8-9D6E-0F94406A4941}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LINE.exe => No File
FirewallRules: [{062E312A-51B2-4FE8-AE23-5D6B7C8461B1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LINE.exe => No File
FirewallRules: [{90851A1D-1C22-43BF-8D50-15809132D83C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LineUpdater.exe => No File
FirewallRules: [{F926D051-4FBD-44F0-9F5A-A3D5024A5B3E}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.0.3.2555\LineUpdater.exe => No File
FirewallRules: [TCP Query User{0F3B9017-A50D-4C04-95B8-52B4CD86D7E9}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File
FirewallRules: [UDP Query User{FB487A13-8F0D-4DB6-8A45-A4554FC2480D}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File
FirewallRules: [TCP Query User{0AC380A7-7EDF-43A2-BA55-045DABB6810E}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File
FirewallRules: [UDP Query User{0F751712-2694-43A3-9F41-00E6CB5575B2}C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe] => (Block) C:\users\*****\appdata\local\microsoft\onedrive\21.139.0711.0001\filecoauth.exe => No File
FirewallRules: [{AAC0EF56-4C9A-47E4-8747-5C1D21BFF128}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LINE.exe => No File
FirewallRules: [{47002FCA-DB46-4C13-82F3-F4961DECF8B2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LINE.exe => No File
FirewallRules: [{BB4F5EB0-7B7B-4125-AB9E-0C07D9E9BD1F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LineUpdater.exe => No File
FirewallRules: [{E190D797-76DC-48C5-ACCC-0E78D2FE63A9}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.1.0.2585\LineUpdater.exe => No File
FirewallRules: [{3015F7FE-9687-4B8F-9CEF-CED908D26C83}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LINE.exe => No File
FirewallRules: [{DB55E16F-4038-4A39-97CD-D730D58A8510}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LINE.exe => No File
FirewallRules: [{9900E0D0-770F-439B-8962-1F77A93FAE94}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LineUpdater.exe => No File
FirewallRules: [{3078745A-74BB-4374-ACBD-2A28AE78601B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.2.0.2599\LineUpdater.exe => No File
FirewallRules: [TCP Query User{B9E6FDF2-C0E6-4DAF-A6D7-F1204FDAA9AC}C:\users\*****\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\*****\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{4DE9D834-0A45-4955-A280-F18A77DE3B82}C:\users\*****\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\*****\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{E101662A-9D83-41FC-98D4-935F0E6BD19F}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH)
FirewallRules: [{EA3A7763-572B-4401-A687-DE0513A7C23F}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH)
FirewallRules: [{4BE1C042-FE83-4FE3-8151-481695EFB0DB}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH)
FirewallRules: [{C99D57A6-C7EE-46CB-A916-9DBAB69F288F}] => (Allow) C:\Program Files (x86)\Lexware\QuickSteuer\2021\SSE.exe (Wolters Kluwer Deutschland GmbH -> Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH)
FirewallRules: [{B6A36035-D932-4163-9196-432EA13C8B56}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LINE.exe => No File
FirewallRules: [{18342CC9-A870-47CE-9EE4-FE03239D3150}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LINE.exe => No File
FirewallRules: [{267DAF34-6818-4335-923E-D8DCA7CE2A96}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LineUpdater.exe => No File
FirewallRules: [{56BC041B-46F5-4D76-BA30-7F101FE9B7F4}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.0.2625\LineUpdater.exe => No File
FirewallRules: [{215A08CE-2A0E-4946-805E-2F433EA941AB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LINE.exe => No File
FirewallRules: [{F6807250-7EB8-486B-815E-3FEF46AAB44C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LINE.exe => No File
FirewallRules: [{EFE78CC0-B6C6-4B2A-BC3F-9BA7FDDBDEDB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LineUpdater.exe => No File
FirewallRules: [{83539C23-E40D-4E99-A888-B5201985788D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.3.1.2631\LineUpdater.exe => No File
FirewallRules: [{50DDEC3D-D781-4AB1-9B76-9B99E5669037}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LINE.exe => No File
FirewallRules: [{348DA317-A5A2-42F6-80C3-33599021C7FF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LINE.exe => No File
FirewallRules: [{80073697-F352-4F1F-BEA6-5C68707AE3C7}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LineUpdater.exe => No File
FirewallRules: [{B617AD60-7F85-4B32-88E4-D44D067E18BC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.0.2647\LineUpdater.exe => No File
FirewallRules: [{D9ABF39A-F16D-4C21-AB0D-FC79D757D4F8}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LINE.exe => No File
FirewallRules: [{6BE49B60-609E-44F7-AABF-C27DCDF7A4FA}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LINE.exe => No File
FirewallRules: [{C0F5D0F5-5A02-4C05-B021-948E0B1E00FA}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LineUpdater.exe => No File
FirewallRules: [{E98BAFF6-691A-41AA-BE48-48D29C9A2873}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.4.1.2652\LineUpdater.exe => No File
FirewallRules: [TCP Query User{152E1FE4-C450-4162-B952-91310C8ACB78}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{46B04126-57CD-417B-95CB-6F4262B8D3F6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{2D1100A0-9B41-4412-B97F-E28A28407350}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LINE.exe => No File
FirewallRules: [{FD91625C-A92B-473A-9E2E-16533E07F576}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LINE.exe => No File
FirewallRules: [{67CF3EE2-8084-4622-BFD3-B3E66D5E752F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LineUpdater.exe => No File
FirewallRules: [{3B759B51-4BAA-493A-87A3-D115233F2FBF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2664\LineUpdater.exe => No File
FirewallRules: [{F71F2A97-E3F8-4386-9E69-0EACEF3FE834}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LINE.exe => No File
FirewallRules: [{DF8B8A5A-FADD-49F2-B82F-F9DE9FBD0FA5}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LINE.exe => No File
FirewallRules: [{4968D978-9DA5-490E-9DE3-098CF8ACDE4A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LineUpdater.exe => No File
FirewallRules: [{3717605E-21A4-423B-BB52-D0316257F195}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.5.0.2665\LineUpdater.exe => No File
FirewallRules: [TCP Query User{28D4D67C-DCEC-4674-863B-F2AAF3F79B90}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Allow) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F2AF663C-F6C2-4C6E-8C71-83DBBA1A9C68}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Allow) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8A6E8A4F-3F69-4653-BEC7-FB0C10B531EF}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Block) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe
FirewallRules: [UDP Query User{9493710A-28B6-49E4-8BB9-67B09A6CEE6D}C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe] => (Block) C:\program files\powerfolder.com\powerfolder\jre\bin\javaw.exe
FirewallRules: [{04FA014B-1EC3-4E0A-98C3-CB0B22237025}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LINE.exe => No File
FirewallRules: [{ED4FA95B-98CE-4FB4-91B9-F5C264712CAF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LINE.exe => No File
FirewallRules: [{1DF0EFAE-4CDE-416C-BB36-259AAC2A2510}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LineUpdater.exe => No File
FirewallRules: [{F2FD42FC-CCFF-4787-A458-D49ABB879B0A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.7.0.2698\LineUpdater.exe => No File
FirewallRules: [{177E7FD9-1E5C-4136-B373-89C4E1F4254A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LINE.exe => No File
FirewallRules: [{6A4F1B1A-EA62-4329-812C-34B2E9255391}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LINE.exe => No File
FirewallRules: [{9DD82D09-7D40-45B4-AFF4-E544CD109FB8}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LineUpdater.exe => No File
FirewallRules: [{1C240301-DDBC-43E7-95D9-3A36CCDE67EE}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.0.2727\LineUpdater.exe => No File
FirewallRules: [{BCC37E02-03FB-45E0-B3E6-6E753DFC0472}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LINE.exe => No File
FirewallRules: [{48955ED8-6BE6-47DC-9F40-51D3CA46585A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LINE.exe => No File
FirewallRules: [{6D38438F-CFDE-4117-9702-125D17530684}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LineUpdater.exe => No File
FirewallRules: [{F5BD4C3F-BBA3-4884-AB72-C6E4A00ABCB1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.8.1.2731\LineUpdater.exe => No File
FirewallRules: [{BD74503C-C199-467C-A730-9B004EA06B69}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LINE.exe => No File
FirewallRules: [{7F0ED3ED-B6A0-4B39-B0E8-7D5AAC4FC70A}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LINE.exe => No File
FirewallRules: [{92DF69B8-5E2E-4D27-A32A-6508AE1E70B4}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LineUpdater.exe => No File
FirewallRules: [{2BCF2C18-1E3C-4800-AB1B-31328E9EEB5C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.0.2756\LineUpdater.exe => No File
FirewallRules: [{C8F3D64E-1C07-4D8E-A9E2-0572DD57336C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LINE.exe => No File
FirewallRules: [{9538A11C-CF1F-463C-8E6B-3D53D99A8790}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LINE.exe => No File
FirewallRules: [{4620F342-2459-4D50-8134-5C69D6C5D75D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LineUpdater.exe => No File
FirewallRules: [{2230AD97-0838-4230-A1A3-AB903D643E06}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.9.1.2757\LineUpdater.exe => No File
FirewallRules: [{F19BA587-5EE6-4233-A709-B34451FAF3BC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LINE.exe => No File
FirewallRules: [{5915557F-05C4-47A6-8E83-F76816E92073}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LINE.exe => No File
FirewallRules: [{D6353043-517F-459A-8F54-B20325C1A47D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LineUpdater.exe => No File
FirewallRules: [{EE4A6A58-A8AF-4AAE-A752-449C0AA48D41}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.0.2797\LineUpdater.exe => No File
FirewallRules: [{DFC0F6D2-454F-4A01-BB7F-0AFB7D5706AF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LINE.exe => No File
FirewallRules: [{AE4E0712-328F-46E2-8937-816C2197A356}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LINE.exe => No File
FirewallRules: [{618455A1-03CD-4CD5-8090-AF69E48D3C70}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LineUpdater.exe => No File
FirewallRules: [{3CAD46D7-D64D-4715-B3E5-8DF881734FBE}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.1.2805\LineUpdater.exe => No File
FirewallRules: [{0E6F00E1-F789-4CBC-B575-F79A2629CCCC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LINE.exe => No File
FirewallRules: [{5C491A52-0F61-4C71-ADDB-D43F222D9219}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LINE.exe => No File
FirewallRules: [{96624448-1525-4366-935D-410EDDD3D2A1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LineUpdater.exe => No File
FirewallRules: [{8A8477FF-6288-4792-B7AD-4BA3DF150647}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.10.2.2807\LineUpdater.exe => No File
FirewallRules: [{0E0F98F0-4B16-4D9E-8BEA-9EAAAC3E613D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LINE.exe => No File
FirewallRules: [{FEF35869-CFB9-4DE1-90AF-AFB89458300B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LINE.exe => No File
FirewallRules: [{61FCCE96-C1A0-4C30-B23E-A5CE0F131FD3}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LineUpdater.exe => No File
FirewallRules: [{93CA1D86-11B2-4ADD-89E4-E10273CD4AD0}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.11.0.2821\LineUpdater.exe => No File
FirewallRules: [{76C148C4-63E8-4AB1-80DD-495E477CD303}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LINE.exe => No File
FirewallRules: [{8B0207B9-176D-4B06-84BB-C66DA9C4B521}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LINE.exe => No File
FirewallRules: [{EFBCB701-0F4E-4CB8-9524-9DF86F0A72E2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LineUpdater.exe => No File
FirewallRules: [{99F72A0A-FBAC-42C2-A37E-85339A0D09B2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.12.0.2848\LineUpdater.exe => No File
FirewallRules: [{E589ED3C-1331-4FC7-AF84-9525792AFFF9}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LINE.exe => No File
FirewallRules: [{4996CEFC-1DB6-47FD-BB3C-34E873DEC5CF}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LINE.exe => No File
FirewallRules: [{6FC035A4-A781-4DD9-BF5A-68FA2DDA0687}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LineUpdater.exe => No File
FirewallRules: [{C00358A2-55BC-494F-BDC8-444ED5045845}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2871\LineUpdater.exe => No File
FirewallRules: [{58E6B588-A682-4948-90EA-20BF84BA5C80}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LINE.exe => No File
FirewallRules: [{E0C81D17-E9A8-4C86-8858-8C0FCF581884}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LINE.exe => No File
FirewallRules: [{370A7F63-D546-4A5F-BDF1-2EF3923A488B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LineUpdater.exe => No File
FirewallRules: [{607CAAF6-5FC9-4985-85AD-4FBCB7E778AB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.1.2875\LineUpdater.exe => No File
FirewallRules: [{033CC489-F5E4-4680-875E-EB1B13E8EC31}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LINE.exe => No File
FirewallRules: [{8589F426-604D-484A-8774-D8F6E3557A2B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LINE.exe => No File
FirewallRules: [{AAB3B351-6743-4174-96F8-1569231AB3F3}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LineUpdater.exe => No File
FirewallRules: [{059F481F-B8FC-4664-8CEB-924AE34BE73D}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.13.2.2877\LineUpdater.exe => No File
FirewallRules: [{53A7A7AA-542A-4459-BB9B-29FE230A1C23}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LINE.exe => No File
FirewallRules: [{32506715-28C7-440C-A218-A8A48A5A32D4}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LINE.exe => No File
FirewallRules: [{7CE67A8F-DC44-4B22-B3F7-EE23CD822253}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LineUpdater.exe => No File
FirewallRules: [{806675CE-EEED-4F9E-A5BE-23B2C9DD09AA}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.14.0.2898\LineUpdater.exe => No File
FirewallRules: [{420BD97C-B169-4AB1-8FD8-B2271F373567}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LINE.exe => No File
FirewallRules: [{E6B7192B-5BF6-44F0-B775-46E7E7CB6C94}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LINE.exe => No File
FirewallRules: [{9EDAC0CA-342E-4B98-A3A3-D8FE3768C45B}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LineUpdater.exe => No File
FirewallRules: [{E8FF69D3-E7B6-4970-951A-33CF071E11C6}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.15.0.2962\LineUpdater.exe => No File
FirewallRules: [{E6DB9EF5-404B-4EB4-A375-31697FC3F138}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LINE.exe => No File
FirewallRules: [{A70793A5-0D2A-4641-BE57-037E0E60464F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LINE.exe => No File
FirewallRules: [{ED5C952E-80C5-4E3F-BF24-CDFC651B56F1}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LineUpdater.exe => No File
FirewallRules: [{C49FFA7F-8F88-41DA-A442-C1E10C9D2160}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.16.1.3000\LineUpdater.exe => No File
FirewallRules: [{BEB49696-F7D2-4D5B-BD92-393ACD17CEB5}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LINE.exe => No File
FirewallRules: [{8EE69272-CDE0-4072-B4F0-957C9625063C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LINE.exe => No File
FirewallRules: [{723F9887-E9E5-4199-9D55-E195AD780618}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LineUpdater.exe => No File
FirewallRules: [{BB08D898-68C8-47E2-AC92-1310FC5C6980}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3030\LineUpdater.exe => No File
FirewallRules: [{FB5E9EBF-0AB5-460B-AF83-A176C8738249}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LINE.exe => No File
FirewallRules: [{47910B20-512F-46B0-89DC-E2B15CF6C620}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LINE.exe => No File
FirewallRules: [{FA5EE6B9-CA92-4DCA-A2CF-30D6AF1A370F}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LineUpdater.exe => No File
FirewallRules: [{73196871-FD19-4667-B700-D536B567BDCB}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\7.17.0.3035\LineUpdater.exe => No File
FirewallRules: [TCP Query User{887ABC2F-61E9-4AA0-AC22-828871ACA0BE}C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors)
FirewallRules: [UDP Query User{8CB05EBC-3491-445F-8D5B-562ADB5BC143}C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors)
FirewallRules: [{9DFCA52F-BC83-4C33-A1B6-2ED9C7E49DCF}] => (Block) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors)
FirewallRules: [{7D0C0398-D976-4257-AD83-0DCDA5DB1130}] => (Block) C:\users\*****\appdata\roaming\synctrayzor\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors)
FirewallRules: [{C3F7B0C9-D9F1-4A2B-9D1A-611C219AE4E7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{653E1444-C5AD-4AC6-8B1A-74EB110289B5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C23D7E1-EA2C-4779-92CE-35A3B9D967FE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5E41C835-2B4C-438F-A27F-197A9D287B0F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{02F94DF1-562B-42A1-8843-0DE854C3350B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9239636B-44C9-442E-A536-596D616F5A20}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LINE.exe => No File
FirewallRules: [{7133AB5C-45AA-48A3-B14F-54ED945DD879}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LINE.exe => No File
FirewallRules: [{11F49329-885E-40C5-9F29-1B436FC5E731}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LineUpdater.exe => No File
FirewallRules: [{A5E9E8E4-E36B-450C-B054-711872CBA22C}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.0.0.3114\LineUpdater.exe => No File
FirewallRules: [{052294B8-6D5E-4FF8-88D6-172BEA3D45D3}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{41B90149-A740-42B2-982E-58964100AFE2}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0BD29992-A39F-4866-9BCE-2C750F027931}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{99C7E4B0-67EF-4390-9A82-73BF651F1B9E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD7FCF6A-F31E-493F-98A9-7BC22A1B02EC}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LINE.exe => No File
FirewallRules: [{359CF708-6134-4237-895A-72250EEBB417}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LINE.exe => No File
FirewallRules: [{8B141409-513B-4C1C-93EC-6087F0543775}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LineUpdater.exe => No File
FirewallRules: [{0A90BF05-4FFF-435D-82D3-89DAF10025C2}] => (Allow) C:\Users\*****\AppData\Local\LINE\bin\8.1.1.3145\LineUpdater.exe => No File
FirewallRules: [{149FF591-371B-402D-BA35-BC1B820C3FE0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77405491-D3C6-4B24-BB31-2BFC9739BA1A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F128B2B6-308E-4D1F-847D-93F2C0F2CC43}] => (Allow) C:\Program Files\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/09/2023 11:47:19 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {00000000-0000-0000-0000-000000000000}. The error code was 0x80010114.

Error: (08/09/2023 11:47:19 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {96D57EB0-0274-0000-C4C5-93F984000000}. The error code was 0x80010114.

Error: (08/09/2023 11:46:55 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {00000000-0000-0000-0000-000000000000}. The error code was 0x80010114.

Error: (08/09/2023 11:46:55 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {E89F726E-C4F4-4C19-BB19-B647D7FA8478} requested by the client, with handler CLSID {3F39C830-7FFC-0000-E0EB-143FFC7F0000}. The error code was 0x80010114.

Error: (08/09/2023 10:22:55 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/09/2023 10:22:54 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/09/2023 10:22:54 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/09/2023 12:39:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete erneut optimieren on BIBLIOTHEKA (F:) because: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)


System errors:
=============
Error: (08/09/2023 11:52:29 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (08/09/2023 11:46:41 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (08/09/2023 11:40:14 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (08/09/2023 11:38:14 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (08/08/2023 08:59:52 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (08/08/2023 12:36:02 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/08/2023 11:11:26 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT)
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {16486a00-f8bb-4860-841f-555111c02171}, had event 74

Error: (08/07/2023 07:00:29 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.


Windows Defender:
================
Date: 2023-08-09 09:02:07
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {502DC5D1-99B0-4A71-A571-545623C786F3}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-08-08 11:13:57
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_D:\new-maktaba-shamila\shamela_4\1441.095\launcher.bin
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-UIULLTJ\*****
Prozessname: C:\Program Files\7-Zip\7zG.exe
Sicherheitsversion: AV: 1.393.2546.0, AS: 1.393.2546.0, NIS: 1.393.2546.0
Modulversion: AM: 1.1.23060.1005, NIS: 1.1.23060.1005

Date: 2023-08-08 08:57:42
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {670A039C-E493-48D3-80A3-6596C7F12BC1}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-08-07 11:42:37
Description:
C:\Program Files\Adobe\Adobe InDesign 2023\InDesign.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Documents\tmp00000001 zu ändern.
Erkennungszeit: 2023-08-07T09:42:37.983Z
Benutzer: DESKTOP-UIULLTJ\*****
Pfad: %userprofile%\OneDrive\Documents\tmp00000001
Prozessname: C:\Program Files\Adobe\Adobe InDesign 2023\InDesign.exe
Sicherheitsversion: 1.393.2455.0
Modulversion: 1.1.23060.1005
Produktversion: 4.18.23050.9

Date: 2023-08-06 18:17:58
Description:
C:\Program Files\PowerFolder.com\PowerFolder\jre\bin\javaw.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\OneDrive\Documents\Privat\.PowerFolder\meta\.PowerFolder\ zu ändern.
Erkennungszeit: 2023-08-06T16:17:58.880Z
Benutzer: DESKTOP-UIULLTJ\*****
Pfad: %userprofile%\OneDrive\Documents\Privat\.PowerFolder\meta\.PowerFolder\
Prozessname: C:\Program Files\PowerFolder.com\PowerFolder\jre\bin\javaw.exe
Sicherheitsversion: 1.393.2424.0
Modulversion: 1.1.23060.1005
Produktversion: 4.18.23050.9
Event[0]:

Date: 2023-07-15 10:32:14
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Bei Zugriff
Fehlercode: 0x80004005
Fehlerbeschreibung: Unbekannter Fehler
Ursache: Die Elementenüberprüfung des Filtertreibers wurde übersprungen, und er befindet sich nun im Durchleitungsmodus. Dies ist möglicherweise auf Ressourcenmangel zurückzuführen.

Date: 2023-05-31 10:21:05
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.391.20.0
%Vorherige Version der Sicherheitsinformationen: 1.389.2778.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.20300.3
%Vorherige Modulversion: 1.1.20300.3
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2023-05-31 10:21:05
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.391.20.0
%Vorherige Version der Sicherheitsinformationen: 1.389.2778.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.20300.3
%Vorherige Modulversion: 1.1.20300.3
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.

Date: 2023-05-31 10:20:08
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.391.20.0
%Vorherige Version der Sicherheitsinformationen: 1.389.2778.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.23050.3
%Vorherige Modulversion: 1.1.20300.3
Fehlercode: 0x80509004
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".

Date: 2023-05-31 10:20:08
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.391.20.0
%Vorherige Version der Sicherheitsinformationen: 1.389.2778.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.23050.3
%Vorherige Modulversion: 1.1.20300.3
Fehlercode: 0x80509004
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".

CodeIntegrity:
===============
Date: 2023-08-09 11:51:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d56593f46e53a9ee\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.13 06/28/2021
Motherboard: IL Lenny_IL
Processor: Intel(R) Core(TM) i5-1035G4 CPU @ 1.10GHz
Percentage of memory in use: 96%
Total physical RAM: 7980.05 MB
Available physical RAM: 275.59 MB
Total Virtual: 21975.88 MB
Available Virtual: 8539.04 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:237.35 GB) (Free:17.43 GB) (Model: NVMe KINGSTON RBUSNS8) (Protected) NTFS
Drive d: () (Removable) (Total:238.23 GB) (Free:126.08 GB) exFAT
Drive f: (BIBLIOTHEKA) (Fixed) (Total:931.51 GB) (Free:538.07 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS
Drive h: (Intenso) (Fixed) (Total:476.92 GB) (Free:395 GB) (Model: Intenso Portable SSD SCSI Disk Device) exFAT

\\?\Volume{6977ce3a-8aab-4d25-b7fb-3d7fca67f04f}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.29 GB) NTFS
\\?\Volume{080a0e14-cf2a-4f36-bf0d-a6d5f5cfe7fe}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 8B83DD96)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 4 (Protective MBR) (Size: 238.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
--- --- ---


Ich habe überall meinen Benutzernamen durch "*****" ersetzt, da es sonst meine Identität leicht zu erkennen wäre.

Ich würde mich über Hilfe sehr freuen, vielen lieben Dank,

Piristibulus

cosinus 09.08.2023 11:26
Was soll das genau sein, eine Textdatenbank?
Was für ein Programm, aus welcher Quelle? Die ZIP-Datei hast du noch?

Piristibulus 09.08.2023 11:38
Das ist eine Datenbank arabischer Texte, v.a. aus dem Mittelalter. Die aktuelle Version gibt es hier: https://shamela.ws/ (leider alles auf Arabisch)

Die ältere Version habe ich von archive.org heruntergeladen: https://archive.org/details/shamela_4_2. Ich habe das Entpacken unterbrochen und Zip-Datei wie auch das bisher entpackte gelöscht.

Ich nutze die schon seit ca. 2006, ohne dass bisher irgendwelche Trojaner-Sachen passiert wären.
Im Prinzip kann man da arabische Text durchsuchen und wenn dort Personen erwähnt werden, nach diesen in biographischen Werken suchen lassen bzw. Paralleltexte und Varianten anzeigen lassen.

cosinus 09.08.2023 11:51
Dass das ein Fehlalarm ist, wurde noch nicht in Betracht gezogen?

Piristibulus 09.08.2023 11:54
ähm, nein ... ich habe es kurz überlegt. aber dann war ich doch verunsichert, weil eben die anderen versionen incl. der gerade aktuellen keinen solchen alarm geschlagen haben.

cosinus 09.08.2023 12:47
Ich verschiebe mal nach Diskussion, es wurde ja nichts ausgeführt, sondern nur entpackt.

Piristibulus 09.08.2023 12:51
Oh, danke Dir.
Was heisst das jetzt genau? Also kann ich erst einmal davon ausgehen, dass alles in Ordnung sein sollte?

M-K-D-B 09.08.2023 12:53
Bitte mal diese Datei bei VirusTotal hochladen und - sobald die Datei ausgewertet wurde - den Link aus der Adresszeile kopieren:
Zitat:
D:\new-maktaba-shamila\shamela_4\1441.095\launcher.bin

Piristibulus 09.08.2023 22:38
ok, super ... mache ich dann nachher mal.

Hier der Link:

https://www.virustotal.com/gui/file/1285e55390743a3630116c7d6e47545f6872c51628526f4d1589d4994c0b44fc

M-K-D-B 10.08.2023 09:13
Das sind schon einige Scanner, die hier anschlagen... :rolleyes:

Ich persönlich würde solche Software nicht nutzen, weil es mir zu heikel wäre.

Lade mal bitte noch diese Datei bei VirusTotal hoch:
Zitat:
D:\new-maktaba-shamila\shamela4\elastic\bin\nircmd.exe

Piristibulus 10.08.2023 12:09
Danke ...

Oha, das schlägt auch ganz schön aus:

https://www.virustotal.com/gui/file/31b3b228382dc359f22ae97b2602eee81dc743fb21196061eacc6619533881f5

Das file bzw. der Order gehört zu der späteren Version, die ich versucht habe zu entpacken. Ich sehe gerade, dass sich der Ordner gar nicht löschen lässt.

Ich meine, die hätte ich auch einmal ausgeführt und dann gelassen, weil es nicht funktioniert hat, wie es soll.

cosinus 10.08.2023 13:31
nircmd.exe ist ein Tool von von https://www.nirsoft.net
Das sollte ok sein. Weil damit aber auch Unsinn gemacht werden kann, flaggen viele Virenscanner die Software von https://www.nirsoft.net gerne mal als (potentiellen) Schädling.

M-K-D-B 10.08.2023 15:24
Zitat:
Zitat von Piristibulus (Beitrag 1775829)
Danke ...

Oha, das schlägt auch ganz schön aus:

https://www.virustotal.com/gui/file/...cc6619533881f5

Das file bzw. der Order gehört zu der späteren Version, die ich versucht habe zu entpacken. Ich sehe gerade, dass sich der Ordner gar nicht löschen lässt.

Ich meine, die hätte ich auch einmal ausgeführt und dann gelassen, weil es nicht funktioniert hat, wie es soll.
Der Ordner lässt sich wohl nicht (so einfach) entfernen, weil die Datei beim Start automatisch ausgeführt wird und damit im Speicher liegt.

Wir können den Startup-Eintrag schon entfernen, dann kannst du es selbst löschen.
Wie du magst.




Hast du Chromium bewusst/absichtlich installiert?
Zitat:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files\Chromium\Application\115.0.5790.171\Installer\chrmstp.exe [2023-08-07] (The Chromium Authors) [File not signed]




Zitat:
Zitat von cosinus (Beitrag 1775830)
nircmd.exe ist ein Tool von von https://www.nirsoft.net
Das sollte ok sein. Weil damit aber auch Unsinn gemacht werden kann, flaggen viele Virenscanner die Software von https://www.nirsoft.net gerne mal als (potentiellen) Schädling.
Ja, sieht ganz so aus. Ich kenne nirsoft schon, habe trotzdem einen Upload gemacht, weil die Datei keine Signatur aufweist und in der Beschreibung kann theoretisch jeder alles Mögliche reinschreiben:
Zitat:
ShortcutTarget: elastic.lnk -> D:\new-maktaba-shamila\shamela4\elastic\bin\nircmd.exe (NirSoft) [File not signed]

Piristibulus 10.08.2023 16:18
Zitat:
Zitat von M-K-D-B (Beitrag 1775833)
Der Ordner lässt sich wohl nicht (so einfach) entfernen, weil die Datei beim Start automatisch ausgeführt wird und damit im Speicher liegt.

Wir können den Startup-Eintrag schon entfernen, dann kannst du es selbst löschen.
Wie du magst.
Danke für die Info, das dachte ich mir schon fast.
Aber da "Laufwerk D" ohnehin nur eine SD-Karte ist, auf der auch einige Ordner mit PDFs liegen und ich auch viel auf einem anderen PC mit Debian mache, habe ich die Karte einfach dort gemountet und den betreffenden Ordner gelöscht.

Zitat:
Hast du Chromium bewusst/absichtlich installiert?
Ja hab ich. Zum Ansehen/Testen von Webseiten, die in Firefox nicht gut aussehen bzw. zum Überprüfen, wenn Studierende sagen, dass irgendwas bei Moodle nicht geklappt hat und sie mit Chrome unterwegs waren.

Ich werde von der Software in Zukunft die Finger lassen und das auch mal so an die liebe Kollegschaft weitergeben...

Vielen Dank für die Hilfe, soll/muss ich sonst noch etwas tun?


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129