Liebe Experten des Trojaner-Boards,

wir hatten eine merkwürdige Begebenheit auf dem Laptop meiner Tochter.

Der Laptop befand sich im Energie-Spar-Modus bzw Schlaf-Modus.
Als wir ihn wieder erweckt haben waren eine Vielzahl an Programmen geöffnet. Auch Programme, die wir nie geöffnet hatten.

Das ganze kommt mir sehr komisch vor.
Wir haben dann einen mbam Scan durchgeführt -ohne Funde-
Was können wir noch überprüfen?

Könntet ihr uns bitte helfen, um sicher zu sein, dass das System sauber ist?

Ganz vielen Dank.
Lions

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 27/03/2023
Scan Time: 17:38
Log File: 70b4e664-ccb5-11ed-b99c-3497f6c9bd37.json

-Software Information-
Version: 4.5.25.256
Components Version: 1.0.1957
Update Package Version: 1.0.67218
Licence: Free

-System Information-
OS: Windows 10 (Build 19045.2728)
CPU: x64
File System: NTFS
User: DESKTOP-Cata

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 335911
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 12 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
         

Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen.


Bitte lesen:
Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
Nur mit den passenden Informationen (Logdateien von FRST) können wir helfen.

Vielen Dank für deine Mitarbeit!

Hallo Matthias,

ganz vielen Dank für deine Rückmeldung.
Die log-Datei von mbam hatte ich ja schon gepostet.

Hier die FRST.txt

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-03-2023
Ran by Cata (administrator) on DESKTOP-Cata (ASUSTeK COMPUTER INC. X540LA) (27-03-2023 21:32:31)
Running from C:\Users\Cata\Downloads
Loaded Profiles: Cata
Platform: Microsoft Windows 10 Home Version 22H2 19045.2728 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTek Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(explorer.exe ->) (Grammarly, Inc. -> ) C:\Users\Cata\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Cata\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(svchost.exe ->) (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [138214768 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [4140448 2023-03-08] (Opera Norway AS -> Opera Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [Dashlane] => C:\Users\Cata\AppData\Roaming\Dashlane\Dashlane.exe [321208 2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [DashlanePlugin] => C:\Users\Cata\AppData\Roaming\Dashlane\DashlanePlugin.exe [342200 2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Cata\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-03-27] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123262392 2023-03-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [MicrosoftEdgeAutoLaunch_1F40448FB046D7FD996FC0397A6B4580] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4055952 2023-03-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [Grammarly] => C:\Users\Cata\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [952240 2023-03-18] (Grammarly, Inc. -> )
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\MountPoints2: {717bcdba-59a6-11ec-898a-3497f6c9bd37} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\MountPoints2: {717bcdc9-59a6-11ec-898a-3497f6c9bd37} - "E:\HiSuiteDownLoader.exe" 
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B1214B-2CE0-4047-B4D5-238360E7806B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {0ADBA16A-BA15-4A2A-A284-5551953D33FD} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {0D29DF73-2D54-4FE3-87EC-B0457A1CF3BE} - System32\Tasks\Avira_FallbackUpdater => C:\WINDOWS\system32\sc.exe start AviraFallbackUpdater Delayed=false
Task: {11E7FF5E-E9E7-4DF7-9F62-9436B949D2C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C2E9C3E-CEFF-42F8-9BDD-111683298AB6} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54784 2015-12-02] (ASUS) [File not signed]
Task: {26B5F02F-B3A4-43B1-A587-3555A2459B82} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58352 2023-03-11] (HP Inc. -> HP Inc.)
Task: {2BF8374A-5566-4B0C-8900-03D9A69994DE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {390CA7D1-2F7F-4943-ACF1-9D1C21888DC7} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [676768 2023-03-24] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {39CD21EB-35CB-4512-AA79-269F27FC6E2F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3B74F60F-3C6F-4CB5-9BFC-BD9FC92819BA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {40C16C89-5B22-4B8C-9C81-473B802B8152} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {43A41C9B-A07E-48AC-A7F8-842790E47BF2} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826328 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {46DCF2F3-F4F0-4F4B-964E-2E4D55DFF739} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe /RunUsoScanOnly (No File)
Task: {47FA5786-D214-47CE-9D09-3E307A72A9FC} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18352 2019-08-19] (ASUSTek Computer Inc. -> AsusTek)
Task: {48D15216-6B7C-47F4-854D-EAB4EC0C4073} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4ABBF0A5-CBFA-438D-803E-32821EDF26A9} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58352 2023-03-11] (HP Inc. -> HP Inc.)
Task: {5365D1B5-E050-4D5E-B386-8A29115A0649} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe [481128 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5B3C9DE2-A42D-4A6A-994D-63635C23F823} - System32\Tasks\Opera scheduled Autoupdate 1480457874 => C:\Program Files (x86)\Opera\launcher.exe [1987992 2023-03-15] (Opera Norway AS -> Opera Software)
Task: {6430CC72-EBF8-4F8C-AF87-2CCE1878ED23} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1616160 2016-01-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {6A58FB16-4D10-4607-AE9D-2675C09B7B6F} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2015-11-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {751032FB-518B-42B1-84EC-DAFF4695A73D} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe [514408 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {7CEC2F10-58E3-4D09-A086-BE693F6FCB91} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {8616B648-256E-4DCA-90D7-ABE1C3761601} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1814736 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {884871D2-E917-436F-AB7A-7CF9724E2DB5} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [260384 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {889C0FC1-9BB2-49A6-B03E-4984B9708D3B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {9D5FDB5A-F7AA-4C5C-8791-E03F4FE330E6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A17AE959-DDC8-4089-B670-F35D7E020010} - System32\Tasks\Opera scheduled assistant Autoupdate 1582738578 => C:\Program Files (x86)\Opera\launcher.exe [1987992 2023-03-15] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
Task: {A2AB61D5-D872-47C1-967A-EAD1E3C91A7B} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
Task: {B62CB473-29E4-477C-BE1B-61092EC98C07} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {B972E997-38A0-4D72-B294-E87F9DD25B1F} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {B972E997-38A0-4D72-B294-E87F9DD25B1F} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {B972E997-38A0-4D72-B294-E87F9DD25B1F} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {D363A69D-8BB5-44B2-BCAC-72ECC923C203} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [35437192 2023-02-07] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {E071B35B-AB9F-4248-B33B-F85644F304DA} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [718752 2023-03-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {F15E3967-4A1D-48F2-A327-1A2D2C3A73FB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {FC53ECBA-AC5F-4EEE-8B3F-39006CA50C01} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [585000 2016-09-21] (Dropbox, Inc -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51ac0c8a-e5bf-49a9-b6f9-b4b034584af2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b257ad35-6de8-44bd-bbbc-1a4ee8e3f5e3}: [DhcpNameServer] 40.51.1.12

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Cata\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-27]

FireFox:
========
FF DefaultProfile: zsmxv1ls.default
FF ProfilePath: C:\Users\Cata\AppData\Roaming\Mozilla\Firefox\Profiles\zsmxv1ls.default [2023-03-27]
FF NetworkProxy: Mozilla\Firefox\Profiles\zsmxv1ls.default -> socks_version", 4
FF Extension: (uBlock Origin) - C:\Users\Cata\AppData\Roaming\Mozilla\Firefox\Profiles\zsmxv1ls.default\Extensions\uBlock0@raymondhill.net.xpi [2023-03-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-28] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-28] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-02-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] (WildTangent Inc -> )

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

Opera: 
=======
OPR Profile: C:\Users\Cata\AppData\Roaming\Opera Software\Opera Stable [2023-03-19]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6515704 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [386864 2022-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [266416 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [296432 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512768 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
S2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8954232 2023-03-23] (Avira Operations GmbH -> Avira Operations GmbH)
R3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8954232 2023-03-23] (Avira Operations GmbH -> Avira Operations GmbH)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent Inc -> WildTangent)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229360 2023-03-11] (HP Inc. -> HP Inc.)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9094440 2023-03-27] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-27] (Microsoft Windows -> Microsoft Corporation)
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-08-26] (LULU Software -> LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-08-26] (LULU Software -> LULU SOFTWARE LIMITED)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 AsusSGDrv; C:\WINDOWS\System32\drivers\AsusSGDrv.sys [139008 2019-08-19] (ASUSTek Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [190712 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [263000 2023-01-31] (Avira Operations GmbH -> Avira Operations GmbH)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-01] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [100128 2022-06-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28632 2023-03-23] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH)
R2 rtp_filesystem_filter; C:\WINDOWS\System32\DRIVERS\rtp_filesystem_filter.sys [229840 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_process_monitor; C:\WINDOWS\system32\DRIVERS\rtp_process_monitor.sys [227360 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\WINDOWS\system32\DRIVERS\rtp_traverse.sys [67272 2023-03-11] (Avira Operations GmbH -> Avira Operations GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-27 21:32 - 2023-03-27 21:33 - 000030064 _____ C:\Users\Cata\Downloads\FRST.txt
2023-03-27 21:31 - 2023-03-27 21:33 - 000000000 ____D C:\FRST
2023-03-27 21:31 - 2023-03-27 21:31 - 002379264 _____ (Farbar) C:\Users\Cata\Downloads\FRST64.exe
2023-03-27 18:03 - 2023-03-27 18:03 - 000001237 _____ C:\Users\Cata\Desktop\mbam.txt
2023-03-24 21:34 - 2023-03-27 15:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2023-03-20 20:07 - 2023-03-20 20:07 - 000003888 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Maintenance
2023-03-20 20:07 - 2023-03-20 20:07 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-03-20 20:07 - 2023-03-20 20:07 - 000002818 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Systray
2023-03-14 22:13 - 2023-03-14 22:13 - 000000000 ___HD C:\$WinREAgent
2023-03-05 00:24 - 2023-03-19 18:24 - 000000032 _____ C:\WINDOWS\system32\rtp.db

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-27 21:31 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-03-27 21:30 - 2022-02-11 23:54 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-03-27 21:29 - 2020-10-24 02:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-03-27 21:29 - 2016-11-30 00:25 - 000000000 ____D C:\Users\Cata\AppData\LocalLow\Mozilla
2023-03-27 21:29 - 2016-11-29 23:59 - 000000166 _____ C:\Users\Cata\AppData\Roaming\sp_data.sys
2023-03-27 18:04 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-27 18:04 - 2016-11-30 00:01 - 000000000 ___RD C:\Users\Cata\OneDrive
2023-03-27 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-03-27 17:27 - 2022-10-16 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2023-03-27 17:26 - 2019-11-30 18:07 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2023-03-27 17:25 - 2017-09-24 20:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-03-27 17:25 - 2016-11-29 23:58 - 000000000 __SHD C:\Users\Cata\IntelGraphicsProfiles
2023-03-27 17:22 - 2020-12-16 20:36 - 000002385 _____ C:\Users\Cata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2023-03-27 17:22 - 2020-12-16 20:36 - 000002377 _____ C:\Users\Cata\Desktop\Microsoft Teams.lnk
2023-03-27 15:23 - 2016-11-30 00:07 - 000002437 _____ C:\Users\Cata\Desktop\GuruShots.lnk
2023-03-27 15:02 - 2021-10-10 15:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-03-27 15:02 - 2016-11-30 00:24 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-03-27 15:02 - 2016-11-30 00:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-03-27 14:58 - 2016-11-30 00:19 - 000000000 ____D C:\ProgramData\MAGIX
2023-03-27 14:58 - 2016-11-30 00:11 - 000000000 ____D C:\Users\Cata\AppData\Roaming\MAGIX
2023-03-27 14:52 - 2020-11-19 17:35 - 000000000 ____D C:\Users\Cata\AppData\Local\CrashDumps
2023-03-27 14:52 - 2016-11-30 00:11 - 000000000 ___RD C:\Users\Cata\Documents\MAGIX
2023-03-27 14:47 - 2017-03-12 22:45 - 000000000 ____D C:\Users\Cata\AppData\Roaming\vlc
2023-03-26 13:47 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-26 12:49 - 2020-06-20 11:20 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-26 12:49 - 2020-06-20 11:20 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-03-24 21:36 - 2021-12-12 00:19 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2060603314-2135344334-1861708809-1001
2023-03-24 21:36 - 2020-10-24 02:37 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2060603314-2135344334-1861708809-1001
2023-03-24 21:36 - 2020-10-24 02:29 - 000002394 _____ C:\Users\Cata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-23 21:43 - 2022-07-01 16:29 - 000028632 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_elam.sys
2023-03-22 12:40 - 2022-12-14 23:55 - 000001438 _____ C:\Users\Cata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2023-03-22 12:40 - 2022-12-14 23:55 - 000001430 _____ C:\Users\Cata\Desktop\Grammarly.lnk
2023-03-21 22:06 - 2021-11-27 13:08 - 000001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2023-03-21 22:06 - 2020-10-24 02:37 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1480457874
2023-03-21 22:06 - 2016-11-30 00:15 - 000000000 ____D C:\Program Files (x86)\Opera
2023-03-20 20:07 - 2021-04-15 16:29 - 000001080 _____ C:\Users\Public\Desktop\Avira.lnk
2023-03-20 20:07 - 2021-04-15 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2023-03-20 20:07 - 2020-10-24 02:37 - 000003474 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2023-03-19 20:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2023-03-19 20:35 - 2022-10-15 11:36 - 000000000 ____D C:\Users\Cata\AppData\Roaming\Scratch
2023-03-19 18:32 - 2020-10-24 02:31 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-19 18:24 - 2020-10-24 02:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-19 18:24 - 2020-10-24 02:27 - 000924656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-03-19 18:24 - 2020-10-24 02:27 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-19 18:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-03-19 18:24 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-03-19 18:24 - 2016-03-24 14:06 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-03-19 18:24 - 2016-03-24 14:06 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-03-19 18:24 - 2016-03-24 14:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-03-19 18:23 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-18 01:05 - 2020-10-24 02:37 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-18 01:05 - 2020-10-24 02:37 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-16 22:51 - 2016-08-06 04:18 - 000000000 ____D C:\Program Files\Microsoft Office
2023-03-16 22:23 - 2022-07-01 16:29 - 000229840 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_filesystem_filter.sys
2023-03-16 22:23 - 2022-07-01 16:29 - 000227360 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_process_monitor.sys
2023-03-16 22:23 - 2022-07-01 16:29 - 000190712 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\BdNet.sys
2023-03-16 22:19 - 2022-12-14 23:28 - 000003702 _____ C:\WINDOWS\system32\Tasks\Avira_FallbackUpdater
2023-03-14 22:31 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-03-14 22:26 - 2020-10-24 02:28 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-03-14 22:12 - 2016-11-30 01:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-03-14 22:04 - 2016-11-30 01:10 - 153620824 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-03-11 18:26 - 2021-06-01 19:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-03-11 18:26 - 2020-11-29 14:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-03-11 14:59 - 2022-07-01 16:29 - 000067272 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_traverse.sys
2023-03-11 14:57 - 2021-07-08 19:51 - 000004194 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1582738578
2023-03-11 14:53 - 2018-09-27 18:11 - 000000000 ____D C:\Users\Cata\AppData\Local\PlaceholderTileLogoFolder
2023-03-07 14:05 - 2021-02-19 20:21 - 000000000 ____D C:\Users\Cata\Desktop\Documents Cata
2023-03-07 13:56 - 2018-02-01 18:32 - 000000000 ____D C:\Users\Cata\AppData\Local\Packages
2023-03-05 16:55 - 2020-10-24 02:37 - 000004008 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2023-03-05 16:55 - 2020-10-24 02:37 - 000003776 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2023-03-05 00:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-03-05 00:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-03-05 00:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-28 13:06 - 2020-04-03 16:31 - 000000000 ____D C:\Users\Cata\Desktop\Usborne
2023-02-25 23:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories ========

2016-11-29 23:59 - 2023-03-27 21:29 - 000000166 _____ () C:\Users\Cata\AppData\Roaming\sp_data.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         

und Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-03-2023
Ran by Cata (27-03-2023 21:34:37)
Running from C:\Users\Cata\Downloads
Microsoft Windows 10 Home Version 22H2 19045.2728 (X64) (2020-10-24 00:38:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2060603314-2135344334-1861708809-500 - Administrator - Disabled)
Cata (S-1-5-21-2060603314-2135344334-1861708809-1001 - Administrator - Enabled) => C:\Users\Cata
DefaultAccount (S-1-5-21-2060603314-2135344334-1861708809-503 - Limited - Disabled)
Guest (S-1-5-21-2060603314-2135344334-1861708809-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2060603314-2135344334-1861708809-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {01FE2687-64F7-71F3-C6DE-CC8345F96725}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539}
FW: Avira Security (Enabled) {877B141C-E73B-9A54-223E-108CC963426A}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Ashampoo Photo Optimizer 6 (HKLM-x32\...\{91B33C97-546E-E89A-9F44-0BB2D57DBE96}_is1) (Version: 6.0.20 - Ashampoo GmbH & Co. KG)
Ashampoo ZIP Pro (HKLM-x32\...\{0A11EA01-70D5-56D4-0D19-0C45A40FEE08}_is1) (Version: 1.0.5 - Ashampoo GmbH & Co. KG)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.24 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0042 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.85.4 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.24.0.14 - Avira Operations GmbH) Hidden
BBC News (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\BBC News) (Version:  - BBC.)
Coursera (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Coursera) (Version:  - Coursera Inc.)
Dashlane (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Dashlane) (Version: 6.2148.0.52031 - Dashlane, Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.733.1 - Dropbox, Inc.) Hidden
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2206.3019 - Avira Operations GmbH & Co. KG) Hidden
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Grammarly for Windows (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Grammarly Desktop Integrations) (Version: 1.0.27.421 - )
GuruShots (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\GuruShots) (Version:  - GuruShots Ltd.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5BD7E621-9791-4D9F-A620-1BA51153B749}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A53B7EAB-86BD-4F16-8C44-011B1376326A}) (Version: 11.0.0.1162 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{555B1C57-E71B-4775-BC1D-627EEF693F0D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5107 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{CBD9BDB2-3126-4756-A03A-621CCF87C188}) (Version: 1.1.253.0 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 7.2.4.1 (HKLM\...\{BB7C5E72-36E2-4455-96F7-2DC1D9586AF4}) (Version: 7.2.4.1 - The Document Foundation)
MAGIX Movie Edit Pro 2016 Plus (HKLM\...\{003105FB-9F55-40F4-8005-B28E6A48715D}) (Version: 15.0.0.90 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Plus (HKLM\...\MX.{003105FB-9F55-40F4-8005-B28E6A48715D}) (Version: 15.0.0.90 - MAGIX Software GmbH)
MAGIX Speed burnR (HKLM\...\{ED59AC14-BD3F-41F2-AAC4-8FA1B4225E1A}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{ED59AC14-BD3F-41F2-AAC4-8FA1B4225E1A}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malwarebytes version 4.5.25.256 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.25.256 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16130.20306 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16130.20306 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.54 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\OneDriveSetup.exe) (Version: 23.048.0305.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Movavi Screen Capture Studio 7 (HKLM-x32\...\Movavi Screen Capture Studio 7) (Version: 7.3.0 - Movavi)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 111.0.1 (x64 en-GB)) (Version: 111.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 111.0.1.8480 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 96.0.4693.80 (HKLM-x32\...\Opera 96.0.4693.80) (Version: 96.0.4693.80 - Opera Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.27054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
Sapientino Manager new (HKLM\...\Sapientino Manager new) (Version: 1.8 - Clementoni S.p.A.)
Scratch 3 3.29.1 (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\bad79d23-e888-5a7b-9e99-60ee89b6c8bf) (Version: 3.29.1 - Scratch Foundation)
Skype version 8.95 (HKLM-x32\...\Skype_is1) (Version: 8.95 - Skype Technologies S.A.)
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.49.26236 - LULU Software Limited)
Soda PDF 8 View Module (HKLM\...\{A6FCDFBB-1286-4537-BECF-12B42FADDFD8}) (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Solomon Coder (HKLM-x32\...\Solomon) (Version:  - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.30767 - Microsoft Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.8 - WildTangent)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\ZoomUMX) (Version: 5.13.7 (12602) - Zoom Video Communications, Inc.)

Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Corporation)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.239.500.0_x64__kgqvnymyfvs32 [2023-03-25] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_143.1.1136.0_x64__v10z8vjag6ke6 [2023-03-11] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-27] (MAGIX)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-04-29] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-19] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-27] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-19] (Microsoft Studios) [MS Ad]
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-30] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-25] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-25] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2060603314-2135344334-1861708809-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Cata\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2060603314-2135344334-1861708809-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Cata\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] (Notepad++ -> )
ContextMenuHandlers1-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT64.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-12-10] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSContextMenu.dll [2015-12-24] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers6-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT64.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Cata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7634a48803fa655b\ASUS GIFTBOX.lnk -> C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTek Computer Inc) -> --user-data-dir="C:\Users\Cata\AppData\Local\ASUS GIFTBOX\User Data" --profile-directory=Default --app-id=gicdkbgeaegfghgkdgaejkfeppmlobel

==================== Loaded Modules (Whitelisted) =============

2015-12-02 19:01 - 2015-12-02 19:01 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2015-04-22 15:59 - 2015-04-22 15:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2023-03-05 22:09 - 2023-03-05 22:09 - 003091456 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\b8ec60ab4661773ae9ca3c256f66d21e\Newtonsoft.Json.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Cata\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Cata\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\sharepoint.com -> hxxps://leonardodavincis-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cata\Desktop\FOTO\New folder cate\Agosto 2018\20180828_154203.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{52C4E369-C864-4CB0-A8F6-EB960B62FD0A}C:\users\cata\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\cata\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F84CE1A5-923D-4FD9-9A7A-E20CD4DEFE54}C:\users\cata\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\cata\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DE022C69-2665-478D-B968-D839881F288C}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{BCF5B0E5-B25D-4C8C-92C9-A0C505909E70}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8A3455F1-8D3E-43A7-AD4B-5B152F1DC0A0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A93CBA76-335C-4372-9A92-70990CE0E7E7}] => (Allow) C:\Program Files\MAGIX\Movie Edit Pro 2016 Plus\Videodeluxe.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{C4A425FB-AC52-4AC4-BB96-5259F61180F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7CBF172B-D5D7-4485-9055-42F7FEB89318}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0D8C5C25-1C49-4D61-B3D1-A66FD41694CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{22E8B359-5CF5-4A9E-B44A-F7A9ABEAC14E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E7981930-D732-4E87-ADCB-3EC7498C1F68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{254E0D69-AA54-45B5-ADA9-09629EB30614}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{96DEBB91-D264-4ADB-8646-C9F986435EB0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{545EF7A6-6DFE-416E-9D37-C078325CE4CC}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8C5252BE-BEAE-4B3E-B96B-78DEF08ECA25}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{29C55AEF-5C62-42DD-A7DC-969F753C8158}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8DBCD9A9-29D5-465E-87DE-6AA60478A5F9}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{A678DD79-2581-432C-B24C-92E7298C17F4}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{3C17A41D-0E5A-4246-9A4C-EACF9C95A52B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [TCP Query User{B0D1A315-A6BF-4785-8066-A6154E60597D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9B40776E-76AF-47A2-B433-367D523BE0B5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{361BCD4A-B992-4371-9235-63DAE3532D9B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D45A5C5-881D-467C-B68F-85209BAA8633}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4566C4F-98E2-4F9D-8A75-652D798811BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6B2CFE62-EEBF-43F9-851F-FE9893EA27C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{426E421B-D0F3-489D-903D-5A95EE4661FA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{10334F47-CEA1-4DDA-95A8-A5D1E30A9A9D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06710FEC-4FA5-422E-A4B7-CCFED5FEF662}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C0E0CF00-EC50-49DB-B06A-86DB5BBD0B3A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6E5FBEA-02E8-4B0C-8584-3A930F8A775A}] => (Allow) C:\Program Files (x86)\Opera\96.0.4693.50\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{3E4D987A-AA0E-4BED-91DB-1C572AE2248B}] => (Allow) C:\Program Files (x86)\Opera\96.0.4693.80\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{90021BFB-C11B-4FD8-9FED-A022D1010655}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9256E7AB-5781-4D03-A7A5-530AEDB1D37A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3090B800-D80C-4070-9565-1B9340890E0D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.14 GB) (Free:18.27 GB) (15%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/27/2023 05:55:46 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (03/27/2023 05:55:46 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll

Error: (03/27/2023 05:55:42 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (03/27/2023 05:55:42 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll

Error: (03/27/2023 05:55:38 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (03/27/2023 05:55:38 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll

Error: (03/27/2023 05:55:36 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (03/27/2023 05:55:36 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll


System errors:
=============
Error: (03/19/2023 06:47:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/19/2023 06:33:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/19/2023 06:24:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/19/2023 06:24:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.

Error: (03/18/2023 01:38:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.

Error: (03/18/2023 01:31:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/18/2023 01:20:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/11/2023 03:25:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.


CodeIntegrity:
===============
Date: 2023-03-27 21:36:21
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-03-27 17:51:12
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. X540LA.204 03/14/2016
Motherboard: ASUSTeK COMPUTER INC. X540LA
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 80%
Total physical RAM: 3997.44 MB
Available physical RAM: 780.58 MB
Total Virtual: 8605.44 MB
Available Virtual: 2437.62 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.14 GB) (Free:18.27 GB) (Model: SanDisk SD8SBAT128G1002) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2f214078-bc45-4636-8a8d-03edb5589fd4}\ () (Fixed) (Total:0.84 GB) (Free:0.35 GB) NTFS
\\?\Volume{e3ee487c-6c0c-4a3f-aa3b-99a767d72387}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: A074D5FC)

Partition: GPT.

==================== End of Addition.txt =======================
         

Die Logdateien sehen sauber aus.
An Malware liegt die von dir beschriebene Situation bezüglich des Schlafmodus nicht.

Ich verschiebe das Thema in den Windowsbereich.

Mal den Windows Schnellstart in den Energieoptionen abschalten.

Zitat:

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 7.2.4.1 (HKLM\...\{BB7C5E72-36E2-4455-96F7-2DC1D9586AF4}) (Version: 7.2.4.1 - The Document Foundation)
Skype version 8.95 (HKLM-x32\...\Skype_is1) (Version: 8.95 - Skype Technologies S.A.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Zoom (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\ZoomUMX) (Version: 5.13.7 (12602) - Zoom Video Communications, Inc.)

Alles teils gefährlich veraltet. Und dann auch noch als Plugins im Browser eingebunden:

Zitat:

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-28] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)

Teils acht Jahre alte Softwareversionen.

Systempflege!

Zitat:

Zitat von mmk

Systempflege!

Interessiert niemanden! Denn:

Zitat:

AV: Avira Security (Enabled - Up to date) {01FE2687-64F7-71F3-C6DE-CC8345F96725}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539

Man hat den roten Regenschirm und das reicht

Rot beschirmt ist halb gecrasht.

Zitat:

Zitat von mmk

Rot beschirmt ist halb gecrasht.

Naja, Systempflege unter Windows ist allgemein schon sehr schwierig. Fehlende Paketverwaltung. Und wirklich sinnvolle Helferlein wie zB chocolatey, davon hört die breite Masse einfach nix. Hauptsache man ist rot beschirmt, gelb bepestet oder sonst wird nach Viren gesucht. Dann interessiert sich auch keine Sau mehr für Updates außerhalb des OS oder gar für Backups.

Man könnte meinen, dass das ganze Ökosystem "Windows" kaputt sei.

Danke für die Hilfe.
Ich bin erstmal sehr froh, das das System sauber von Malware ist.

Und dann noch einen großen großen Dank an euch im Windows-Bereich.
Ich habe die Sachen upgedatet bzw uninstalliert.

Was mache ich denn, falls es regnet, und ich dann keinen roten Schirm habe?
Wer schützt mich dann? Was gibts denn da für Möglichkeiten?

Zitat:

Zitat von Lions

Wer schützt mich dann?

Der Windows Defender, ganz automatisch.

Zitat:

Zitat von Lions

Was mache ich denn, falls es regnet, und ich dann keinen roten Schirm habe?
Wer schützt mich dann? Was gibts denn da für Möglichkeiten?

Ist eigentlich ganz einfach. Was du mit dem Regenschirm machst ist folgendes: du installierst einfach ein Programm und übergibst diesem die gesamte Verantwortung für alles.

So wird das aber irgendwann ganz sicher schiefgehen. Was man machen muss ist, selbst das Heft in die Hand zu nehmen, statt einfach nur Virenscanner und das wars dann. Also Wissen aneignen, Windows nicht zumüllen, also nur die Programme installieren die man braucht und diese sowie Windows immer zeitnah und regelmäßig aktualisieren. Ebenso müssen zeitnah und regelmäßig Backups erstellt und nach dem Vorgang sicher verwahrt werden.

Das mal nur als (unvollständige) Kurzform. Mehr kannst du im u.g. Lesestoff lesen - und dann ist auch ein schlangenöliger Virenscanner nicht mehr nötig.

Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners