Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 17.11.2021, 11:19   #1
mirx
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



Guten Morgen,
ich habe intelligenter Weiße etwas auf Computerbild.de heruntergeladen - was ich in Zukunft nicht mehr machen werde.
Mein Windows Defender meldet nun:

Backdoor:Win32/Bladabindi.YPS!MTB

Alert level: severe
Status: active
...

Was kann ich tun?
Es lässt sich nicht durch den Defender entfernen.
Angehängte Dateien
Dateityp: txt FRST1.txt (26,7 KB, 12x aufgerufen)
Dateityp: txt Addition2.txt (34,6 KB, 9x aufgerufen)
Dateityp: txt Shortcut3.txt (34,0 KB, 10x aufgerufen)

Alt 17.11.2021, 12:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



Kannst du bitte mal erklären, warum du die Logateien in den Anhang klatscht? Wir haben hier eigentlich sehr deutlich in den Infoartikeln beschrieben, dass das nur gemacht werden soll, wenn der Helfer das so wollte.



Posten in CODE-Tags

Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 17.11.2021, 12:43   #3
mirx
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by 1joha (administrator) on LAPTOP-V5MMEJB2 (HUAWEI NBLK-WAX9X) (17-11-2021 11:09:32)
Running from C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\ExpPhysik1
Loaded Profiles: 1joha
Platform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0347924.inf_amd64_04af308e61660124\B347730\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0347924.inf_amd64_04af308e61660124\B347730\atiesrxx.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\1joha\AppData\Local\WebEx\WebEx\Meetings\atmgr.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\1joha\AppData\Local\WebEx\WebexHost.exe
(Discord Inc. -> Discord Inc.) C:\Users\1joha\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\52.0.6.0\crashpad_handler.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe <7>
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files\Huawei\PCManager\MateBookService.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe
(Huawei Technologies Co., Ltd. -> ) C:\Windows\System32\RPC\OSD\osdservice.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HwLcdEnhancement\MonitorManageStart.exe
(Huawei Technologies Co., Ltd. -> Microsoft) C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\drivers\SessionService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Schomäcker GmbH) [File not signed] [File is in use] C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe
(Schomäcker GmbH) [File not signed] [File is in use] C:\Program Files\Q Pilot - Client\Service\QPilot-Client-Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [971552 2019-09-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [QPilotClientGUI] => C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe [317541 2020-04-14] (Schomäcker GmbH) [File not signed] [File is in use]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3137728 2021-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\1joha\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [OpenOffice Updater] => C:\Users\1joha\AppData\Roaming\OpenOffice Updater\Updater.exe [365680 2019-11-03] (Arne Koenig -> ) <==== ATTENTION
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [Discord] => C:\Users\1joha\AppData\Local\Discord\Update.exe [1512096 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49952424 2021-10-19] (Google LLC -> )
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\1joha\AppData\Local\WebEx\WebexHost.exe [6009680 2021-11-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [109288 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\C368SeriesPCL Language Monitor: C:\WINDOWS\system32\KOAXPJ_L.DLL [25568 2019-02-14] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [44288 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
Startup: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2020-10-25]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0909FF50-AFDC-4728-8DFC-B1BE0C451613} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C131483-8660-45E7-9EF6-68C966E2F77D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C60ACBA-0BC5-4E4E-A12C-30282E225CD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6161FE08-00C8-40A7-B719-7E7AFCACCBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
Task: {8FC8118A-EF81-47BE-BA05-6C1DC6FBBBDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
Task: {A13746C3-28B6-40AB-8AB4-BCB205DFCC58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD82D61D-D291-446D-8179-50D12B878431} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {CC11DBBE-29A4-4C8D-A4B4-A596EA60A3A5} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {D2AE6432-BFCB-4EB1-A674-03BBEC77BF55} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-05] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{63dd64c4-def7-4167-a447-8e8ca168e7f4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9067b2cc-392c-44b1-b3f1-d6d4f657e2b0}: [DhcpNameServer] 40.41.1.12

Edge: 
=======
DownloadDir: C:\Users\1joha\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\1joha\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-17]
Edge StartupUrls: Default -> "hxxps://www.google.de/"

FireFox:
========
FF DefaultProfile: spoqee5u.default
FF ProfilePath: C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\spoqee5u.default [2021-04-10]
FF ProfilePath: C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release [2021-11-17]
FF Homepage: Mozilla\Firefox\Profiles\m8i35jzt.default-release -> file:///C:/Users/1joha/Documents/Sonstiges/Links&html/Johnny's%20LInks2021.August.html
FF Session Restore: Mozilla\Firefox\Profiles\m8i35jzt.default-release -> is enabled.
FF Extension: (AdBlocker Ultimate) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-10-14]
FF Extension: (Colorful cubes) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{168c7cf2-8d10-460d-94f3-6482b8602cc2}.xpi [2021-09-20]
FF Extension: (__Cool Shade__) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{56b8b413-e19e-47c7-80c5-52a6795dfe78}.xpi [2021-09-20]
FF Extension: (Dark Mode) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{830f38bd-efc5-45dc-a5a6-064d9a638806}.xpi [2021-09-20]
FF Extension: (gray leaf) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{979aae3a-31db-479d-b7d5-95054b5a33ff}.xpi [2021-09-20]
FF Extension: (ANIMATED Blue Plexus by candelora) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{abca071b-3177-4a86-84b9-c9a712c2268b}.xpi [2021-10-14]
FF Extension: (Northern Lake FT by MaDonna) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{fcebb804-5eb9-43d9-a12a-30f6ca1b9b1b}.xpi [2021-09-20]

Chrome: 
=======
CHR Profile: C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default [2021-04-10]
CHR StartupUrls: Default -> "file:///C:/Users/1joha/Desktop/Sonstiges/Links&html/links.html"
CHR Extension: (Präsentationen) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-25]
CHR Extension: (Docs) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-25]
CHR Extension: (Google Drive) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-25]
CHR Extension: (Tabellen) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-25]
CHR Extension: (Alloy) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljipcgeenffdcglannkpppedokbpgjl [2020-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-18]
CHR Extension: (Anwendungs-Launcher für Drive (von Google)) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Google Mail) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-18]
CHR HKU\S-1-5-21-2694351215-612894087-2333028821-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1641416 2019-05-07] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288392 2021-04-17] (HP Inc. -> HP Inc.)
R2 Huawei_OSDServer; C:\Windows\system32\RPC\OSD\osdservice.exe [217072 2019-08-16] (Huawei Technologies Co., Ltd. -> )
R2 LCD_Service; C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe [25584 2019-11-11] (Huawei Technologies Co., Ltd. -> Microsoft)
R2 MBAMainService; C:\Program Files\Huawei\PCManager\MateBookService.exe [1006064 2019-11-11] (Huawei Technologies Co., Ltd. -> )
R2 QPilotClientService; C:\Program Files\Q Pilot - Client\Service\QPilot-Client-Service.exe [335349 2020-04-14] (Schomäcker GmbH) [File not signed] [File is in use]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
R3 hwnetstat; C:\Program Files\Huawei\PCManager\WFPDriver.sys [30744 2019-11-11] (Huawei Technologies Co., Ltd. -> )
R2 HwOs2ECx64; C:\Program Files\Huawei\PCManager\HwOs2EC10x64.sys [49472 2019-11-11] (Huawei Technologies Co., Ltd. -> Huawei)
R3 MpKsl46a85478; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D23D194-DC25-4BDB-9E9C-B5CFA1DA06A1}\MpKslDrv.sys [130296 2021-11-17] (Microsoft Windows -> Microsoft Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831616 2021-04-26] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-17 11:09 - 2021-11-17 11:09 - 000000000 ____D C:\FRST
2021-11-17 10:36 - 2021-11-17 10:36 - 075497472 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-11-17 10:33 - 2021-11-17 10:36 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-11-16 18:15 - 2021-11-16 18:15 - 014358251 _____ C:\Users\1joha\Downloads\Folien_Theorie_2021.pdf
2021-11-16 18:14 - 2021-11-16 18:14 - 002996575 _____ C:\Users\1joha\Downloads\BSc KM1 Skript WS21-22.pdf
2021-11-16 17:23 - 2021-11-16 17:23 - 010002617 _____ C:\Users\1joha\Downloads\Skript_Biologie_PhysPrakt1.pdf
2021-11-15 17:19 - 2021-11-15 17:19 - 003150928 _____ C:\Users\1joha\Downloads\PCR Freitag Vormittag.pdf
2021-11-14 19:50 - 2021-11-14 19:50 - 000026112 _____ C:\Users\1joha\Downloads\km_1_mibi_gedaechtnisprotokoll_ws_2012doc.pdf
2021-11-13 13:04 - 2021-11-13 13:04 - 005799333 _____ C:\Users\1joha\Downloads\20210917103348_IMG_9514-01.jpeg
2021-11-12 19:34 - 2021-11-12 19:34 - 002595435 _____ C:\Users\1joha\Downloads\Blatt03MerzJohannes.pdf
2021-11-12 12:42 - 2021-11-12 12:42 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 12:42 - 2021-11-12 12:42 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 12:42 - 2021-11-12 12:42 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 12:41 - 2021-11-12 12:41 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 12:26 - 2021-11-12 12:26 - 000000000 ___HD C:\$WinREAgent
2021-11-12 12:25 - 2021-11-12 12:25 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-12 12:25 - 2021-11-12 12:25 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-11 21:14 - 2021-11-11 21:14 - 001755929 _____ C:\Users\1joha\Downloads\Merz_Schneider_Transformation.pdf
2021-11-11 17:30 - 2021-11-11 17:30 - 000088599 _____ C:\Users\1joha\Downloads\BSc BM1 Protokollvorlage WS21-22-1.pdf
2021-11-11 14:03 - 2021-11-11 14:03 - 001755929 _____ C:\Users\1joha\Downloads\Protokoll kUrs 3.pdf
2021-11-11 13:58 - 2021-11-11 13:59 - 002589672 _____ C:\Users\1joha\Downloads\Theorie Kursteil Plasmid-Isolierung und Charakterisierung.pdf
2021-11-09 09:41 - 2021-11-09 09:41 - 002429416 _____ C:\Users\1joha\Desktop\CamScanner 11-09-2021 09.37.pdf
2021-11-07 11:02 - 2021-11-07 11:02 - 002554082 _____ C:\Users\1joha\Downloads\2. Saeuren und Basen.pptx
2021-11-07 11:02 - 2021-11-07 11:02 - 001532928 _____ C:\Users\1joha\Downloads\3 Redoxreaktionen.ppt
2021-11-07 11:01 - 2021-11-07 11:01 - 001532928 _____ C:\Users\1joha\Downloads\3 Redoxreaktionenppt.sec
2021-11-05 12:29 - 2021-11-07 09:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-28 10:22 - 2021-10-28 10:22 - 000000000 ____D C:\Users\1joha\Desktop\Ausdrucken
2021-10-28 09:13 - 2021-10-28 09:18 - 000000000 ____D C:\Users\1joha\AppData\Roaming\.minecraft
2021-10-28 09:13 - 2021-10-28 09:15 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-10-28 09:13 - 2021-10-28 09:13 - 000001110 _____ C:\Users\Public\Desktop\Minecraft Launcher.lnk
2021-10-28 09:13 - 2021-10-28 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2021-10-18 07:25 - 2021-10-18 07:25 - 000002188 _____ C:\Users\1joha\Desktop\Cisco Webex Meetings.lnk
2021-10-18 07:25 - 2021-10-18 07:25 - 000000000 ____D C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop-App

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-17 11:09 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-17 11:02 - 2020-10-25 10:42 - 000000000 ____D C:\Users\1joha\AppData\Roaming\HwSynergy
2021-11-17 10:59 - 2020-10-22 11:16 - 000000000 ____D C:\Users\1joha\AppData\Roaming\discord
2021-11-17 10:58 - 2020-10-22 11:15 - 000000000 ____D C:\Users\1joha\AppData\Local\Discord
2021-11-17 10:44 - 2021-05-15 11:33 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-17 10:44 - 2019-12-07 15:50 - 000704976 _____ C:\WINDOWS\system32\perfh007.dat
2021-11-17 10:44 - 2019-12-07 15:50 - 000142062 _____ C:\WINDOWS\system32\perfc007.dat
2021-11-17 10:39 - 2021-04-10 16:25 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-17 10:39 - 2020-10-25 10:31 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-17 10:38 - 2021-04-10 16:25 - 000000000 ____D C:\Users\1joha\AppData\LocalLow\Mozilla
2021-11-17 10:37 - 2021-05-15 11:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-17 10:37 - 2021-04-28 11:14 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-17 10:37 - 2020-06-12 02:53 - 000000000 ____D C:\ProgramData\Goodix
2021-11-17 10:37 - 2020-06-12 01:56 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2021-11-17 10:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-17 10:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-17 10:33 - 2021-04-28 11:23 - 000000000 ____D C:\Users\1joha\AppData\Local\D3DSCache
2021-11-17 10:33 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-17 09:52 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-17 09:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-16 22:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-11-16 21:15 - 2021-05-15 11:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-16 11:11 - 2021-10-17 15:30 - 000000000 ____D C:\Users\1joha\AppData\Local\WebEx
2021-11-15 11:03 - 2021-10-17 15:30 - 000000000 ____D C:\Users\1joha\AppData\LocalLow\WebEx
2021-11-14 19:10 - 2020-10-31 08:09 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-12 19:54 - 2021-05-15 11:24 - 000629104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-12 19:53 - 2021-05-15 12:02 - 000000000 ____D C:\WINDOWS\en-GB
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-12 19:53 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-12 12:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-12 12:25 - 2020-10-21 20:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-12 12:15 - 2020-10-21 20:01 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-07 09:39 - 2021-05-15 11:31 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2694351215-612894087-2333028821-1001
2021-11-07 09:39 - 2021-05-15 11:25 - 000002386 _____ C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-07 09:35 - 2021-04-10 16:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-06 09:20 - 2021-10-11 11:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-06 09:20 - 2021-04-10 16:25 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-04 14:27 - 2021-07-21 11:23 - 000000000 ____D C:\Users\1joha\Documents\Studium Marburg
2021-11-04 08:59 - 2019-12-11 01:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-27 18:12 - 2021-10-12 08:34 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-10-27 18:12 - 2021-10-12 08:34 - 000001906 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-10-27 18:12 - 2021-10-12 08:34 - 000001906 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-10-27 18:12 - 2021-10-12 08:34 - 000001894 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-10-20 10:12 - 2020-10-25 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-10-19 10:38 - 2020-11-07 08:35 - 000000000 ____D C:\Users\1joha\Documents\Sonstiges
2021-10-18 07:23 - 2021-10-17 15:31 - 000000000 ____D C:\Users\1joha\AppData\Roaming\webex

==================== Files in the root of some directories ========

2021-07-26 11:15 - 2019-03-26 09:52 - 000000034 _____ () C:\Users\1joha\AppData\Roaming\pdfdrawcodec.dll
2021-02-21 10:45 - 2021-02-22 20:00 - 000003584 _____ () C:\Users\1joha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by 1joha (17-11-2021 11:11:09)
Running from C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\ExpPhysik1
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2021-05-15 10:31:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

1joha (S-1-5-21-2694351215-612894087-2333028821-1001 - Administrator - Enabled) => C:\Users\1joha
Administrator (S-1-5-21-2694351215-612894087-2333028821-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2694351215-612894087-2333028821-503 - Limited - Disabled)
Gast (S-1-5-21-2694351215-612894087-2333028821-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2694351215-612894087-2333028821-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
balenaEtcher 1.5.116 (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.116 - Balena Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.12.30.6 - Canon Inc.)
Canon Utilities EOS Network Setting Tool (HKLM-x32\...\EOS Network Setting Tool) (Version: 1.1.0.9 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.12.30.9 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.9.10.5 - Canon Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
Discord (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC)
Helicon Focus (HKLM\...\Helicon Focus 7_is1) (Version:  - Helicon Soft Ltd.)
Helicon Remote 3.9.11.0 (HKLM-x32\...\HeliconRemote_is1) (Version: 3.9.11.0 - Helicon Soft Ltd.)
Huawei OSD (HKLM\...\HwOsd) (Version: 9.0.19.0 - Huawei Technologies Co., Ltd.)
KeePass Password Safe 2.47 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.47 - Dominik Reichl)
LibreOffice 6.4.7.2 (HKLM\...\{19B8BD60-CB65-49E8-8CDC-4596799C4DA7}) (Version: 6.4.7.2 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 94.0.1 (x64 de)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 87.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.3 - Notepad++ Team)
Notion 2.0.16 (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.16 - Notion Labs, Incorporated)
OpenOffice Updater (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ATTENTION
PC Manager (HKLM\...\PC Manager) (Version: 10.0.2.99 - Huawei Technologies Co., Ltd.)
PDF Bearbeiten V2.8.7.2 (HKLM-x32\...\PDF Bearbeiten_is1) (Version:  - hxxp://www.PDFBearbeiten.net)
Q Pilot - Client (HKLM\...\Q Pilot - Client 4.31.3.23369) (Version: 4.31.3.23369 - Schomäcker GmbH)
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update7 - IDRIX)
VideoSolo Blu-ray Player 1.1.8 (HKLM-x32\...\{3FE47865-D020-4666-92D2-40322D48E361}_is1) (Version: 1.1.8 - VideoSolo Studio)
VNC Viewer 6.20.529 (HKLM\...\{1A0D1F90-8D1F-4922-8546-D1F84501C46A}) (Version: 6.20.529.42646 - RealVNC Ltd)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2021-10-12] (Advanced Micro Devices Inc.)
Dolby Atmos -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmos_3.20402.409.0_x64__rz1tebttyb220 [2020-06-12] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.2.261.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.)
Huawei Keyboard Hotkeys -> C:\Program Files\WindowsApps\HuaweiPC.HuaweiKeyboardHotkeys_9.0.19.0_x64__amfdc1pkdnmaa [2019-12-11] (Huawei Technologies Co., Ltd.) [Startup Task]
KONICA MINOLTA Print Experience -> C:\Program Files\WindowsApps\KONICAMINOLTAINC.KONICAMINOLTAPrintExperience_2.0.0.3_neutral__s63fsn2sety0r [2021-10-17] (KONICA MINOLTA INC)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-10-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-22] (Microsoft Corporation)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_1.0.41311.0_x64__8wekyb3d8bbwe [2021-10-13] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.7.196.0_x64__dt26b99r8h8gj [2020-06-12] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\1joha\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\1joha\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\1joha\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [HwShareMenu] -> {41b3b91f-d6b3-3430-bb86-a143f85353ca} => C:\Program Files\Huawei\PCManager\HwShellMenu\HwShareMenu9.DLL [2019-11-11] (Huawei Technologies Co., Ltd. -> )
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2694351215-612894087-2333028821-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKLM -> DefaultScope {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
SearchScopes: HKLM-x32 -> DefaultScope {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\sharepoint.com -> hxxps://sbsherzogenaurachde-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-10-21 18:25 - 2021-10-13 20:42 - 000000528 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2694351215-612894087-2333028821-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\1joha\Pictures\Saved Pictures\pia23533.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B423B78D-35F7-4A02-B763-62C739004B9F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{36D7C616-5945-4FB6-B581-8ED5E8803BD5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8A1ABF72-3AEC-4591-ACDF-BF25A0DE9AC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6C0F69FE-57E3-426C-9AF3-3648E3A83CA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{48BE0EF5-6234-470A-858E-419F886A44B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EE0B037D-18C6-4106-806B-196D6AAFB78C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{CDA2D75E-E798-4968-837D-7FAAEE2FEDFD}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [TCP Query User{A450FABE-FEBA-463F-8227-8F9BD4F0A1BF}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [UDP Query User{BFBAD8A8-9021-4EA0-85F2-9ECEEA02099D}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [TCP Query User{890E4956-70D1-4C28-860C-8D88BC57A245}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [UDP Query User{295FB35D-5421-4DD4-89C8-B57C2988A9CC}C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FB714A35-BDDC-4E5C-A7CE-C71DED89FE42}C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{138DC914-6B66-4DDC-8CEF-CA4A2052E401}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{7FEF8AC0-702F-40AF-8ADE-7123310CE3A8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [TCP Query User{A958E46A-A509-47DF-874F-84BFBFF358EC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{92E1C1D4-8561-4C61-97CA-0A1918D888DE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{33C1D052-5764-4013-8A9E-C51B74213F4F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{C4C3BB95-968A-4AD2-97A0-DB0913164F54}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{BC202CD1-629D-4ED2-BC15-7006FD5CA676}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )
FirewallRules: [{BE041033-6AC3-4F8B-88C4-F23B0B02D42D}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
FirewallRules: [{0D23579D-6233-408F-80B4-159262FFBE19}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
FirewallRules: [{D431BC2B-9482-47BD-9462-D4F8F231A0F4}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
FirewallRules: [{B3FB89BD-0391-4F36-A45C-12CD863D0E2E}] => (Allow) C:\Program Files\Huawei\PCManager\HWVCR.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:80 GB) (Free:18.47 GB) (23%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/17/2021 10:37:18 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 17 Nov 2021 09:37:17 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b60c5697-5d85-4f60-82ac-41cd5fe1a014

Method: GET(703ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/17/2021 08:35:43 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 17 Nov 2021 07:35:42 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 403c864b-243b-4580-94e6-25d75bf2944a

Method: GET(265ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/16/2021 08:21:43 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 16 Nov 2021 07:21:42 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: fddf420f-ee6b-41e4-8d84-6fbadd797299

Method: GET(328ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/15/2021 08:13:10 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 15 Nov 2021 07:13:09 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 09374ec2-dcb0-4d45-b589-b2a506c28e63

Method: GET(282ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/14/2021 04:24:30 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 14 Nov 2021 15:24:29 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: cb289eb7-31e8-47ac-a71e-2e408e3d3633

Method: GET(266ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/14/2021 08:21:25 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 14 Nov 2021 07:21:26 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 769e5968-2728-482d-95d0-5220c4dedd73

Method: GET(344ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/13/2021 08:30:43 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 13 Nov 2021 07:30:43 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 8d0fa8d7-db81-40df-b00b-5bf9c26506c1

Method: GET(265ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/13/2021 08:21:49 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 13 Nov 2021 07:21:49 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b520637b-775c-4d83-8aab-72aa8f7feb8e

Method: GET(984ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


System errors:
=============
Error: (11/17/2021 10:37:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/17/2021 08:36:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/16/2021 10:14:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {924DC564-16A6-42EB-929A-9A61FA7DA06F} did not register with DCOM within the required timeout.

Error: (11/16/2021 10:14:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {924DC564-16A6-42EB-929A-9A61FA7DA06F} did not register with DCOM within the required timeout.

Error: (11/16/2021 04:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/16/2021 08:21:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/15/2021 05:56:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/15/2021 08:13:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Windows Defender:
================
Date: 2021-11-17 11:03:14
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/DownloadSponsor&threatid=311978&enterprise=0
Name: PUADlManager:Win32/DownloadSponsor
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\$Recycle.Bin\S-1-5-21-2694351215-612894087-2333028821-1001\$RMUTMZA.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.353.1139.0, AS: 1.353.1139.0, NIS: 1.353.1139.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-17 10:42:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-17 10:05:18
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-17 10:05:04
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-17 10:04:51
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Event[0]:

Date: 2021-11-17 10:05:18
Description: 
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Action: Unknown
Action Status:  No additional actions required
Error Code: 0x80508032
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-08-24 12:04:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.1691.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===============
Date: 2021-10-17 12:37:40
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive File Stream\51.0.16.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.

Date: 2021-10-13 14:07:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive File Stream\51.0.15.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: HUAWEI 1.11 12/04/2020
Motherboard: HUAWEI NBLK-WAX9X-PCB
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx 
Percentage of memory in use: 75%
Total physical RAM: 7103.64 MB
Available physical RAM: 1774.84 MB
Total Virtual: 9407.64 MB
Available Virtual: 2316.22 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:80 GB) (Free:18.47 GB) NTFS
Drive d: (Data) (Fixed) (Total:142.86 GB) (Free:140.39 GB) NTFS

\\?\Volume{4116f9bd-f5f6-4e64-94b9-76dec10b897f}\ (WINPE) (Fixed) (Total:0.5 GB) (Free:0.02 GB) FAT32
\\?\Volume{1084e76a-7697-4e91-8685-1ca37a50ce51}\ (Onekey) (Fixed) (Total:14 GB) (Free:4.66 GB) NTFS
\\?\Volume{e641b57e-96df-42e0-bf98-3d99d5a316c7}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.52 GB) NTFS
\\?\Volume{e961dcd6-7d99-46a6-99ca-a27fd53da2e0}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6535F317)

Partition: GPT.

==================== End of Addition.txt =======================
         
--- --- ---


Code:
ATTFilter
Users shortcut scan result (x64) Version: 14-11-2021
Ran by 1joha (17-11-2021 11:12:01)
Running from C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\ExpPhysik1
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\1joha\Links\Desktop.lnk -> C:\Users\1joha\Desktop ()
Shortcut: C:\Users\1joha\Links\Downloads.lnk -> C:\Users\1joha\Downloads ()
Shortcut: C:\Users\1joha\Desktop\balenaEtcher.lnk -> C:\Users\1joha\AppData\Local\Programs\balena-etcher\balenaEtcher.exe (Balena Inc.)
Shortcut: C:\Users\1joha\Desktop\Cisco Webex Meetings.lnk -> C:\Users\1joha\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\1joha\Desktop\Helicon 3D Viewer.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\Helicon3DViewer.exe ()
Shortcut: C:\Users\1joha\Desktop\Helicon Focus 7.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\HeliconFocus.exe (HeliconSoft Ltd)
Shortcut: C:\Users\1joha\Desktop\Helicon Remote.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\HeliconRemote.exe ()
Shortcut: C:\Users\1joha\Desktop\KeePass 2.lnk -> C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\Users\1joha\Desktop\Notion.lnk -> C:\Users\1joha\AppData\Local\Programs\Notion\Notion.exe (Notion Labs, Incorporated)
Shortcut: C:\Users\1joha\Desktop\Pictures - Shortcut.lnk -> C:\Users\1joha\Pictures ()
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk -> C:\Users\1joha\AppData\Local\Programs\balena-etcher\balenaEtcher.exe (Balena Inc.)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notion.lnk -> C:\Users\1joha\AppData\Local\Programs\Notion\Notion.exe (Notion Labs, Incorporated)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\1joha\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\1joha\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop-App\Cisco Webex Meetings.lnk -> C:\Users\1joha\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VideoSolo Blu-ray Player.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.exe (VideoSolo)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice\program\swriter.exe (The Document Foundation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Q Pilot - Client GUI.lnk -> C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe (Schomäcker GmbH)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe DNG Converter.lnk -> C:\Program Files\Adobe\Adobe DNG Converter\Adobe DNG Converter.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe (Google, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk -> C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk -> C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoSolo\VideoSolo Blu-ray Player\Uninstall.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoSolo\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.exe (VideoSolo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCrypt.lnk -> C:\Program Files\VeraCrypt\VeraCrypt.exe (IDRIX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCryptExpander.lnk -> C:\Program Files\VeraCrypt\VeraCryptExpander.exe (IDRIX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Association\SD Card Formatter\SD Card Formatter.lnk -> C:\Windows\Installer\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}\NewShortcut1_69C2B9A012C943F8B6BC658D1AC73474.exe (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q Pilot - Client\Q Pilot - Client deinstallieren.lnk -> C:\Program Files\Q Pilot - Client\uninstall.exe (Schomäcker GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q Pilot - Client\Q Pilot - Client GUI.lnk -> C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe (Schomäcker GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Bearbeiten\PDF Bearbeiten entfernen.lnk -> C:\Program Files (x86)\PDFBearbeiten\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Bearbeiten\PDF Bearbeiten.lnk -> C:\Program Files (x86)\PDFBearbeiten\splash.exe (hxxp://www.PDFBearbeiten.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher\Minecraft Launcher.lnk -> C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Base.lnk -> C:\Program Files\LibreOffice\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Calc.lnk -> C:\Program Files\LibreOffice\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Draw.lnk -> C:\Program Files\LibreOffice\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Impress.lnk -> C:\Program Files\LibreOffice\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Math.lnk -> C:\Program Files\LibreOffice\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice.lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HUAWEI\PCManager\PC Manager.lnk -> C:\Program Files\Huawei\PCManager\PCManager.exe (Huawei Technologies Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\HeliconRemote.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Uninstall Helicon Remote.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote Help\English.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\help_black\english\HeliconRemote.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote Help\German.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\help_black\german\HeliconRemote.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote Help\Russian.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\help_black\russian\HeliconRemote.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Focus 7\Helicon 3D Viewer.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\Helicon3DViewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Focus 7\Helicon Focus 7.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\HeliconFocus.exe (HeliconSoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Focus 7\Uninstall Helicon Focus.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Web Service Registration Tool\EOS Web Service Registration Tool.lnk -> C:\Program Files (x86)\Canon\EOS Web Service Registration Tool\EOS Web Service Registration Tool.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility 2 - INFO.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EU2\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility 2.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EU2\EOS Utility 2.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility 3 - INFO.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EU3\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Network Setting Tool\EOS Network Setting Tool.lnk -> C:\Program Files (x86)\Canon\EOS Network Setting Tool\EOS Network Setting Tool.exe (Canon INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Lens Registration Tool\EOS Lens Registration Tool.lnk -> C:\Program Files (x86)\Canon\EOS Lens Registration Tool\EOS Lens Registration Tool.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Backup and Sync from Google.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\1joha\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\LibreOffice 6.4.lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\Public\Desktop\Minecraft Launcher.lnk -> C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang)
Shortcut: C:\Users\Public\Desktop\PDF Bearbeiten.lnk -> C:\Program Files (x86)\PDFBearbeiten\splash.exe (hxxp://www.PDFBearbeiten.net)
Shortcut: C:\Users\Public\Desktop\SD Card Formatter.lnk -> C:\Windows\Installer\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}\NewShortcut11_9F21041712364E7FBB19D6D84D3AFF1D.exe (Flexera Software LLC)
Shortcut: C:\Users\Public\Desktop\VeraCrypt.lnk -> C:\Program Files\VeraCrypt\VeraCrypt.exe (IDRIX)


ShortcutWithArgument: C:\Users\1joha\Desktop\Discord.lnk -> C:\Users\1joha\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\1joha\Desktop\Microsoft Teams.lnk -> C:\Users\1joha\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\1joha\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\1joha\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.) -> /AutoStartUp
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\1joha\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoSolo\VideoSolo Blu-ray Player\Visit Product.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.exe (VideoSolo) -> --pop_product_url
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice (Safe Mode).lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation) -> --safe-mode
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Google Docs.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe () -> --new_document
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Google Sheets.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe () -> --new_spreadsheet
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Google Slides.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe () -> --new_presentation
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\Desktop\Google Docs.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () -> -open_gdocs_root
ShortcutWithArgument: C:\Users\Default\Desktop\Google Sheets.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () -> -open_gsheets_root
ShortcutWithArgument: C:\Users\Default\Desktop\Google Slides.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () -> -open_gslides_root
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\1joha\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCrypt Website.url -> URL: hxxps://www.veracrypt.fr
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Bearbeiten\PDF Bearbeiten im Internet.url -> URL: hxxp://www.PDFBearbeiten.net

==================== End of Shortcut.txt =============================
         
__________________

Alt 17.11.2021, 12:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



Bitte meine Frage beantworten, das interessiert mich nämlich

Alt 17.11.2021, 12:56   #5
mirx
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



ausversehen. Ich dachte das zeigt es dann als "Ausdruck" an.

und ich muss sagen, das ich die Erklärung etwas unübersichtlich finde.
Lauter verschiedene Schriftarten, Schriftgrößen, Schriftfarben usw.


Alt 17.11.2021, 13:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



Ok, danke für das Feedback, ich werd das mal so weitergeben


Störende, veraltete oder unnötige Programme deinstallieren

Bitte über Programme und Features (appwiz.cpl) deinstallieren:
  • OpenOffice Updater
  • VNC Viewer 6.20.529
__________________
--> windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download

Alt 17.11.2021, 13:16   #7
mirx
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



hab ich gemacht.

Alt 17.11.2021, 13:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner bitte wiederholen falls es Funde gab.

Alt 17.11.2021, 14:14   #9
mirx
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



findet nichts

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-17-2021
# Duration: 00:00:06
# OS:       Windows 10 Home
# Scanned:  32009
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1406 octets] - [17/11/2021 14:09:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
         

Alt 17.11.2021, 14:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



Kontrollscans mit MBAM und RK

Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit
Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.

Alt 17.11.2021, 14:45   #11
mirx
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



für rogue killer braucht man eine Lizenz

Malwarebytes hat etwas gefunden, aber etwas anderes
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 17/11/2021
Scan Time: 14:25
Log File: d501507c-47a9-11ec-9ec0-5c3a450658e0.json

-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47284
Licence: Trial

-System Information-
OS: Windows 10 (Build 19042.1348)
CPU: x64
File System: NTFS
User: LAPTOP-V5MMEJB2\1joha

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298338
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 3 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.ChipDe, C:\$RECYCLE.BIN\S-1-5-21-2694351215-612894087-2333028821-1001\$RPYXGRI.EXE, No Action By User, 615, 557991, 1.0.47284, , ame, , 9A3EA170EE790A5E496858194A3AE493, 0C558FFF60A02EAFE267B4C075D687CF9F172FE0A4D4263E9B858A9896CD43A2

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
         
ah, jetzt

Code:
ATTFilter
Program            : RogueKiller Anti-Malware
Version            : 15.1.3.0
x64                : Yes
Program Date       : Nov  9 2021
Location           : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium            : No
Company            : Adlice Software
Website            : https://www.adlice.com/
Contact            : https://adlice.com/contact/
Website            : https://adlice.com/download/roguekiller/
Operating System   : Windows 10 (10.0.19042) 64-bit
64-bit OS          : Yes
Startup            : 0
WindowsPE          : No
User               : 1joha
User is Admin      : Yes
Date               : 2021/11/17 13:44:16
Type               : Removal
Aborted            : No
Scan Mode          : Standard
Duration           : 201
Found items        : 1
Total scanned      : 59341
Signatures Version : 20211117_090931
Truesight Driver   : Yes
Updates Count      : 3
Arguments          : -minimize

************************* Warnings *************************

************************* Removal *************************
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2694351215-612894087-2333028821-1001\Software\OCS --  -> Deleted
  [+] scan_what       : 2
  [+] vendors         : PUP.Gen1
  [+] Name            : HKEY_USERS\S-1-5-21-2694351215-612894087-2333028821-1001\Software\OCS
  [+] Type            : Registry
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 0
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1
         

Alt 17.11.2021, 14:47   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



Gut. Deine nächste Aufgabe:

Zitat:
Microsoft Windows 10 Home Version 20H2 19042.1348
Windows auf Release 21H2 bringen.


Dann wären wir durch!

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Abschließend bitte noch einen Cleanup mit unserem TB-Cleanup-Script durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:


Alt 19.11.2021, 22:08   #13
M-K-D-B
/// TB-Ausbilder
 
windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Standard

windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download



Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

Thema geschlossen

Themen zu windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download
backdoor, compu, defender, download, entferne, entfernen, guten, melde, meldet, morgen, nach download, nicht, nicht mehr, weiße, windows, windows 10, windows defender, zukunft



Ähnliche Themen: windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download


  1. Trojan:Script/Wacatac.B!ml + Backdoor:Win32/Bladabindi!ml
    Log-Analyse und Auswertung - 27.08.2021 (4)
  2. Windows 10: Backdoor:Win32/Bladabindi!ml
    Log-Analyse und Auswertung - 22.04.2021 (11)
  3. Download Probleme nach Neuinstallation von Windows
    Alles rund um Windows - 21.07.2016 (7)
  4. Windows 8: Trojaner (Backdoor.Win32.Androm.gjvy) auf Computer nach öffnen einer Email für pay pal Rechnung
    Log-Analyse und Auswertung - 25.03.2015 (13)
  5. Windows 7: Win32:Dropper-gen [Drp] nach download gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.05.2014 (18)
  6. windows xp/pro/sp3 totalschaden nach download
    Log-Analyse und Auswertung - 04.10.2013 (17)
  7. Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?
    Log-Analyse und Auswertung - 10.06.2013 (16)
  8. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  9. C:\Windows\System32 Virusbefall durch backdoor:win32 cycbot.B
    Log-Analyse und Auswertung - 13.07.2011 (13)
  10. C:\Windows\System32 Virusbefall durch backdoor:win32 cycbot.B
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (17)
  11. C:\Windows\System32 Virusbefall durch backdoor:win32 cycbot.B
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (61)
  12. ComboFix nach Win32.Backdoor.Papras/A
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (11)
  13. Kaspersky meldet nach DivX update Backdoor.Win32.IRCNite.anf
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (1)
  14. windows nach download kaputt
    Alles rund um Windows - 09.09.2009 (7)
  15. Datensicherung nach Backdoor.Win32.TDSS Befall
    Plagegeister aller Art und deren Bekämpfung - 28.01.2009 (0)
  16. Angst auf backdoor, nach win32:Trojan Warnung!
    Log-Analyse und Auswertung - 26.10.2008 (5)
  17. Windows-Defender meldet Backdoor.win32/Rbot
    Log-Analyse und Auswertung - 15.04.2008 (1)

Zum Thema windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download - Guten Morgen, ich habe intelligenter Weiße etwas auf Computerbild.de heruntergeladen - was ich in Zukunft nicht mehr machen werde. Mein Windows Defender meldet nun: Backdoor:Win32/Bladabindi.YPS!MTB Alert level: severe Status: active - windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download...
Archiv
Du betrachtest: windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.