Hallo Matthias,
ganz vielen Dank für deine Rückmeldung.
Die log-Datei von mbam hatte ich ja schon gepostet.
Hier die FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-03-2023
Ran by Cata (administrator) on DESKTOP-Cata (ASUSTeK COMPUTER INC. X540LA) (27-03-2023 21:32:31)
Running from C:\Users\Cata\Downloads
Loaded Profiles: Cata
Platform: Microsoft Windows 10 Home Version 22H2 19045.2728 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTek Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(explorer.exe ->) (Grammarly, Inc. -> ) C:\Users\Cata\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Cata\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(svchost.exe ->) (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [138214768 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [4140448 2023-03-08] (Opera Norway AS -> Opera Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [Dashlane] => C:\Users\Cata\AppData\Roaming\Dashlane\Dashlane.exe [321208 2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [DashlanePlugin] => C:\Users\Cata\AppData\Roaming\Dashlane\DashlanePlugin.exe [342200 2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Cata\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-03-27] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123262392 2023-03-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [MicrosoftEdgeAutoLaunch_1F40448FB046D7FD996FC0397A6B4580] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4055952 2023-03-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Run: [Grammarly] => C:\Users\Cata\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [952240 2023-03-18] (Grammarly, Inc. -> )
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\MountPoints2: {717bcdba-59a6-11ec-898a-3497f6c9bd37} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\MountPoints2: {717bcdc9-59a6-11ec-898a-3497f6c9bd37} - "E:\HiSuiteDownLoader.exe"
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02B1214B-2CE0-4047-B4D5-238360E7806B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {0ADBA16A-BA15-4A2A-A284-5551953D33FD} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {0D29DF73-2D54-4FE3-87EC-B0457A1CF3BE} - System32\Tasks\Avira_FallbackUpdater => C:\WINDOWS\system32\sc.exe start AviraFallbackUpdater Delayed=false
Task: {11E7FF5E-E9E7-4DF7-9F62-9436B949D2C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C2E9C3E-CEFF-42F8-9BDD-111683298AB6} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54784 2015-12-02] (ASUS) [File not signed]
Task: {26B5F02F-B3A4-43B1-A587-3555A2459B82} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58352 2023-03-11] (HP Inc. -> HP Inc.)
Task: {2BF8374A-5566-4B0C-8900-03D9A69994DE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {390CA7D1-2F7F-4943-ACF1-9D1C21888DC7} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [676768 2023-03-24] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {39CD21EB-35CB-4512-AA79-269F27FC6E2F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3B74F60F-3C6F-4CB5-9BFC-BD9FC92819BA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {40C16C89-5B22-4B8C-9C81-473B802B8152} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {43A41C9B-A07E-48AC-A7F8-842790E47BF2} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826328 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {46DCF2F3-F4F0-4F4B-964E-2E4D55DFF739} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe /RunUsoScanOnly (No File)
Task: {47FA5786-D214-47CE-9D09-3E307A72A9FC} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18352 2019-08-19] (ASUSTek Computer Inc. -> AsusTek)
Task: {48D15216-6B7C-47F4-854D-EAB4EC0C4073} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4ABBF0A5-CBFA-438D-803E-32821EDF26A9} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58352 2023-03-11] (HP Inc. -> HP Inc.)
Task: {5365D1B5-E050-4D5E-B386-8A29115A0649} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe [481128 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5B3C9DE2-A42D-4A6A-994D-63635C23F823} - System32\Tasks\Opera scheduled Autoupdate 1480457874 => C:\Program Files (x86)\Opera\launcher.exe [1987992 2023-03-15] (Opera Norway AS -> Opera Software)
Task: {6430CC72-EBF8-4F8C-AF87-2CCE1878ED23} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1616160 2016-01-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {6A58FB16-4D10-4607-AE9D-2675C09B7B6F} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2015-11-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {751032FB-518B-42B1-84EC-DAFF4695A73D} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe [514408 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {7CEC2F10-58E3-4D09-A086-BE693F6FCB91} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {8616B648-256E-4DCA-90D7-ABE1C3761601} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1814736 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {884871D2-E917-436F-AB7A-7CF9724E2DB5} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [260384 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {889C0FC1-9BB2-49A6-B03E-4984B9708D3B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {9D5FDB5A-F7AA-4C5C-8791-E03F4FE330E6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A17AE959-DDC8-4089-B670-F35D7E020010} - System32\Tasks\Opera scheduled assistant Autoupdate 1582738578 => C:\Program Files (x86)\Opera\launcher.exe [1987992 2023-03-15] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
Task: {A2AB61D5-D872-47C1-967A-EAD1E3C91A7B} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
Task: {B62CB473-29E4-477C-BE1B-61092EC98C07} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {B972E997-38A0-4D72-B294-E87F9DD25B1F} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {B972E997-38A0-4D72-B294-E87F9DD25B1F} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {B972E997-38A0-4D72-B294-E87F9DD25B1F} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {D363A69D-8BB5-44B2-BCAC-72ECC923C203} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [35437192 2023-02-07] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {E071B35B-AB9F-4248-B33B-F85644F304DA} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [718752 2023-03-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {F15E3967-4A1D-48F2-A327-1A2D2C3A73FB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {FC53ECBA-AC5F-4EEE-8B3F-39006CA50C01} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [585000 2016-09-21] (Dropbox, Inc -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51ac0c8a-e5bf-49a9-b6f9-b4b034584af2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b257ad35-6de8-44bd-bbbc-1a4ee8e3f5e3}: [DhcpNameServer] 40.51.1.12
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Cata\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-27]
FireFox:
========
FF DefaultProfile: zsmxv1ls.default
FF ProfilePath: C:\Users\Cata\AppData\Roaming\Mozilla\Firefox\Profiles\zsmxv1ls.default [2023-03-27]
FF NetworkProxy: Mozilla\Firefox\Profiles\zsmxv1ls.default -> socks_version", 4
FF Extension: (uBlock Origin) - C:\Users\Cata\AppData\Roaming\Mozilla\Firefox\Profiles\zsmxv1ls.default\Extensions\uBlock0@raymondhill.net.xpi [2023-03-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-28] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-28] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-02-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] (WildTangent Inc -> )
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
OPR Profile: C:\Users\Cata\AppData\Roaming\Opera Software\Opera Stable [2023-03-19]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6515704 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [386864 2022-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [266416 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [296432 2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512768 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-21] (Dropbox, Inc -> Dropbox, Inc.)
S2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8954232 2023-03-23] (Avira Operations GmbH -> Avira Operations GmbH)
R3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8954232 2023-03-23] (Avira Operations GmbH -> Avira Operations GmbH)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent Inc -> WildTangent)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229360 2023-03-11] (HP Inc. -> HP Inc.)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9094440 2023-03-27] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-27] (Microsoft Windows -> Microsoft Corporation)
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-08-26] (LULU Software -> LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-08-26] (LULU Software -> LULU SOFTWARE LIMITED)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 AsusSGDrv; C:\WINDOWS\System32\drivers\AsusSGDrv.sys [139008 2019-08-19] (ASUSTek Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [190712 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [263000 2023-01-31] (Avira Operations GmbH -> Avira Operations GmbH)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [100128 2022-06-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28632 2023-03-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
R2 rtp_filesystem_filter; C:\WINDOWS\System32\DRIVERS\rtp_filesystem_filter.sys [229840 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_process_monitor; C:\WINDOWS\system32\DRIVERS\rtp_process_monitor.sys [227360 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\WINDOWS\system32\DRIVERS\rtp_traverse.sys [67272 2023-03-11] (Avira Operations GmbH -> Avira Operations GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-03-27 21:32 - 2023-03-27 21:33 - 000030064 _____ C:\Users\Cata\Downloads\FRST.txt
2023-03-27 21:31 - 2023-03-27 21:33 - 000000000 ____D C:\FRST
2023-03-27 21:31 - 2023-03-27 21:31 - 002379264 _____ (Farbar) C:\Users\Cata\Downloads\FRST64.exe
2023-03-27 18:03 - 2023-03-27 18:03 - 000001237 _____ C:\Users\Cata\Desktop\mbam.txt
2023-03-24 21:34 - 2023-03-27 15:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2023-03-20 20:07 - 2023-03-20 20:07 - 000003888 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Maintenance
2023-03-20 20:07 - 2023-03-20 20:07 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-03-20 20:07 - 2023-03-20 20:07 - 000002818 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Systray
2023-03-14 22:13 - 2023-03-14 22:13 - 000000000 ___HD C:\$WinREAgent
2023-03-05 00:24 - 2023-03-19 18:24 - 000000032 _____ C:\WINDOWS\system32\rtp.db
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-03-27 21:31 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-03-27 21:30 - 2022-02-11 23:54 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-03-27 21:29 - 2020-10-24 02:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-03-27 21:29 - 2016-11-30 00:25 - 000000000 ____D C:\Users\Cata\AppData\LocalLow\Mozilla
2023-03-27 21:29 - 2016-11-29 23:59 - 000000166 _____ C:\Users\Cata\AppData\Roaming\sp_data.sys
2023-03-27 18:04 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-27 18:04 - 2016-11-30 00:01 - 000000000 ___RD C:\Users\Cata\OneDrive
2023-03-27 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-03-27 17:27 - 2022-10-16 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2023-03-27 17:26 - 2019-11-30 18:07 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2023-03-27 17:25 - 2017-09-24 20:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-03-27 17:25 - 2016-11-29 23:58 - 000000000 __SHD C:\Users\Cata\IntelGraphicsProfiles
2023-03-27 17:22 - 2020-12-16 20:36 - 000002385 _____ C:\Users\Cata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2023-03-27 17:22 - 2020-12-16 20:36 - 000002377 _____ C:\Users\Cata\Desktop\Microsoft Teams.lnk
2023-03-27 15:23 - 2016-11-30 00:07 - 000002437 _____ C:\Users\Cata\Desktop\GuruShots.lnk
2023-03-27 15:02 - 2021-10-10 15:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-03-27 15:02 - 2016-11-30 00:24 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-03-27 15:02 - 2016-11-30 00:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-03-27 14:58 - 2016-11-30 00:19 - 000000000 ____D C:\ProgramData\MAGIX
2023-03-27 14:58 - 2016-11-30 00:11 - 000000000 ____D C:\Users\Cata\AppData\Roaming\MAGIX
2023-03-27 14:52 - 2020-11-19 17:35 - 000000000 ____D C:\Users\Cata\AppData\Local\CrashDumps
2023-03-27 14:52 - 2016-11-30 00:11 - 000000000 ___RD C:\Users\Cata\Documents\MAGIX
2023-03-27 14:47 - 2017-03-12 22:45 - 000000000 ____D C:\Users\Cata\AppData\Roaming\vlc
2023-03-26 13:47 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-26 12:49 - 2020-06-20 11:20 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-26 12:49 - 2020-06-20 11:20 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-03-24 21:36 - 2021-12-12 00:19 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2060603314-2135344334-1861708809-1001
2023-03-24 21:36 - 2020-10-24 02:37 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2060603314-2135344334-1861708809-1001
2023-03-24 21:36 - 2020-10-24 02:29 - 000002394 _____ C:\Users\Cata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-23 21:43 - 2022-07-01 16:29 - 000028632 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_elam.sys
2023-03-22 12:40 - 2022-12-14 23:55 - 000001438 _____ C:\Users\Cata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2023-03-22 12:40 - 2022-12-14 23:55 - 000001430 _____ C:\Users\Cata\Desktop\Grammarly.lnk
2023-03-21 22:06 - 2021-11-27 13:08 - 000001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2023-03-21 22:06 - 2020-10-24 02:37 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1480457874
2023-03-21 22:06 - 2016-11-30 00:15 - 000000000 ____D C:\Program Files (x86)\Opera
2023-03-20 20:07 - 2021-04-15 16:29 - 000001080 _____ C:\Users\Public\Desktop\Avira.lnk
2023-03-20 20:07 - 2021-04-15 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2023-03-20 20:07 - 2020-10-24 02:37 - 000003474 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2023-03-19 20:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2023-03-19 20:35 - 2022-10-15 11:36 - 000000000 ____D C:\Users\Cata\AppData\Roaming\Scratch
2023-03-19 18:32 - 2020-10-24 02:31 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-19 18:24 - 2020-10-24 02:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-19 18:24 - 2020-10-24 02:27 - 000924656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-03-19 18:24 - 2020-10-24 02:27 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-19 18:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-03-19 18:24 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-03-19 18:24 - 2016-03-24 14:06 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-03-19 18:24 - 2016-03-24 14:06 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-03-19 18:24 - 2016-03-24 14:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-03-19 18:23 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-03-19 18:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-18 01:05 - 2020-10-24 02:37 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-18 01:05 - 2020-10-24 02:37 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-16 22:51 - 2016-08-06 04:18 - 000000000 ____D C:\Program Files\Microsoft Office
2023-03-16 22:23 - 2022-07-01 16:29 - 000229840 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_filesystem_filter.sys
2023-03-16 22:23 - 2022-07-01 16:29 - 000227360 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_process_monitor.sys
2023-03-16 22:23 - 2022-07-01 16:29 - 000190712 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\BdNet.sys
2023-03-16 22:19 - 2022-12-14 23:28 - 000003702 _____ C:\WINDOWS\system32\Tasks\Avira_FallbackUpdater
2023-03-14 22:31 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-03-14 22:26 - 2020-10-24 02:28 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-03-14 22:12 - 2016-11-30 01:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-03-14 22:04 - 2016-11-30 01:10 - 153620824 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-03-11 18:26 - 2021-06-01 19:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-03-11 18:26 - 2020-11-29 14:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-03-11 14:59 - 2022-07-01 16:29 - 000067272 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_traverse.sys
2023-03-11 14:57 - 2021-07-08 19:51 - 000004194 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1582738578
2023-03-11 14:53 - 2018-09-27 18:11 - 000000000 ____D C:\Users\Cata\AppData\Local\PlaceholderTileLogoFolder
2023-03-07 14:05 - 2021-02-19 20:21 - 000000000 ____D C:\Users\Cata\Desktop\Documents Cata
2023-03-07 13:56 - 2018-02-01 18:32 - 000000000 ____D C:\Users\Cata\AppData\Local\Packages
2023-03-05 16:55 - 2020-10-24 02:37 - 000004008 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2023-03-05 16:55 - 2020-10-24 02:37 - 000003776 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2023-03-05 00:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-03-05 00:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-03-05 00:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-28 13:06 - 2020-04-03 16:31 - 000000000 ____D C:\Users\Cata\Desktop\Usborne
2023-02-25 23:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories ========
2016-11-29 23:59 - 2023-03-27 21:29 - 000000166 _____ () C:\Users\Cata\AppData\Roaming\sp_data.sys
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
und Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-03-2023
Ran by Cata (27-03-2023 21:34:37)
Running from C:\Users\Cata\Downloads
Microsoft Windows 10 Home Version 22H2 19045.2728 (X64) (2020-10-24 00:38:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2060603314-2135344334-1861708809-500 - Administrator - Disabled)
Cata (S-1-5-21-2060603314-2135344334-1861708809-1001 - Administrator - Enabled) => C:\Users\Cata
DefaultAccount (S-1-5-21-2060603314-2135344334-1861708809-503 - Limited - Disabled)
Guest (S-1-5-21-2060603314-2135344334-1861708809-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2060603314-2135344334-1861708809-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {01FE2687-64F7-71F3-C6DE-CC8345F96725}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539}
FW: Avira Security (Enabled) {877B141C-E73B-9A54-223E-108CC963426A}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Ashampoo Photo Optimizer 6 (HKLM-x32\...\{91B33C97-546E-E89A-9F44-0BB2D57DBE96}_is1) (Version: 6.0.20 - Ashampoo GmbH & Co. KG)
Ashampoo ZIP Pro (HKLM-x32\...\{0A11EA01-70D5-56D4-0D19-0C45A40FEE08}_is1) (Version: 1.0.5 - Ashampoo GmbH & Co. KG)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.24 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0042 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.85.4 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.24.0.14 - Avira Operations GmbH) Hidden
BBC News (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\BBC News) (Version: - BBC.)
Coursera (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Coursera) (Version: - Coursera Inc.)
Dashlane (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Dashlane) (Version: 6.2148.0.52031 - Dashlane, Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.733.1 - Dropbox, Inc.) Hidden
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2206.3019 - Avira Operations GmbH & Co. KG) Hidden
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Grammarly for Windows (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Grammarly Desktop Integrations) (Version: 1.0.27.421 - )
GuruShots (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\GuruShots) (Version: - GuruShots Ltd.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5BD7E621-9791-4D9F-A620-1BA51153B749}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A53B7EAB-86BD-4F16-8C44-011B1376326A}) (Version: 11.0.0.1162 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{555B1C57-E71B-4775-BC1D-627EEF693F0D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5107 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{CBD9BDB2-3126-4756-A03A-621CCF87C188}) (Version: 1.1.253.0 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 7.2.4.1 (HKLM\...\{BB7C5E72-36E2-4455-96F7-2DC1D9586AF4}) (Version: 7.2.4.1 - The Document Foundation)
MAGIX Movie Edit Pro 2016 Plus (HKLM\...\{003105FB-9F55-40F4-8005-B28E6A48715D}) (Version: 15.0.0.90 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Plus (HKLM\...\MX.{003105FB-9F55-40F4-8005-B28E6A48715D}) (Version: 15.0.0.90 - MAGIX Software GmbH)
MAGIX Speed burnR (HKLM\...\{ED59AC14-BD3F-41F2-AAC4-8FA1B4225E1A}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{ED59AC14-BD3F-41F2-AAC4-8FA1B4225E1A}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malwarebytes version 4.5.25.256 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.25.256 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16130.20306 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16130.20306 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.54 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\OneDriveSetup.exe) (Version: 23.048.0305.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Movavi Screen Capture Studio 7 (HKLM-x32\...\Movavi Screen Capture Studio 7) (Version: 7.3.0 - Movavi)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 111.0.1 (x64 en-GB)) (Version: 111.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 111.0.1.8480 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 96.0.4693.80 (HKLM-x32\...\Opera 96.0.4693.80) (Version: 96.0.4693.80 - Opera Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.27054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
Sapientino Manager new (HKLM\...\Sapientino Manager new) (Version: 1.8 - Clementoni S.p.A.)
Scratch 3 3.29.1 (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\bad79d23-e888-5a7b-9e99-60ee89b6c8bf) (Version: 3.29.1 - Scratch Foundation)
Skype version 8.95 (HKLM-x32\...\Skype_is1) (Version: 8.95 - Skype Technologies S.A.)
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.49.26236 - LULU Software Limited)
Soda PDF 8 View Module (HKLM\...\{A6FCDFBB-1286-4537-BECF-12B42FADDFD8}) (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Solomon Coder (HKLM-x32\...\Solomon) (Version: - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.30767 - Microsoft Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.8 - WildTangent)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\ZoomUMX) (Version: 5.13.7 (12602) - Zoom Video Communications, Inc.)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Corporation)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.239.500.0_x64__kgqvnymyfvs32 [2023-03-25] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_143.1.1136.0_x64__v10z8vjag6ke6 [2023-03-11] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-27] (MAGIX)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-04-29] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-19] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-27] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-19] (Microsoft Studios) [MS Ad]
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-30] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-25] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-25] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2060603314-2135344334-1861708809-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Cata\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2060603314-2135344334-1861708809-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Cata\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] (Notepad++ -> )
ContextMenuHandlers1-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT64.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-12-10] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSContextMenu.dll [2015-12-24] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-15] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers6-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT64.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Cata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7634a48803fa655b\ASUS GIFTBOX.lnk -> C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTek Computer Inc) -> --user-data-dir="C:\Users\Cata\AppData\Local\ASUS GIFTBOX\User Data" --profile-directory=Default --app-id=gicdkbgeaegfghgkdgaejkfeppmlobel
==================== Loaded Modules (Whitelisted) =============
2015-12-02 19:01 - 2015-12-02 19:01 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2015-04-22 15:59 - 2015-04-22 15:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2023-03-05 22:09 - 2023-03-05 22:09 - 003091456 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\b8ec60ab4661773ae9ca3c256f66d21e\Newtonsoft.Json.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2020-02-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Cata\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Cata\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\sharepoint.com -> hxxps://leonardodavincis-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 15:46 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cata\Desktop\FOTO\New folder cate\Agosto 2018\20180828_154203.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-2060603314-2135344334-1861708809-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{52C4E369-C864-4CB0-A8F6-EB960B62FD0A}C:\users\cata\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\cata\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F84CE1A5-923D-4FD9-9A7A-E20CD4DEFE54}C:\users\cata\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\cata\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DE022C69-2665-478D-B968-D839881F288C}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{BCF5B0E5-B25D-4C8C-92C9-A0C505909E70}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8A3455F1-8D3E-43A7-AD4B-5B152F1DC0A0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A93CBA76-335C-4372-9A92-70990CE0E7E7}] => (Allow) C:\Program Files\MAGIX\Movie Edit Pro 2016 Plus\Videodeluxe.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{C4A425FB-AC52-4AC4-BB96-5259F61180F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7CBF172B-D5D7-4485-9055-42F7FEB89318}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0D8C5C25-1C49-4D61-B3D1-A66FD41694CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{22E8B359-5CF5-4A9E-B44A-F7A9ABEAC14E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E7981930-D732-4E87-ADCB-3EC7498C1F68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{254E0D69-AA54-45B5-ADA9-09629EB30614}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{96DEBB91-D264-4ADB-8646-C9F986435EB0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{545EF7A6-6DFE-416E-9D37-C078325CE4CC}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8C5252BE-BEAE-4B3E-B96B-78DEF08ECA25}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{29C55AEF-5C62-42DD-A7DC-969F753C8158}] => (Allow) C:\Users\Cata\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8DBCD9A9-29D5-465E-87DE-6AA60478A5F9}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{A678DD79-2581-432C-B24C-92E7298C17F4}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{3C17A41D-0E5A-4246-9A4C-EACF9C95A52B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [TCP Query User{B0D1A315-A6BF-4785-8066-A6154E60597D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9B40776E-76AF-47A2-B433-367D523BE0B5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{361BCD4A-B992-4371-9235-63DAE3532D9B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D45A5C5-881D-467C-B68F-85209BAA8633}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4566C4F-98E2-4F9D-8A75-652D798811BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6B2CFE62-EEBF-43F9-851F-FE9893EA27C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{426E421B-D0F3-489D-903D-5A95EE4661FA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{10334F47-CEA1-4DDA-95A8-A5D1E30A9A9D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06710FEC-4FA5-422E-A4B7-CCFED5FEF662}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C0E0CF00-EC50-49DB-B06A-86DB5BBD0B3A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6E5FBEA-02E8-4B0C-8584-3A930F8A775A}] => (Allow) C:\Program Files (x86)\Opera\96.0.4693.50\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{3E4D987A-AA0E-4BED-91DB-1C572AE2248B}] => (Allow) C:\Program Files (x86)\Opera\96.0.4693.80\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{90021BFB-C11B-4FD8-9FED-A022D1010655}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9256E7AB-5781-4D03-A7A5-530AEDB1D37A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3090B800-D80C-4070-9565-1B9340890E0D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:118.14 GB) (Free:18.27 GB) (15%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/27/2023 05:55:46 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll
Error: (03/27/2023 05:55:46 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll
Error: (03/27/2023 05:55:42 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll
Error: (03/27/2023 05:55:42 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll
Error: (03/27/2023 05:55:38 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll
Error: (03/27/2023 05:55:38 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll
Error: (03/27/2023 05:55:36 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll
Error: (03/27/2023 05:55:36 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity.*The token was issued on 2021-01-06T21:36:35.9771160Z and was inactive for 90.00:00:00.
Trace ID: 689bbb36-9199-48ee-81c9-b85c0a6e8900
Correlation ID: 73bb1254-2e49-4a46-82c7-33330f82c3b5
Timestamp: 2023-03-27 15:55:35Zmcpmanagementservice.dll
System errors:
=============
Error: (03/19/2023 06:47:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (03/19/2023 06:33:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (03/19/2023 06:24:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/19/2023 06:24:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
Error: (03/18/2023 01:38:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.
Error: (03/18/2023 01:31:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (03/18/2023 01:20:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (03/11/2023 03:25:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Security service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.
CodeIntegrity:
===============
Date: 2023-03-27 21:36:21
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2023-03-27 17:51:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. X540LA.204 03/14/2016
Motherboard: ASUSTeK COMPUTER INC. X540LA
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 80%
Total physical RAM: 3997.44 MB
Available physical RAM: 780.58 MB
Total Virtual: 8605.44 MB
Available Virtual: 2437.62 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:118.14 GB) (Free:18.27 GB) (Model: SanDisk SD8SBAT128G1002) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{2f214078-bc45-4636-8a8d-03edb5589fd4}\ () (Fixed) (Total:0.84 GB) (Free:0.35 GB) NTFS
\\?\Volume{e3ee487c-6c0c-4a3f-aa3b-99a767d72387}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: A074D5FC)
Partition: GPT.
==================== End of Addition.txt =======================
|
