FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by 1joha (administrator) on LAPTOP-V5MMEJB2 (HUAWEI NBLK-WAX9X) (17-11-2021 11:09:32)
Running from C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\ExpPhysik1
Loaded Profiles: 1joha
Platform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0347924.inf_amd64_04af308e61660124\B347730\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0347924.inf_amd64_04af308e61660124\B347730\atiesrxx.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\1joha\AppData\Local\WebEx\WebEx\Meetings\atmgr.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\1joha\AppData\Local\WebEx\WebexHost.exe
(Discord Inc. -> Discord Inc.) C:\Users\1joha\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\52.0.6.0\crashpad_handler.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe <7>
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files\Huawei\PCManager\MateBookService.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe
(Huawei Technologies Co., Ltd. -> ) C:\Windows\System32\RPC\OSD\osdservice.exe
(Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HwLcdEnhancement\MonitorManageStart.exe
(Huawei Technologies Co., Ltd. -> Microsoft) C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\drivers\SessionService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Schomäcker GmbH) [File not signed] [File is in use] C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe
(Schomäcker GmbH) [File not signed] [File is in use] C:\Program Files\Q Pilot - Client\Service\QPilot-Client-Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [971552 2019-09-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [QPilotClientGUI] => C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe [317541 2020-04-14] (Schomäcker GmbH) [File not signed] [File is in use]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3137728 2021-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\1joha\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [OpenOffice Updater] => C:\Users\1joha\AppData\Roaming\OpenOffice Updater\Updater.exe [365680 2019-11-03] (Arne Koenig -> ) <==== ATTENTION
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [Discord] => C:\Users\1joha\AppData\Local\Discord\Update.exe [1512096 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49952424 2021-10-19] (Google LLC -> )
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\1joha\AppData\Local\WebEx\WebexHost.exe [6009680 2021-11-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [109288 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\C368SeriesPCL Language Monitor: C:\WINDOWS\system32\KOAXPJ_L.DLL [25568 2019-02-14] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [44288 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
Startup: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2020-10-25]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0909FF50-AFDC-4728-8DFC-B1BE0C451613} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C131483-8660-45E7-9EF6-68C966E2F77D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C60ACBA-0BC5-4E4E-A12C-30282E225CD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6161FE08-00C8-40A7-B719-7E7AFCACCBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
Task: {8FC8118A-EF81-47BE-BA05-6C1DC6FBBBDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
Task: {A13746C3-28B6-40AB-8AB4-BCB205DFCC58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD82D61D-D291-446D-8179-50D12B878431} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {CC11DBBE-29A4-4C8D-A4B4-A596EA60A3A5} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {D2AE6432-BFCB-4EB1-A674-03BBEC77BF55} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-05] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{63dd64c4-def7-4167-a447-8e8ca168e7f4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9067b2cc-392c-44b1-b3f1-d6d4f657e2b0}: [DhcpNameServer] 40.41.1.12
Edge:
=======
DownloadDir: C:\Users\1joha\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\1joha\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-17]
Edge StartupUrls: Default -> "hxxps://www.google.de/"
FireFox:
========
FF DefaultProfile: spoqee5u.default
FF ProfilePath: C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\spoqee5u.default [2021-04-10]
FF ProfilePath: C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release [2021-11-17]
FF Homepage: Mozilla\Firefox\Profiles\m8i35jzt.default-release -> file:///C:/Users/1joha/Documents/Sonstiges/Links&html/Johnny's%20LInks2021.August.html
FF Session Restore: Mozilla\Firefox\Profiles\m8i35jzt.default-release -> is enabled.
FF Extension: (AdBlocker Ultimate) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-10-14]
FF Extension: (Colorful cubes) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{168c7cf2-8d10-460d-94f3-6482b8602cc2}.xpi [2021-09-20]
FF Extension: (__Cool Shade__) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{56b8b413-e19e-47c7-80c5-52a6795dfe78}.xpi [2021-09-20]
FF Extension: (Dark Mode) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{830f38bd-efc5-45dc-a5a6-064d9a638806}.xpi [2021-09-20]
FF Extension: (gray leaf) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{979aae3a-31db-479d-b7d5-95054b5a33ff}.xpi [2021-09-20]
FF Extension: (ANIMATED Blue Plexus by candelora) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{abca071b-3177-4a86-84b9-c9a712c2268b}.xpi [2021-10-14]
FF Extension: (Northern Lake FT by MaDonna) - C:\Users\1joha\AppData\Roaming\Mozilla\Firefox\Profiles\m8i35jzt.default-release\Extensions\{fcebb804-5eb9-43d9-a12a-30f6ca1b9b1b}.xpi [2021-09-20]
Chrome:
=======
CHR Profile: C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default [2021-04-10]
CHR StartupUrls: Default -> "file:///C:/Users/1joha/Desktop/Sonstiges/Links&html/links.html"
CHR Extension: (Präsentationen) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-25]
CHR Extension: (Docs) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-25]
CHR Extension: (Google Drive) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-25]
CHR Extension: (Tabellen) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-25]
CHR Extension: (Alloy) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljipcgeenffdcglannkpppedokbpgjl [2020-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-18]
CHR Extension: (Anwendungs-Launcher für Drive (von Google)) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Google Mail) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\1joha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-18]
CHR HKU\S-1-5-21-2694351215-612894087-2333028821-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1641416 2019-05-07] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288392 2021-04-17] (HP Inc. -> HP Inc.)
R2 Huawei_OSDServer; C:\Windows\system32\RPC\OSD\osdservice.exe [217072 2019-08-16] (Huawei Technologies Co., Ltd. -> )
R2 LCD_Service; C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe [25584 2019-11-11] (Huawei Technologies Co., Ltd. -> Microsoft)
R2 MBAMainService; C:\Program Files\Huawei\PCManager\MateBookService.exe [1006064 2019-11-11] (Huawei Technologies Co., Ltd. -> )
R2 QPilotClientService; C:\Program Files\Q Pilot - Client\Service\QPilot-Client-Service.exe [335349 2020-04-14] (Schomäcker GmbH) [File not signed] [File is in use]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
R3 hwnetstat; C:\Program Files\Huawei\PCManager\WFPDriver.sys [30744 2019-11-11] (Huawei Technologies Co., Ltd. -> )
R2 HwOs2ECx64; C:\Program Files\Huawei\PCManager\HwOs2EC10x64.sys [49472 2019-11-11] (Huawei Technologies Co., Ltd. -> Huawei)
R3 MpKsl46a85478; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D23D194-DC25-4BDB-9E9C-B5CFA1DA06A1}\MpKslDrv.sys [130296 2021-11-17] (Microsoft Windows -> Microsoft Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831616 2021-04-26] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-17 11:09 - 2021-11-17 11:09 - 000000000 ____D C:\FRST
2021-11-17 10:36 - 2021-11-17 10:36 - 075497472 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-11-17 10:33 - 2021-11-17 10:36 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-11-16 18:15 - 2021-11-16 18:15 - 014358251 _____ C:\Users\1joha\Downloads\Folien_Theorie_2021.pdf
2021-11-16 18:14 - 2021-11-16 18:14 - 002996575 _____ C:\Users\1joha\Downloads\BSc KM1 Skript WS21-22.pdf
2021-11-16 17:23 - 2021-11-16 17:23 - 010002617 _____ C:\Users\1joha\Downloads\Skript_Biologie_PhysPrakt1.pdf
2021-11-15 17:19 - 2021-11-15 17:19 - 003150928 _____ C:\Users\1joha\Downloads\PCR Freitag Vormittag.pdf
2021-11-14 19:50 - 2021-11-14 19:50 - 000026112 _____ C:\Users\1joha\Downloads\km_1_mibi_gedaechtnisprotokoll_ws_2012doc.pdf
2021-11-13 13:04 - 2021-11-13 13:04 - 005799333 _____ C:\Users\1joha\Downloads\20210917103348_IMG_9514-01.jpeg
2021-11-12 19:34 - 2021-11-12 19:34 - 002595435 _____ C:\Users\1joha\Downloads\Blatt03MerzJohannes.pdf
2021-11-12 12:42 - 2021-11-12 12:42 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 12:42 - 2021-11-12 12:42 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 12:42 - 2021-11-12 12:42 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 12:41 - 2021-11-12 12:41 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 12:26 - 2021-11-12 12:26 - 000000000 ___HD C:\$WinREAgent
2021-11-12 12:25 - 2021-11-12 12:25 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-12 12:25 - 2021-11-12 12:25 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-11 21:14 - 2021-11-11 21:14 - 001755929 _____ C:\Users\1joha\Downloads\Merz_Schneider_Transformation.pdf
2021-11-11 17:30 - 2021-11-11 17:30 - 000088599 _____ C:\Users\1joha\Downloads\BSc BM1 Protokollvorlage WS21-22-1.pdf
2021-11-11 14:03 - 2021-11-11 14:03 - 001755929 _____ C:\Users\1joha\Downloads\Protokoll kUrs 3.pdf
2021-11-11 13:58 - 2021-11-11 13:59 - 002589672 _____ C:\Users\1joha\Downloads\Theorie Kursteil Plasmid-Isolierung und Charakterisierung.pdf
2021-11-09 09:41 - 2021-11-09 09:41 - 002429416 _____ C:\Users\1joha\Desktop\CamScanner 11-09-2021 09.37.pdf
2021-11-07 11:02 - 2021-11-07 11:02 - 002554082 _____ C:\Users\1joha\Downloads\2. Saeuren und Basen.pptx
2021-11-07 11:02 - 2021-11-07 11:02 - 001532928 _____ C:\Users\1joha\Downloads\3 Redoxreaktionen.ppt
2021-11-07 11:01 - 2021-11-07 11:01 - 001532928 _____ C:\Users\1joha\Downloads\3 Redoxreaktionenppt.sec
2021-11-05 12:29 - 2021-11-07 09:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-28 10:22 - 2021-10-28 10:22 - 000000000 ____D C:\Users\1joha\Desktop\Ausdrucken
2021-10-28 09:13 - 2021-10-28 09:18 - 000000000 ____D C:\Users\1joha\AppData\Roaming\.minecraft
2021-10-28 09:13 - 2021-10-28 09:15 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-10-28 09:13 - 2021-10-28 09:13 - 000001110 _____ C:\Users\Public\Desktop\Minecraft Launcher.lnk
2021-10-28 09:13 - 2021-10-28 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2021-10-18 07:25 - 2021-10-18 07:25 - 000002188 _____ C:\Users\1joha\Desktop\Cisco Webex Meetings.lnk
2021-10-18 07:25 - 2021-10-18 07:25 - 000000000 ____D C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop-App
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-17 11:09 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-17 11:02 - 2020-10-25 10:42 - 000000000 ____D C:\Users\1joha\AppData\Roaming\HwSynergy
2021-11-17 10:59 - 2020-10-22 11:16 - 000000000 ____D C:\Users\1joha\AppData\Roaming\discord
2021-11-17 10:58 - 2020-10-22 11:15 - 000000000 ____D C:\Users\1joha\AppData\Local\Discord
2021-11-17 10:44 - 2021-05-15 11:33 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-17 10:44 - 2019-12-07 15:50 - 000704976 _____ C:\WINDOWS\system32\perfh007.dat
2021-11-17 10:44 - 2019-12-07 15:50 - 000142062 _____ C:\WINDOWS\system32\perfc007.dat
2021-11-17 10:39 - 2021-04-10 16:25 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-17 10:39 - 2020-10-25 10:31 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-17 10:38 - 2021-04-10 16:25 - 000000000 ____D C:\Users\1joha\AppData\LocalLow\Mozilla
2021-11-17 10:37 - 2021-05-15 11:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-17 10:37 - 2021-04-28 11:14 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-17 10:37 - 2020-06-12 02:53 - 000000000 ____D C:\ProgramData\Goodix
2021-11-17 10:37 - 2020-06-12 01:56 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2021-11-17 10:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-17 10:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-17 10:33 - 2021-04-28 11:23 - 000000000 ____D C:\Users\1joha\AppData\Local\D3DSCache
2021-11-17 10:33 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-17 09:52 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-17 09:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-16 22:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-11-16 21:15 - 2021-05-15 11:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-16 11:11 - 2021-10-17 15:30 - 000000000 ____D C:\Users\1joha\AppData\Local\WebEx
2021-11-15 11:03 - 2021-10-17 15:30 - 000000000 ____D C:\Users\1joha\AppData\LocalLow\WebEx
2021-11-14 19:10 - 2020-10-31 08:09 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-12 19:54 - 2021-05-15 11:24 - 000629104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-12 19:53 - 2021-05-15 12:02 - 000000000 ____D C:\WINDOWS\en-GB
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-12 19:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-12 19:53 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-12 12:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-12 12:25 - 2020-10-21 20:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-12 12:15 - 2020-10-21 20:01 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-07 09:39 - 2021-05-15 11:31 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2694351215-612894087-2333028821-1001
2021-11-07 09:39 - 2021-05-15 11:25 - 000002386 _____ C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-07 09:35 - 2021-04-10 16:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-06 09:20 - 2021-10-11 11:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-06 09:20 - 2021-04-10 16:25 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-04 14:27 - 2021-07-21 11:23 - 000000000 ____D C:\Users\1joha\Documents\Studium Marburg
2021-11-04 08:59 - 2019-12-11 01:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-27 18:12 - 2021-10-12 08:34 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-10-27 18:12 - 2021-10-12 08:34 - 000001906 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-10-27 18:12 - 2021-10-12 08:34 - 000001906 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-10-27 18:12 - 2021-10-12 08:34 - 000001894 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-10-20 10:12 - 2020-10-25 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-10-19 10:38 - 2020-11-07 08:35 - 000000000 ____D C:\Users\1joha\Documents\Sonstiges
2021-10-18 07:23 - 2021-10-17 15:31 - 000000000 ____D C:\Users\1joha\AppData\Roaming\webex
==================== Files in the root of some directories ========
2021-07-26 11:15 - 2019-03-26 09:52 - 000000034 _____ () C:\Users\1joha\AppData\Roaming\pdfdrawcodec.dll
2021-02-21 10:45 - 2021-02-22 20:00 - 000003584 _____ () C:\Users\1joha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ======================== --- --- ---
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by 1joha (17-11-2021 11:11:09)
Running from C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\ExpPhysik1
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2021-05-15 10:31:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
1joha (S-1-5-21-2694351215-612894087-2333028821-1001 - Administrator - Enabled) => C:\Users\1joha
Administrator (S-1-5-21-2694351215-612894087-2333028821-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2694351215-612894087-2333028821-503 - Limited - Disabled)
Gast (S-1-5-21-2694351215-612894087-2333028821-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2694351215-612894087-2333028821-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
balenaEtcher 1.5.116 (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.116 - Balena Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.12.30.6 - Canon Inc.)
Canon Utilities EOS Network Setting Tool (HKLM-x32\...\EOS Network Setting Tool) (Version: 1.1.0.9 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.12.30.9 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.9.10.5 - Canon Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
Discord (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC)
Helicon Focus (HKLM\...\Helicon Focus 7_is1) (Version: - Helicon Soft Ltd.)
Helicon Remote 3.9.11.0 (HKLM-x32\...\HeliconRemote_is1) (Version: 3.9.11.0 - Helicon Soft Ltd.)
Huawei OSD (HKLM\...\HwOsd) (Version: 9.0.19.0 - Huawei Technologies Co., Ltd.)
KeePass Password Safe 2.47 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.47 - Dominik Reichl)
LibreOffice 6.4.7.2 (HKLM\...\{19B8BD60-CB65-49E8-8CDC-4596799C4DA7}) (Version: 6.4.7.2 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 94.0.1 (x64 de)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 87.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.3 - Notepad++ Team)
Notion 2.0.16 (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.16 - Notion Labs, Incorporated)
OpenOffice Updater (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ATTENTION
PC Manager (HKLM\...\PC Manager) (Version: 10.0.2.99 - Huawei Technologies Co., Ltd.)
PDF Bearbeiten V2.8.7.2 (HKLM-x32\...\PDF Bearbeiten_is1) (Version: - hxxp://www.PDFBearbeiten.net)
Q Pilot - Client (HKLM\...\Q Pilot - Client 4.31.3.23369) (Version: 4.31.3.23369 - Schomäcker GmbH)
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update7 - IDRIX)
VideoSolo Blu-ray Player 1.1.8 (HKLM-x32\...\{3FE47865-D020-4666-92D2-40322D48E361}_is1) (Version: 1.1.8 - VideoSolo Studio)
VNC Viewer 6.20.529 (HKLM\...\{1A0D1F90-8D1F-4922-8546-D1F84501C46A}) (Version: 6.20.529.42646 - RealVNC Ltd)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2021-10-12] (Advanced Micro Devices Inc.)
Dolby Atmos -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmos_3.20402.409.0_x64__rz1tebttyb220 [2020-06-12] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.2.261.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.)
Huawei Keyboard Hotkeys -> C:\Program Files\WindowsApps\HuaweiPC.HuaweiKeyboardHotkeys_9.0.19.0_x64__amfdc1pkdnmaa [2019-12-11] (Huawei Technologies Co., Ltd.) [Startup Task]
KONICA MINOLTA Print Experience -> C:\Program Files\WindowsApps\KONICAMINOLTAINC.KONICAMINOLTAPrintExperience_2.0.0.3_neutral__s63fsn2sety0r [2021-10-17] (KONICA MINOLTA INC)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-10-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-22] (Microsoft Corporation)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_1.0.41311.0_x64__8wekyb3d8bbwe [2021-10-13] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.7.196.0_x64__dt26b99r8h8gj [2020-06-12] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\1joha\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\1joha\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2694351215-612894087-2333028821-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\1joha\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [HwShareMenu] -> {41b3b91f-d6b3-3430-bb86-a143f85353ca} => C:\Program Files\Huawei\PCManager\HwShellMenu\HwShareMenu9.DLL [2019-11-11] (Huawei Technologies Co., Ltd. -> )
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKLM -> DefaultScope {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
SearchScopes: HKLM-x32 -> DefaultScope {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {4A54FBAA-FD09-4E79-9130-E44A03872DBA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\sharepoint.com -> hxxps://sbsherzogenaurachde-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-10-21 18:25 - 2021-10-13 20:42 - 000000528 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\1joha\Pictures\Saved Pictures\pia23533.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2694351215-612894087-2333028821-1001\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B423B78D-35F7-4A02-B763-62C739004B9F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{36D7C616-5945-4FB6-B581-8ED5E8803BD5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8A1ABF72-3AEC-4591-ACDF-BF25A0DE9AC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6C0F69FE-57E3-426C-9AF3-3648E3A83CA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{48BE0EF5-6234-470A-858E-419F886A44B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EE0B037D-18C6-4106-806B-196D6AAFB78C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{CDA2D75E-E798-4968-837D-7FAAEE2FEDFD}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [TCP Query User{A450FABE-FEBA-463F-8227-8F9BD4F0A1BF}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [UDP Query User{BFBAD8A8-9021-4EA0-85F2-9ECEEA02099D}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [TCP Query User{890E4956-70D1-4C28-860C-8D88BC57A245}C:\program files (x86)\helicon software\helicon remote\heliconremote.exe] => (Allow) C:\program files (x86)\helicon software\helicon remote\heliconremote.exe (GELIKON SOFT, TOV -> )
FirewallRules: [UDP Query User{295FB35D-5421-4DD4-89C8-B57C2988A9CC}C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FB714A35-BDDC-4E5C-A7CE-C71DED89FE42}C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\1joha\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{138DC914-6B66-4DDC-8CEF-CA4A2052E401}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{7FEF8AC0-702F-40AF-8ADE-7123310CE3A8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [TCP Query User{A958E46A-A509-47DF-874F-84BFBFF358EC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{92E1C1D4-8561-4C61-97CA-0A1918D888DE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{33C1D052-5764-4013-8A9E-C51B74213F4F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{C4C3BB95-968A-4AD2-97A0-DB0913164F54}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{BC202CD1-629D-4ED2-BC15-7006FD5CA676}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )
FirewallRules: [{BE041033-6AC3-4F8B-88C4-F23B0B02D42D}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
FirewallRules: [{0D23579D-6233-408F-80B4-159262FFBE19}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
FirewallRules: [{D431BC2B-9482-47BD-9462-D4F8F231A0F4}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
FirewallRules: [{B3FB89BD-0391-4F36-A45C-12CD863D0E2E}] => (Allow) C:\Program Files\Huawei\PCManager\HWVCR.exe (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:80 GB) (Free:18.47 GB) (23%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/17/2021 10:37:18 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 17 Nov 2021 09:37:17 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b60c5697-5d85-4f60-82ac-41cd5fe1a014
Method: GET(703ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (11/17/2021 08:35:43 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 17 Nov 2021 07:35:42 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 403c864b-243b-4580-94e6-25d75bf2944a
Method: GET(265ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (11/16/2021 08:21:43 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 16 Nov 2021 07:21:42 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: fddf420f-ee6b-41e4-8d84-6fbadd797299
Method: GET(328ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (11/15/2021 08:13:10 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 15 Nov 2021 07:13:09 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 09374ec2-dcb0-4d45-b589-b2a506c28e63
Method: GET(282ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (11/14/2021 04:24:30 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 14 Nov 2021 15:24:29 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: cb289eb7-31e8-47ac-a71e-2e408e3d3633
Method: GET(266ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (11/14/2021 08:21:25 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 14 Nov 2021 07:21:26 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 769e5968-2728-482d-95d0-5220c4dedd73
Method: GET(344ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (11/13/2021 08:30:43 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 13 Nov 2021 07:30:43 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 8d0fa8d7-db81-40df-b00b-5bf9c26506c1
Method: GET(265ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (11/13/2021 08:21:49 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-V5MMEJB2$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 13 Nov 2021 07:21:49 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b520637b-775c-4d83-8aab-72aa8f7feb8e
Method: GET(984ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
System errors:
=============
Error: (11/17/2021 10:37:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (11/17/2021 08:36:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (11/16/2021 10:14:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {924DC564-16A6-42EB-929A-9A61FA7DA06F} did not register with DCOM within the required timeout.
Error: (11/16/2021 10:14:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {924DC564-16A6-42EB-929A-9A61FA7DA06F} did not register with DCOM within the required timeout.
Error: (11/16/2021 04:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (11/16/2021 08:21:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (11/15/2021 05:56:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (11/15/2021 08:13:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Huawei OSD Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Windows Defender:
================
Date: 2021-11-17 11:03:14
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/DownloadSponsor&threatid=311978&enterprise=0
Name: PUADlManager:Win32/DownloadSponsor
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\$Recycle.Bin\S-1-5-21-2694351215-612894087-2333028821-1001\$RMUTMZA.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.353.1139.0, AS: 1.353.1139.0, NIS: 1.353.1139.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-17 10:42:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-17 10:05:18
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-17 10:05:04
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-17 10:04:51
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Event[0]:
Date: 2021-11-17 10:05:18
Description:
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\Physik.kurse\Windows_10_File_Explorer_App_CB-DL-Manager.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Action: Unknown
Action Status: No additional actions required
Error Code: 0x80508032
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-08-24 12:04:03
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.343.1691.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18300.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===============
Date: 2021-10-17 12:37:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive File Stream\51.0.16.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.
Date: 2021-10-13 14:07:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive File Stream\51.0.15.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: HUAWEI 1.11 12/04/2020
Motherboard: HUAWEI NBLK-WAX9X-PCB
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 75%
Total physical RAM: 7103.64 MB
Available physical RAM: 1774.84 MB
Total Virtual: 9407.64 MB
Available Virtual: 2316.22 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:80 GB) (Free:18.47 GB) NTFS
Drive d: (Data) (Fixed) (Total:142.86 GB) (Free:140.39 GB) NTFS
\\?\Volume{4116f9bd-f5f6-4e64-94b9-76dec10b897f}\ (WINPE) (Fixed) (Total:0.5 GB) (Free:0.02 GB) FAT32
\\?\Volume{1084e76a-7697-4e91-8685-1ca37a50ce51}\ (Onekey) (Fixed) (Total:14 GB) (Free:4.66 GB) NTFS
\\?\Volume{e641b57e-96df-42e0-bf98-3d99d5a316c7}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.52 GB) NTFS
\\?\Volume{e961dcd6-7d99-46a6-99ca-a27fd53da2e0}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6535F317)
Partition: GPT.
==================== End of Addition.txt ======================= --- --- --- Code:
Users shortcut scan result (x64) Version: 14-11-2021
Ran by 1joha (17-11-2021 11:12:01)
Running from C:\Users\1joha\Documents\Studium Marburg\Physik\1.Semester.Physik\ExpPhysik1
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\1joha\Links\Desktop.lnk -> C:\Users\1joha\Desktop ()
Shortcut: C:\Users\1joha\Links\Downloads.lnk -> C:\Users\1joha\Downloads ()
Shortcut: C:\Users\1joha\Desktop\balenaEtcher.lnk -> C:\Users\1joha\AppData\Local\Programs\balena-etcher\balenaEtcher.exe (Balena Inc.)
Shortcut: C:\Users\1joha\Desktop\Cisco Webex Meetings.lnk -> C:\Users\1joha\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\1joha\Desktop\Helicon 3D Viewer.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\Helicon3DViewer.exe ()
Shortcut: C:\Users\1joha\Desktop\Helicon Focus 7.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\HeliconFocus.exe (HeliconSoft Ltd)
Shortcut: C:\Users\1joha\Desktop\Helicon Remote.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\HeliconRemote.exe ()
Shortcut: C:\Users\1joha\Desktop\KeePass 2.lnk -> C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\Users\1joha\Desktop\Notion.lnk -> C:\Users\1joha\AppData\Local\Programs\Notion\Notion.exe (Notion Labs, Incorporated)
Shortcut: C:\Users\1joha\Desktop\Pictures - Shortcut.lnk -> C:\Users\1joha\Pictures ()
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk -> C:\Users\1joha\AppData\Local\Programs\balena-etcher\balenaEtcher.exe (Balena Inc.)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notion.lnk -> C:\Users\1joha\AppData\Local\Programs\Notion\Notion.exe (Notion Labs, Incorporated)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\1joha\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\1joha\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop-App\Cisco Webex Meetings.lnk -> C:\Users\1joha\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VideoSolo Blu-ray Player.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.exe (VideoSolo)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice\program\swriter.exe (The Document Foundation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Q Pilot - Client GUI.lnk -> C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe (Schomäcker GmbH)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe DNG Converter.lnk -> C:\Program Files\Adobe\Adobe DNG Converter\Adobe DNG Converter.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe (Google, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk -> C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk -> C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoSolo\VideoSolo Blu-ray Player\Uninstall.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoSolo\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.exe (VideoSolo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCrypt.lnk -> C:\Program Files\VeraCrypt\VeraCrypt.exe (IDRIX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCryptExpander.lnk -> C:\Program Files\VeraCrypt\VeraCryptExpander.exe (IDRIX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Association\SD Card Formatter\SD Card Formatter.lnk -> C:\Windows\Installer\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}\NewShortcut1_69C2B9A012C943F8B6BC658D1AC73474.exe (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q Pilot - Client\Q Pilot - Client deinstallieren.lnk -> C:\Program Files\Q Pilot - Client\uninstall.exe (Schomäcker GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q Pilot - Client\Q Pilot - Client GUI.lnk -> C:\Program Files\Q Pilot - Client\GUI\QPilot-Client-GUI.exe (Schomäcker GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Bearbeiten\PDF Bearbeiten entfernen.lnk -> C:\Program Files (x86)\PDFBearbeiten\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Bearbeiten\PDF Bearbeiten.lnk -> C:\Program Files (x86)\PDFBearbeiten\splash.exe (hxxp://www.PDFBearbeiten.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher\Minecraft Launcher.lnk -> C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Base.lnk -> C:\Program Files\LibreOffice\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Calc.lnk -> C:\Program Files\LibreOffice\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Draw.lnk -> C:\Program Files\LibreOffice\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Impress.lnk -> C:\Program Files\LibreOffice\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Math.lnk -> C:\Program Files\LibreOffice\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice.lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HUAWEI\PCManager\PC Manager.lnk -> C:\Program Files\Huawei\PCManager\PCManager.exe (Huawei Technologies Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\HeliconRemote.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Uninstall Helicon Remote.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote Help\English.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\help_black\english\HeliconRemote.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote Help\German.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\help_black\german\HeliconRemote.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Remote\Helicon Remote Help\Russian.lnk -> C:\Program Files (x86)\Helicon Software\Helicon Remote\help_black\russian\HeliconRemote.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Focus 7\Helicon 3D Viewer.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\Helicon3DViewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Focus 7\Helicon Focus 7.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\HeliconFocus.exe (HeliconSoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software\Helicon Focus 7\Uninstall Helicon Focus.lnk -> C:\Program Files\Helicon Software\Helicon Focus 7\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Web Service Registration Tool\EOS Web Service Registration Tool.lnk -> C:\Program Files (x86)\Canon\EOS Web Service Registration Tool\EOS Web Service Registration Tool.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility 2 - INFO.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EU2\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility 2.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EU2\EOS Utility 2.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility 3 - INFO.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EU3\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Network Setting Tool\EOS Network Setting Tool.lnk -> C:\Program Files (x86)\Canon\EOS Network Setting Tool\EOS Network Setting Tool.exe (Canon INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Lens Registration Tool\EOS Lens Registration Tool.lnk -> C:\Program Files (x86)\Canon\EOS Lens Registration Tool\EOS Lens Registration Tool.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Backup and Sync from Google.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\1joha\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\LibreOffice 6.4.lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\Public\Desktop\Minecraft Launcher.lnk -> C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang)
Shortcut: C:\Users\Public\Desktop\PDF Bearbeiten.lnk -> C:\Program Files (x86)\PDFBearbeiten\splash.exe (hxxp://www.PDFBearbeiten.net)
Shortcut: C:\Users\Public\Desktop\SD Card Formatter.lnk -> C:\Windows\Installer\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}\NewShortcut11_9F21041712364E7FBB19D6D84D3AFF1D.exe (Flexera Software LLC)
Shortcut: C:\Users\Public\Desktop\VeraCrypt.lnk -> C:\Program Files\VeraCrypt\VeraCrypt.exe (IDRIX)
ShortcutWithArgument: C:\Users\1joha\Desktop\Discord.lnk -> C:\Users\1joha\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\1joha\Desktop\Microsoft Teams.lnk -> C:\Users\1joha\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\1joha\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\1joha\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.) -> /AutoStartUp
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\1joha\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\1joha\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\1joha\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoSolo\VideoSolo Blu-ray Player\Visit Product.lnk -> C:\Program Files\VideoSolo Studio\VideoSolo Blu-ray Player\VideoSolo Blu-ray Player.exe (VideoSolo) -> --pop_product_url
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4\LibreOffice (Safe Mode).lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation) -> --safe-mode
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Google Docs.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe () -> --new_document
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Google Sheets.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe () -> --new_spreadsheet
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google\Google Slides.lnk -> C:\Program Files\Google\Drive\googledrivesync.exe () -> --new_presentation
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\Desktop\Google Docs.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () -> -open_gdocs_root
ShortcutWithArgument: C:\Users\Default\Desktop\Google Sheets.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () -> -open_gsheets_root
ShortcutWithArgument: C:\Users\Default\Desktop\Google Slides.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () -> -open_gslides_root
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\Users\1joha\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCrypt Website.url -> URL: hxxps://www.veracrypt.fr
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Bearbeiten\PDF Bearbeiten im Internet.url -> URL: hxxp://www.PDFBearbeiten.net
==================== End of Shortcut.txt ============================= |