Jump to content

Help getting rid of Bagle.zip


Go to solution Solved by kevinf80,

Recommended Posts

Hello Krischka and welcome to Malwarebytes,

We do not do help via private messages, if you do require our help any requested logs have to be included in the replies you make to this thread...

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your native tongue rename FRST to FRSTEnglish.
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

 

Link to post
Share on other sites

Hi Kevin, thank so much for your help and time already.

In the process of sorting out some of my programs I ditched some of the virus-scanners I had installes as I has 4 different ones....And now I dont get the warning any more/cant recall which one gave me the alert....I dont think the worm has magically disappeared though.Anyway, here we go:

 

 

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/26/21
Scan Time: 8:22 AM
Log File: 117f8c7c-8e04-11eb-908f-e8d0fcd765c8.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38719
License: Trial

-System Information-
OS: Windows 10 (Build 19041.867)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 279927
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 9 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-03-22.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-24-2021
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  11
# Awaiting reboot:3
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
Deleted       C:\Users\Lenovo\AppData\Roaming\QScan System-Check

***** [ Files ] *****

Deleted       C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QScan System-Check.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|QScan System-Check.lnk
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|QScan System-Check
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Needs Reboot  Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER
Needs Reboot  Preinstalled.LenovoIMController   Folder   C:\Users\Lenovo\AppData\Local\LENOVO\IMCONTROLLER
Needs Reboot  Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed   C:\ProgramData\LENOVO\IMCONTROLLER
Cleaning failed   C:\Users\Lenovo\AppData\Local\LENOVO\IMCONTROLLER
Cleaning failed   C:\Windows\LENOVO\IMCONTROLLER

*************************

AdwCleaner[S00].txt - [2438 octets] - [24/03/2021 09:09:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-03-22.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-24-2021
# Duration: 00:00:40
# OS:       Windows 10 Home
# Scanned:  31988
# Detected: 11


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.QScanSystemCheck   C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
PUP.Optional.QScanSystemCheck   C:\Users\Lenovo\AppData\Roaming\QScan System-Check

***** [ Files ] *****

PUP.Optional.QScanSystemCheck   C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QScan System-Check.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.QScanSystemCheck   HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check
PUP.Optional.QScanSystemCheck   HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|QScan System-Check.lnk
PUP.Optional.QScanSystemCheck   HKCU\Software\Microsoft\Windows\CurrentVersion\Run|QScan System-Check
PUP.Optional.QScanSystemCheck   HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController   Folder   C:\Users\Lenovo\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-03-2021
Ran by Lenovo (administrator) on LAPTOP-J5GA9RT3 (LENOVO 81MU) (26-03-2021 12:00:52)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe <3>
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_7ecc5be6ca7b3b0d\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(LENOVO INC.) C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8\LenovoVantage.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee) C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [116960 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2429664 2021-03-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [2874592 2021-03-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2264672 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [470112 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\WINDOWS\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\Installer\chrmstp.exe [2021-03-16] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk [2020-10-15]
ShortcutTarget: RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () [File not signed]
BootExecute: autocheck autochk * icarus_rvrt.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06E605F3-8402-42DC-B2F0-E4E1682B6097} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [24368 2020-12-29] (Lenovo -> Lenovo Group Ltd.)
Task: {09786038-B6D2-48CB-A949-3D07436C5011} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {0DD8E74A-E0E2-404C-B6B3-15D6A27F3DAC} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {17A337D1-0EA4-4DBA-AE90-C187DDED022B} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [234200 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {1AF56165-AC7A-4EF3-8F3C-91363C904EA6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {2523954D-0BF1-4F96-966C-E69BD1F09A50} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4665568 2021-03-03] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log"  --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid be1c32b8-1a4f-43cc-b0cf-77dc966ab339
Task: {26A04298-F1A9-4479-97B1-D60C6FE6C250} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {2A9990FE-3DF7-47A4-913B-8244413F86F2} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {2B7B0CA2-97EB-4860-BDA8-B44C9DC588BD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {2FC3A376-28FA-44BA-9322-B04B5CE61903} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {3543225B-42C3-417E-9898-912A396847DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC)
Task: {35EAF669-7545-4051-9B09-0A15D97BBAA4} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {3E14DD90-1FAD-4DBD-BF2A-524D77A821B2} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-15] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log"  --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid fdc48cde-b9df-4f92-be59-e193f00b0215
Task: {45033028-695F-4357-9589-45AFAC45915C} - \Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24 -> No File <==== ATTENTION
Task: {48AA9965-2795-4476-8AD9-7AEDD7087AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC)
Task: {6330F872-8723-4416-9543-F02E7A4701BE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {64A52C5A-7BF3-4182-818C-8311FD58C343} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {73F24A1A-F215-466C-9D19-C8514762C8C3} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7E9642C7-3981-4706-9689-9D4068D469DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {80CD123D-AE2B-4FAB-95A4-2115743E1989} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software)
Task: {85962931-1A10-43A0-A823-A2D234DBAE44} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4682976 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {8A5A17BF-D672-4219-84CE-51C26482CCA6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.)
Task: {A71A954D-6387-4D08-99F4-6B7B5B7EC017} - \Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0 -> No File <==== ATTENTION
Task: {A9485EF7-972E-4D84-993D-091901066CD4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {BC502FCB-F87D-4D2B-88BD-2779789937BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {C7AD19C8-4CE6-4A28-8353-9ADC15915101} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [5493472 2021-02-15] (Avast Software s.r.o. -> Avast Software)
Task: {D77AFB92-DEE1-410A-905F-3E16235673FF} - System32\Tasks\Mirkat => C:\Users\Lenovo\AppData\Local\Microsoft\WindowsApps\MirkatService.exe
Task: {DB3D61AC-76E4-46D8-A35E-C5B7BAAB4C42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6} - \Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e -> No File <==== ATTENTION
Task: {F83328DA-81D8-43B7-AC21-F325C720E22B} - \Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06 -> No File <==== ATTENTION
Task: {FD58A045-531B-4E88-AD2C-6CEC76379E1B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{656725eb-9c36-4ff8-8500-f48d29b23d01}: [DhcpNameServer] 150.205.1.2
Tcpip\..\Interfaces\{bdfe217f-aad3-4ec7-b017-fb5fbf5bf7eb}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-22]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: su0f3597.default
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\su0f3597.default [2020-01-25]
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release [2021-03-26]
FF Homepage: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://falldoku.psychologische-hochschule.de/index.php
FF Notifications: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://web.instahelp.me; hxxps://pressbar.eu; hxxps://room.edudip.com; hxxps://meet.google.com
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-20]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2021-03-25]
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E211DE1451G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Präsentationen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-10]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-10]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-08]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-10]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-02-08]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-02-08]
CHR Extension: (Tabellen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-10]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-08]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08]
CHR Extension: (Google Mail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7878680 2021-03-18] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621608 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [352480 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\elevation_service.exe [1504864 2021-03-14] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56904 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384360 2020-12-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [247232 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-15] (Avast Software s.r.o. -> AVAST Software)
S4 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [44128 2020-12-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [5903584 2021-03-03] (Avast Software s.r.o. -> AVAST Software)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
S4 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [29488 2020-12-29] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 mcafeeintegrationservice; C:\WINDOWS\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe [2578272 2018-08-03] (McAfee, Inc. -> McAfee)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-03-25] (Avast Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
S3 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-18] (Avast Software s.r.o. -> AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215328 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [206896 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-25] (Malwarebytes Inc -> Malwarebytes)
R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [49920 2018-08-03] (McAfee, Inc. -> McAfee)
R1 vbdenum; C:\WINDOWS\System32\drivers\vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-26 12:00 - 2021-03-26 12:00 - 000000000 ____D C:\Users\Lenovo\Downloads\FRST-OlderVersion
2021-03-26 11:50 - 2021-03-26 11:50 - 000001219 _____ C:\Users\Lenovo\Desktop\MWB scan 26.03.21.txt
2021-03-25 20:35 - 2021-03-25 20:35 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-03-25 20:35 - 2021-03-25 20:35 - 000002087 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-03-25 20:35 - 2021-03-25 20:35 - 000002087 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2021-03-25 20:34 - 2021-03-25 20:34 - 000035648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-03-25 20:34 - 2021-02-22 15:01 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-03-25 19:15 - 2021-03-25 19:15 - 000003710 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2021-03-25 19:14 - 2021-03-25 19:14 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray
2021-03-25 19:13 - 2021-02-09 18:03 - 000206896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2021-03-25 19:13 - 2021-02-09 18:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2021-03-25 19:13 - 2019-06-07 14:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys
2021-03-25 19:12 - 2021-03-25 19:12 - 000003782 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate
2021-03-25 19:12 - 2021-03-25 19:12 - 000000000 ____D C:\Users\Public\Speedup Sessions
2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\Users\Public\Desktop\Avira.lnk
2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\ProgramData\Desktop\Avira.lnk
2021-03-25 19:11 - 2021-03-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-03-24 09:23 - 2021-03-26 12:02 - 000032473 _____ C:\Users\Lenovo\Downloads\FRST.txt
2021-03-24 09:16 - 2021-03-24 09:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-24 09:15 - 2021-03-24 09:16 - 000002843 _____ C:\Users\Lenovo\Desktop\AdwCleaner[C00] 24.03.21.txt
2021-03-24 09:14 - 2021-03-24 09:14 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-03-24 09:13 - 2021-03-25 18:25 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-03-24 09:13 - 2021-03-24 09:13 - 000295488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-24 09:13 - 2021-03-24 09:13 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-03-24 09:08 - 2021-03-24 09:12 - 000000000 ____D C:\AdwCleaner
2021-03-24 09:08 - 2021-03-24 09:08 - 008534696 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\adwcleaner_8.2.exe
2021-03-24 09:08 - 2021-03-24 09:08 - 002084016 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\MBSetup.exe
2021-03-24 08:59 - 2021-03-24 08:59 - 000001232 _____ C:\Users\Lenovo\Desktop\Scan 24.03.21.txt
2021-03-24 08:37 - 2021-03-24 09:13 - 000000000 ____D C:\ProgramData\McInstTemp0191041616571459
2021-03-23 18:15 - 2021-03-24 09:29 - 000030305 _____ C:\Users\Lenovo\Downloads\Addition.txt
2021-03-23 18:10 - 2021-03-23 18:18 - 000057406 _____ C:\Users\Lenovo\Downloads\FRSTEnglish.txt
2021-03-23 18:09 - 2021-03-26 12:01 - 000000000 ____D C:\FRST
2021-03-23 18:00 - 2021-03-26 12:00 - 002300928 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64English.exe
2021-03-19 23:20 - 2021-03-19 23:20 - 000170357 _____ C:\Users\Lenovo\Downloads\Kuelz_Innerer_Drache.pdf
2021-03-19 23:11 - 2021-03-20 08:48 - 000000000 ____D C:\Users\Lenovo\Documents\Zwang
2021-03-19 22:42 - 2021-03-19 22:42 - 004509083 _____ C:\Users\Lenovo\Downloads\achtsamkeit-und-selbstmitgefhl-2020.pdf
2021-03-19 12:08 - 2021-03-25 18:25 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\IGDump
2021-03-19 12:06 - 2021-03-19 12:06 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-19 12:06 - 2020-06-08 06:34 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-03-17 16:44 - 2021-03-17 16:44 - 002874314 _____ C:\Users\Lenovo\Downloads\PTV10_web.pdf
2021-03-17 11:53 - 2021-03-17 11:54 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(2).exe
2021-03-14 12:36 - 2021-03-22 20:50 - 000000000 ____D C:\Users\Lenovo\Documents\Praxisgründung
2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-13 16:41 - 2021-03-13 16:41 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-13 16:41 - 2021-03-13 16:41 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-13 16:41 - 2021-03-13 16:41 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-13 16:41 - 2021-03-13 16:41 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-13 16:41 - 2021-03-13 16:41 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-13 16:41 - 2021-03-13 16:41 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-13 16:41 - 2021-03-13 16:41 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-13 16:41 - 2021-03-13 16:41 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-13 16:41 - 2021-03-13 16:41 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-12 08:41 - 2021-03-19 11:53 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2021-03-05 20:50 - 2021-03-05 20:50 - 000244484 _____ C:\Users\Lenovo\Downloads\Bewerbungsformular_Female_Health_Incubator_2.0.pdf
2021-03-03 12:48 - 2021-03-03 12:48 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32 (1).exe
2021-03-03 12:48 - 2021-03-03 12:48 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater.lnk
2021-03-03 12:38 - 2021-03-03 12:38 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(1).exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-26 11:59 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-26 11:51 - 2020-02-17 16:02 - 000000000 ____D C:\Users\Lenovo\Documents\PHB Therapie
2021-03-26 11:20 - 2021-02-18 00:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-26 08:30 - 2020-01-25 17:36 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-26 08:29 - 2020-01-25 17:50 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2021-03-26 08:21 - 2020-01-25 17:34 - 000000000 ____D C:\Program Files\CCleaner
2021-03-26 00:56 - 2021-02-22 15:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-03-26 00:56 - 2021-02-18 01:13 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-26 00:56 - 2021-02-18 01:13 - 000003554 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2021-03-26 00:56 - 2021-02-18 01:13 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-26 00:56 - 2021-02-18 01:13 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001
2021-03-26 00:56 - 2021-02-18 01:13 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500
2021-03-26 00:56 - 2021-02-18 01:13 - 000002016 _____ C:\WINDOWS\system32\Tasks\Mirkat
2021-03-25 20:34 - 2021-02-22 15:02 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-25 20:34 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\ProgramData\Avira
2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\Program Files (x86)\Avira
2021-03-25 19:11 - 2019-06-28 06:15 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-25 19:10 - 2021-02-22 15:07 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AVAST Software
2021-03-25 18:25 - 2021-02-18 01:13 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-25 18:25 - 2021-02-18 01:13 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-25 18:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-24 10:55 - 2021-02-18 01:13 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-24 09:24 - 2021-02-22 15:00 - 000000000 ____D C:\ProgramData\Avast Software
2021-03-24 09:21 - 2021-02-18 01:03 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-24 09:21 - 2019-12-07 15:50 - 000708592 _____ C:\WINDOWS\system32\perfh007.dat
2021-03-24 09:21 - 2019-12-07 15:50 - 000142834 _____ C:\WINDOWS\system32\perfc007.dat
2021-03-24 09:21 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-24 09:16 - 2021-02-12 17:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-24 09:16 - 2020-01-25 17:36 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-24 09:16 - 2020-01-25 17:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-24 09:13 - 2021-02-18 01:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-24 09:13 - 2021-02-18 00:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-24 09:13 - 2020-01-25 17:33 - 000000000 ____D C:\Program Files\McAfee
2021-03-24 09:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-24 09:13 - 2019-11-08 19:10 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2021-03-24 09:13 - 2019-06-28 06:41 - 000000000 ____D C:\ProgramData\McAfee
2021-03-24 09:13 - 2019-06-28 06:38 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2021-03-24 09:13 - 2019-06-28 06:37 - 000000000 ___HD C:\Intel
2021-03-24 09:12 - 2021-02-18 01:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-24 09:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-24 09:12 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-24 08:40 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-24 08:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-24 08:36 - 2019-11-08 19:10 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2021-03-24 08:31 - 2020-08-22 14:54 - 000000000 ____D C:\Program Files\Pixum
2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\WhatsApp
2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\WhatsApp
2021-03-21 16:10 - 2020-02-28 13:26 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-19 12:07 - 2020-11-13 21:11 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-19 12:07 - 2020-05-04 18:43 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-03-19 11:44 - 2020-04-21 13:54 - 000000000 ____D C:\Users\Lenovo\Documents\Partnerschaft und Sexualität
2021-03-19 10:52 - 2020-11-28 12:29 - 000000000 ____D C:\Users\Lenovo\Documents\Prüfungsanmeldung
2021-03-18 19:02 - 2021-02-22 15:01 - 000465160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-03-18 04:29 - 2020-06-10 19:40 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-16 20:00 - 2021-02-22 15:06 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-13 16:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-13 16:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-13 13:07 - 2019-11-08 13:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-13 12:28 - 2019-11-08 13:14 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-12 15:19 - 2021-02-18 01:01 - 000000000 ____D C:\Users\Lenovo
2021-03-05 20:50 - 2021-01-04 19:28 - 000000000 ____D C:\Users\Lenovo\Documents\zäpfchen
2021-03-03 12:50 - 2020-12-28 10:25 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\ICAClient
2021-03-03 12:50 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\SquirrelTemp
2021-03-03 12:50 - 2020-03-30 13:34 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Zoom
2021-03-03 12:49 - 2021-02-22 15:03 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Avast Software
2021-03-03 12:49 - 2021-02-02 20:47 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-03 12:48 - 2021-02-22 15:00 - 000000000 ____D C:\Program Files\Avast Software
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-01 18:04 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing

==================== Files in the root of some directories ========

2019-09-04 01:40 - 2019-09-04 01:40 - 131028644 _____ () C:\Program Files\openoffice1.cab
2019-09-04 01:38 - 2019-09-04 01:38 - 002465792 _____ () C:\Program Files\openoffice417.msi
2019-09-04 01:38 - 2019-09-04 01:38 - 000479232 _____ () C:\Program Files\setup.exe
2019-09-04 01:38 - 2019-09-04 01:38 - 000000279 _____ () C:\Program Files\setup.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021
Ran by Lenovo (26-03-2021 12:05:20)
Running from C:\Users\Lenovo\Downloads
Windows 10 Home Version 2004 19041.867 (X64) (2021-02-18 00:13:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4294009755-3694156625-1329034997-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4294009755-3694156625-1329034997-503 - Limited - Disabled)
Gast (S-1-5-21-4294009755-3694156625-1329034997-501 - Limited - Disabled)
Lenovo (S-1-5-21-4294009755-3694156625-1329034997-1001 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-4294009755-3694156625-1329034997-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 21.1.1187.3478 - Avast Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 89.0.8688.91 - Die Avast Secure Browser-Autoren)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2103.2081 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.1.24458 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.46.16549 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Citrix Workspace 2012 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 20.12.1.42 - Citrix Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 87.0 (x64 de) (HKLM\...\Mozilla Firefox 87.0 (x64 de)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
Online Plug-in (HKLM-x32\...\{A6DDB28C-02F3-4D7F-A898-12C13EE95008}) (Version: 20.11.0.26 - Citrix Systems, Inc.) Hidden
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
RED Medical Commander (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\RED Medical Commander) (Version:  - RED Medical Systems GmbH)
Self-Service Plug-in (HKLM-x32\...\{B91E7894-1983-4BF6-A3D8-F77AD832AECC}) (Version: 20.12.1.28 - Citrix Systems, Inc.) Hidden
WebAdvisor von McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.200 - McAfee, LLC)
Zoom (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2020-02-18] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-18] (HP Inc.)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-18] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4 [2021-01-23] (LENOVO INC) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-07-06] (Realtek Semiconductor Corp)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-01-25] (VideoLAN)
Ziply Lite -> C:\Program Files\WindowsApps\1901TwentyOneTeam.ZiplyLite_1.0.12.0_x64__qfdnnpxetjjmm [2020-03-28] (Twenty One Team)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat ()
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RED Medical\RED Medical Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat ()

==================== Loaded Modules (Whitelisted) =============

2021-01-23 06:19 - 2021-01-23 06:20 - 000184832 _____ (Fortemedia) [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8\FMAPOCTL.dll
2021-01-23 06:19 - 2021-01-23 06:21 - 027074560 _____ (Lenovo Group Ltd.) [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8\LenovoVantage.dll
2020-12-21 12:44 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-02-04 23:21 - 2020-02-04 23:21 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll
2020-02-04 23:21 - 2020-02-04 23:21 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll
2020-02-04 23:21 - 2020-02-04 23:21 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll
2020-02-04 23:21 - 2020-02-04 23:21 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll
2020-02-04 23:21 - 2020-02-04 23:21 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll
2020-06-19 14:55 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> DefaultScope {65AD6144-0445-4680-964B-7CD4F71D26CB} URL =
SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> {65AD6144-0445-4680-964B-7CD4F71D26CB} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\back.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\StartupApproved\StartupFolder: => "RED Commander.lnk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0C3DFC74-818E-4DCD-95FD-7197B24F88A7}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{925F2E71-C204-4970-894F-F936712DE39A}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C912AD46-47C9-4CC8-8005-054B133B428F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06D24F51-E592-49FA-ADA9-9A718FC798AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9F6B5FE1-6CCB-44DA-8A4B-50ADB4CC571C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B7304DB-91C9-44A0-8073-4AD35D7897A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06270C6D-DAEB-4511-BC67-FF937D76A86B}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8A1EA0A5-67D4-45D9-A128-BE80E37EE119}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9B0FD35E-BD42-4F5B-941E-08DF1E83F7E7}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AA2505AA-D585-4C04-B5A9-5307768DFCFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E5627CB-48A8-4C99-9A8C-9C6351E7C23E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EC54A0A3-CAC3-4DDD-850B-F816CDE9221A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{768D8828-34A3-46B4-B3FE-25034000AD61}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DE308017-856C-4D1C-A48F-3352E8F94B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B65C134E-D513-4D20-A35D-FE6FA0C4EB3A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{793A2169-F43B-4CA8-B055-816446E43C8D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{E92DF44B-D9B6-412D-B3EA-29BDA5A73DCA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118 GB) (Free:73.53 GB) (62%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/25/2021 07:15:52 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (03/25/2021 06:24:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.2.0.943, Zeitstempel: 0x5fbd5689
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.19041.844, Zeitstempel: 0x60a6ca36
Ausnahmecode: 0xc000070a
Fehleroffset: 0x0000000000111efd
ID des fehlerhaften Prozesses: 0x1bdc
Startzeit der fehlerhaften Anwendung: 0x01d7208595b733b3
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 3a9a3709-6263-4dbd-8785-9b9d48d97da6
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/19/2021 08:33:57 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (03/19/2021 08:33:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.804, Zeitstempel: 0x0e9c5eae
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x000000000002d759
ID des fehlerhaften Prozesses: 0x16d0
Startzeit der fehlerhaften Anwendung: 0x01d71c92007520a7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: e41f8578-ef28-4677-81ce-e52743e9b2db
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/19/2021 08:32:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IntelAudioService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode e06d7363, Ausnahmeadresse 00007FF8E5A6D759
Stapel:

Error: (03/17/2021 11:12:43 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (03/17/2021 11:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d
Name des fehlerhaften Moduls: ControlModule.dll, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2de9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000006100e
ID des fehlerhaften Prozesses: 0x1668
Startzeit der fehlerhaften Anwendung: 0x01d71b15d6ad03ca
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\ControlModule.dll
Berichtskennung: e3e43eda-6c21-4c4d-96cf-f1dcd31eebce
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/17/2021 11:11:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IntelAudioService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 00007FFEC75D100E
Stapel:


System errors:
=============
Error: (03/26/2021 08:20:41 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/25/2021 06:29:28 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/25/2021 06:25:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/25/2021 06:24:13 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT)
Description: Für den Miniport "Qualcomm Atheros QCA9377 Wireless Network Adapter, {bdfe217f-aad3-4ec7-b017-fb5fbf5bf7eb}" ist das Ereignis "71" aufgetreten.

Error: (03/25/2021 06:24:13 PM) (Source: Qcamain10x64) (EventID: 5002) (User: )
Description: Qualcomm Atheros QCA9377 Wireless Network Adapter : Fehlfunktion des Netzwerkadapters wurde ermittelt.

Error: (03/25/2021 06:24:07 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/24/2021 11:23:42 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/24/2021 09:22:37 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{E60687F7-01A1-40AA-86AC-DB1CBF673334}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===============
Date: 2021-03-25 18:25:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-03-25 18:24:36
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

BIOS: LENOVO ASCN40WW 10/11/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Celeron(R) CPU 4205U @ 1.80GHz
Percentage of memory in use: 89%
Total physical RAM: 3976.24 MB
Available physical RAM: 407.76 MB
Total Virtual: 9096.24 MB
Available Virtual: 2535.23 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:118 GB) (Free:73.53 GB) NTFS

\\?\Volume{e73b3c0b-4182-433f-a907-2654b64be442}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.15 GB) NTFS
\\?\Volume{65389b22-2299-4c13-9b92-da5ecf82e810}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: B288A94A)

Partition: GPT.

==================== End of Addition.txt =======================

Link to post
Share on other sites

Hiya Krischka,

Thanks for those logs, your securiity still needs to be sorted out before we can progress. Avira and Kalwarebytes are enabled and active, thats ok. Avast and McAfee are not active and need to be uninstalled...

For Avast removal go here - https://www.avast.com/uninstall-utility use their tool to remove Avast..

For McAfee removal go here - http://mcafee-removal-tool.com/ use their tool to remove McAfee.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image

Thank you,

Kevin....
Link to post
Share on other sites

Did unistall as described and rerun - I think they are still in that list though?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-03-2021
Ran by Lenovo (administrator) on LAPTOP-J5GA9RT3 (LENOVO 81MU) (26-03-2021 21:25:04)
Running from C:\Users\Lenovo\Downloads\FRST-OlderVersion
Loaded Profiles: Lenovo
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe <3>
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_7ecc5be6ca7b3b0d\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee) C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2429664 2021-03-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [2874592 2021-03-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2264672 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [470112 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\WINDOWS\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\Installer\chrmstp.exe [2021-03-16] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk [2020-10-15]
ShortcutTarget: RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () [File not signed]
BootExecute: autocheck autochk * icarus_rvrt.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06E605F3-8402-42DC-B2F0-E4E1682B6097} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [24368 2020-12-29] (Lenovo -> Lenovo Group Ltd.)
Task: {09786038-B6D2-48CB-A949-3D07436C5011} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {0DD8E74A-E0E2-404C-B6B3-15D6A27F3DAC} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {17A337D1-0EA4-4DBA-AE90-C187DDED022B} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [234200 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {1AF56165-AC7A-4EF3-8F3C-91363C904EA6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-03-26] (Avast Software s.r.o. -> Avast Software)
Task: {2523954D-0BF1-4F96-966C-E69BD1F09A50} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4665568 2021-03-03] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log"  --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid be1c32b8-1a4f-43cc-b0cf-77dc966ab339
Task: {26A04298-F1A9-4479-97B1-D60C6FE6C250} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {2A9990FE-3DF7-47A4-913B-8244413F86F2} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {2B7B0CA2-97EB-4860-BDA8-B44C9DC588BD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {2FC3A376-28FA-44BA-9322-B04B5CE61903} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {3543225B-42C3-417E-9898-912A396847DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC)
Task: {35EAF669-7545-4051-9B09-0A15D97BBAA4} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {3E14DD90-1FAD-4DBD-BF2A-524D77A821B2} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-15] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log"  --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid fdc48cde-b9df-4f92-be59-e193f00b0215
Task: {45033028-695F-4357-9589-45AFAC45915C} - \Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24 -> No File <==== ATTENTION
Task: {48AA9965-2795-4476-8AD9-7AEDD7087AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC)
Task: {6330F872-8723-4416-9543-F02E7A4701BE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {64A52C5A-7BF3-4182-818C-8311FD58C343} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {73F24A1A-F215-466C-9D19-C8514762C8C3} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7E9642C7-3981-4706-9689-9D4068D469DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {80CD123D-AE2B-4FAB-95A4-2115743E1989} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software)
Task: {85962931-1A10-43A0-A823-A2D234DBAE44} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {8A5A17BF-D672-4219-84CE-51C26482CCA6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.)
Task: {A71A954D-6387-4D08-99F4-6B7B5B7EC017} - \Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0 -> No File <==== ATTENTION
Task: {A9485EF7-972E-4D84-993D-091901066CD4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {BC502FCB-F87D-4D2B-88BD-2779789937BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {C7AD19C8-4CE6-4A28-8353-9ADC15915101} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [5493472 2021-02-15] (Avast Software s.r.o. -> Avast Software)
Task: {D77AFB92-DEE1-410A-905F-3E16235673FF} - System32\Tasks\Mirkat => C:\Users\Lenovo\AppData\Local\Microsoft\WindowsApps\MirkatService.exe
Task: {DB3D61AC-76E4-46D8-A35E-C5B7BAAB4C42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6} - \Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e -> No File <==== ATTENTION
Task: {F83328DA-81D8-43B7-AC21-F325C720E22B} - \Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06 -> No File <==== ATTENTION
Task: {FD58A045-531B-4E88-AD2C-6CEC76379E1B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{656725eb-9c36-4ff8-8500-f48d29b23d01}: [DhcpNameServer] 150.205.1.2
Tcpip\..\Interfaces\{bdfe217f-aad3-4ec7-b017-fb5fbf5bf7eb}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-22]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: su0f3597.default
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\su0f3597.default [2020-01-25]
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release [2021-03-26]
FF Homepage: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://falldoku.psychologische-hochschule.de/index.php
FF Notifications: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://web.instahelp.me; hxxps://pressbar.eu; hxxps://room.edudip.com; hxxps://meet.google.com
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-20]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2021-03-26]
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E211DE1451G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Präsentationen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-10]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-10]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-08]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-10]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-02-08]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-02-08]
CHR Extension: (Tabellen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-10]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-08]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08]
CHR Extension: (Google Mail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-08]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\elevation_service.exe [1504864 2021-03-14] (Avast Software s.r.o. -> AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384360 2020-12-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [247232 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-15] (Avast Software s.r.o. -> AVAST Software)
S4 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [44128 2020-12-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [5903584 2021-03-03] (Avast Software s.r.o. -> AVAST Software)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
S4 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [29488 2020-12-29] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R2 mcafeeintegrationservice; C:\WINDOWS\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe [2578272 2018-08-03] (McAfee, Inc. -> McAfee)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [206896 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-26] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-26] (Malwarebytes Inc -> Malwarebytes)
R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [49920 2018-08-03] (McAfee, Inc. -> McAfee)
R1 vbdenum; C:\WINDOWS\System32\drivers\vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-26 21:22 - 2021-03-26 21:22 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-03-26 21:22 - 2021-03-26 21:22 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\IGDump
2021-03-26 21:21 - 2021-03-26 21:21 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-03-26 21:21 - 2021-03-26 21:21 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-03-26 19:36 - 2021-03-26 19:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-03-26 19:34 - 2021-03-26 19:34 - 012519280 _____ (AVAST Software) C:\Users\Lenovo\Downloads\avastclear.exe
2021-03-26 19:34 - 2021-03-26 19:34 - 011049936 _____ (McAfee, LLC) C:\Users\Lenovo\Downloads\MCPR.exe
2021-03-26 12:00 - 2021-03-26 21:25 - 000000000 ____D C:\Users\Lenovo\Downloads\FRST-OlderVersion
2021-03-26 11:50 - 2021-03-26 11:50 - 000001219 _____ C:\Users\Lenovo\Desktop\MWB scan 26.03.21.txt
2021-03-25 19:15 - 2021-03-26 19:17 - 000002782 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2021-03-25 19:14 - 2021-03-26 19:17 - 000002566 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray
2021-03-25 19:13 - 2021-02-09 18:03 - 000206896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2021-03-25 19:13 - 2021-02-09 18:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2021-03-25 19:13 - 2019-06-07 14:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2021-03-25 19:13 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys
2021-03-25 19:12 - 2021-03-26 19:17 - 000002854 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate
2021-03-25 19:12 - 2021-03-25 19:12 - 000000000 ____D C:\Users\Public\Speedup Sessions
2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\Users\Public\Desktop\Avira.lnk
2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\ProgramData\Desktop\Avira.lnk
2021-03-25 19:11 - 2021-03-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-03-24 09:23 - 2021-03-26 12:07 - 000048629 _____ C:\Users\Lenovo\Downloads\FRST.txt
2021-03-24 09:16 - 2021-03-24 09:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-24 09:15 - 2021-03-24 09:16 - 000002843 _____ C:\Users\Lenovo\Desktop\AdwCleaner[C00] 24.03.21.txt
2021-03-24 09:13 - 2021-03-24 09:13 - 000295488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-24 09:08 - 2021-03-24 09:12 - 000000000 ____D C:\AdwCleaner
2021-03-24 09:08 - 2021-03-24 09:08 - 008534696 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\adwcleaner_8.2.exe
2021-03-24 09:08 - 2021-03-24 09:08 - 002084016 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\MBSetup.exe
2021-03-24 08:59 - 2021-03-24 08:59 - 000001232 _____ C:\Users\Lenovo\Desktop\Scan 24.03.21.txt
2021-03-23 18:15 - 2021-03-26 12:07 - 000033210 _____ C:\Users\Lenovo\Downloads\Addition.txt
2021-03-23 18:10 - 2021-03-23 18:18 - 000057406 _____ C:\Users\Lenovo\Downloads\FRSTEnglish.txt
2021-03-23 18:09 - 2021-03-26 21:25 - 000000000 ____D C:\FRST
2021-03-23 18:00 - 2021-03-26 12:00 - 002300928 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64English.exe
2021-03-19 23:20 - 2021-03-19 23:20 - 000170357 _____ C:\Users\Lenovo\Downloads\Kuelz_Innerer_Drache.pdf
2021-03-19 23:11 - 2021-03-20 08:48 - 000000000 ____D C:\Users\Lenovo\Documents\Zwang
2021-03-19 22:42 - 2021-03-19 22:42 - 004509083 _____ C:\Users\Lenovo\Downloads\achtsamkeit-und-selbstmitgefhl-2020.pdf
2021-03-19 12:06 - 2021-03-26 19:39 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-19 12:06 - 2020-06-08 06:34 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-03-17 16:44 - 2021-03-17 16:44 - 002874314 _____ C:\Users\Lenovo\Downloads\PTV10_web.pdf
2021-03-17 11:53 - 2021-03-17 11:54 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(2).exe
2021-03-14 12:36 - 2021-03-26 20:48 - 000000000 ____D C:\Users\Lenovo\Documents\Praxisgründung
2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-13 16:41 - 2021-03-13 16:41 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-13 16:41 - 2021-03-13 16:41 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-13 16:41 - 2021-03-13 16:41 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-13 16:41 - 2021-03-13 16:41 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-13 16:41 - 2021-03-13 16:41 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-13 16:41 - 2021-03-13 16:41 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-13 16:41 - 2021-03-13 16:41 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-13 16:41 - 2021-03-13 16:41 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-13 16:41 - 2021-03-13 16:41 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-12 08:41 - 2021-03-19 11:53 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2021-03-05 20:50 - 2021-03-05 20:50 - 000244484 _____ C:\Users\Lenovo\Downloads\Bewerbungsformular_Female_Health_Incubator_2.0.pdf
2021-03-03 12:48 - 2021-03-03 12:48 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32 (1).exe
2021-03-03 12:48 - 2021-03-03 12:48 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater.lnk
2021-03-03 12:38 - 2021-03-03 12:38 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(1).exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-26 21:25 - 2021-02-18 01:13 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-26 21:23 - 2020-01-25 17:36 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-26 21:23 - 2020-01-25 17:34 - 000000000 ____D C:\Program Files\CCleaner
2021-03-26 21:22 - 2020-01-25 17:50 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2021-03-26 21:22 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-26 21:21 - 2021-02-18 01:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-26 21:21 - 2021-02-18 00:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-26 21:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-26 21:21 - 2019-11-08 19:10 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2021-03-26 21:21 - 2019-06-28 06:38 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2021-03-26 21:21 - 2019-06-28 06:37 - 000000000 ___HD C:\Intel
2021-03-26 21:20 - 2021-02-22 15:00 - 000000000 ____D C:\ProgramData\Avast Software
2021-03-26 21:20 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-26 21:18 - 2021-02-18 00:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-26 19:43 - 2021-02-18 01:03 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-26 19:43 - 2019-12-07 15:50 - 000708592 _____ C:\WINDOWS\system32\perfh007.dat
2021-03-26 19:43 - 2019-12-07 15:50 - 000142834 _____ C:\WINDOWS\system32\perfc007.dat
2021-03-26 19:43 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-26 19:38 - 2021-02-22 15:03 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Avast Software
2021-03-26 19:38 - 2021-02-22 15:00 - 000000000 ____D C:\Program Files\Avast Software
2021-03-26 19:36 - 2021-02-12 17:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-26 19:36 - 2020-11-13 21:11 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-26 19:36 - 2020-01-25 17:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-26 19:17 - 2021-02-22 15:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-03-26 19:17 - 2021-02-18 01:13 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-26 19:17 - 2021-02-18 01:13 - 000003554 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2021-03-26 19:17 - 2021-02-18 01:13 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-26 19:17 - 2021-02-18 01:13 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-26 19:17 - 2021-02-18 01:13 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001
2021-03-26 19:17 - 2021-02-18 01:13 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500
2021-03-26 19:17 - 2021-02-18 01:13 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-26 19:17 - 2021-02-18 01:13 - 000002016 _____ C:\WINDOWS\system32\Tasks\Mirkat
2021-03-26 11:51 - 2020-02-17 16:02 - 000000000 ____D C:\Users\Lenovo\Documents\PHB Therapie
2021-03-25 20:34 - 2021-02-22 15:02 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-25 20:34 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\ProgramData\Avira
2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\Program Files (x86)\Avira
2021-03-25 19:11 - 2019-06-28 06:15 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-25 19:10 - 2021-02-22 15:07 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AVAST Software
2021-03-25 18:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-24 09:16 - 2020-01-25 17:36 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-24 09:12 - 2021-02-18 01:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-24 09:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-24 08:40 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-24 08:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-24 08:36 - 2019-11-08 19:10 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2021-03-24 08:31 - 2020-08-22 14:54 - 000000000 ____D C:\Program Files\Pixum
2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\WhatsApp
2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\WhatsApp
2021-03-21 16:10 - 2020-02-28 13:26 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-19 12:07 - 2020-05-04 18:43 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-03-19 11:44 - 2020-04-21 13:54 - 000000000 ____D C:\Users\Lenovo\Documents\Partnerschaft und Sexualität
2021-03-19 10:52 - 2020-11-28 12:29 - 000000000 ____D C:\Users\Lenovo\Documents\Prüfungsanmeldung
2021-03-18 04:29 - 2020-06-10 19:40 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-16 20:00 - 2021-02-22 15:06 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-13 16:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-13 16:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-13 13:07 - 2019-11-08 13:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-13 12:28 - 2019-11-08 13:14 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-12 15:19 - 2021-02-18 01:01 - 000000000 ____D C:\Users\Lenovo
2021-03-05 20:50 - 2021-01-04 19:28 - 000000000 ____D C:\Users\Lenovo\Documents\zäpfchen
2021-03-03 12:50 - 2020-12-28 10:25 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\ICAClient
2021-03-03 12:50 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\SquirrelTemp
2021-03-03 12:50 - 2020-03-30 13:34 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Zoom
2021-03-03 12:49 - 2021-02-02 20:47 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-01 18:04 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing

==================== Files in the root of some directories ========

2019-09-04 01:40 - 2019-09-04 01:40 - 131028644 _____ () C:\Program Files\openoffice1.cab
2019-09-04 01:38 - 2019-09-04 01:38 - 002465792 _____ () C:\Program Files\openoffice417.msi
2019-09-04 01:38 - 2019-09-04 01:38 - 000479232 _____ () C:\Program Files\setup.exe
2019-09-04 01:38 - 2019-09-04 01:38 - 000000279 _____ () C:\Program Files\setup.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021
Ran by Lenovo (26-03-2021 21:29:44)
Running from C:\Users\Lenovo\Downloads\FRST-OlderVersion
Windows 10 Home Version 2004 19041.867 (X64) (2021-02-18 00:13:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4294009755-3694156625-1329034997-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4294009755-3694156625-1329034997-503 - Limited - Disabled)
Gast (S-1-5-21-4294009755-3694156625-1329034997-501 - Limited - Disabled)
Lenovo (S-1-5-21-4294009755-3694156625-1329034997-1001 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-4294009755-3694156625-1329034997-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 21.1.1187.3478 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 89.0.8688.91 - Die Avast Secure Browser-Autoren)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2103.2081 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.1.24458 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.46.16549 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Citrix Workspace 2012 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 20.12.1.42 - Citrix Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 87.0 (x64 de) (HKLM\...\Mozilla Firefox 87.0 (x64 de)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
Online Plug-in (HKLM-x32\...\{A6DDB28C-02F3-4D7F-A898-12C13EE95008}) (Version: 20.11.0.26 - Citrix Systems, Inc.) Hidden
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
RED Medical Commander (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\RED Medical Commander) (Version:  - RED Medical Systems GmbH)
Self-Service Plug-in (HKLM-x32\...\{B91E7894-1983-4BF6-A3D8-F77AD832AECC}) (Version: 20.12.1.28 - Citrix Systems, Inc.) Hidden
Zoom (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2020-02-18] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-18] (HP Inc.)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-18] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4 [2021-01-23] (LENOVO INC) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-07-06] (Realtek Semiconductor Corp)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-01-25] (VideoLAN)
Ziply Lite -> C:\Program Files\WindowsApps\1901TwentyOneTeam.ZiplyLite_1.0.12.0_x64__qfdnnpxetjjmm [2020-03-28] (Twenty One Team)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat ()
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RED Medical\RED Medical Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat ()

==================== Loaded Modules (Whitelisted) =============

2020-12-21 12:44 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-19 14:55 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> DefaultScope {65AD6144-0445-4680-964B-7CD4F71D26CB} URL =
SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> {65AD6144-0445-4680-964B-7CD4F71D26CB} URL =
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\back.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\StartupApproved\StartupFolder: => "RED Commander.lnk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0C3DFC74-818E-4DCD-95FD-7197B24F88A7}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{925F2E71-C204-4970-894F-F936712DE39A}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C912AD46-47C9-4CC8-8005-054B133B428F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06D24F51-E592-49FA-ADA9-9A718FC798AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9F6B5FE1-6CCB-44DA-8A4B-50ADB4CC571C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B7304DB-91C9-44A0-8073-4AD35D7897A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06270C6D-DAEB-4511-BC67-FF937D76A86B}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8A1EA0A5-67D4-45D9-A128-BE80E37EE119}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9B0FD35E-BD42-4F5B-941E-08DF1E83F7E7}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AA2505AA-D585-4C04-B5A9-5307768DFCFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E5627CB-48A8-4C99-9A8C-9C6351E7C23E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EC54A0A3-CAC3-4DDD-850B-F816CDE9221A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{768D8828-34A3-46B4-B3FE-25034000AD61}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DE308017-856C-4D1C-A48F-3352E8F94B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B65C134E-D513-4D20-A35D-FE6FA0C4EB3A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{793A2169-F43B-4CA8-B055-816446E43C8D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{E92DF44B-D9B6-412D-B3EA-29BDA5A73DCA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118 GB) (Free:75.57 GB) (64%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/26/2021 07:39:55 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (03/26/2021 07:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.804, Zeitstempel: 0x0e9c5eae
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x000000000002d759
ID des fehlerhaften Prozesses: 0x1504
Startzeit der fehlerhaften Anwendung: 0x01d7226f409e6fb9
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 1acefae7-8175-40c7-adea-429aeb9283e7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/26/2021 07:39:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IntelAudioService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode e06d7363, Ausnahmeadresse 00007FF94816D759
Stapel:

Error: (03/25/2021 07:15:52 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (03/25/2021 06:24:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.2.0.943, Zeitstempel: 0x5fbd5689
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.19041.844, Zeitstempel: 0x60a6ca36
Ausnahmecode: 0xc000070a
Fehleroffset: 0x0000000000111efd
ID des fehlerhaften Prozesses: 0x1bdc
Startzeit der fehlerhaften Anwendung: 0x01d7208595b733b3
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 3a9a3709-6263-4dbd-8785-9b9d48d97da6
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/19/2021 08:33:57 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (03/19/2021 08:33:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.804, Zeitstempel: 0x0e9c5eae
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x000000000002d759
ID des fehlerhaften Prozesses: 0x16d0
Startzeit der fehlerhaften Anwendung: 0x01d71c92007520a7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: e41f8578-ef28-4677-81ce-e52743e9b2db
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/19/2021 08:32:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IntelAudioService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode e06d7363, Ausnahmeadresse 00007FF8E5A6D759
Stapel:


System errors:
=============
Error: (03/26/2021 09:20:47 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "SecurityHealthService" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{EDAE4045-CAE6-4706-8973-FA69715B8C10}

Error: (03/26/2021 07:39:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/26/2021 07:38:15 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/26/2021 07:38:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3)
Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/26/2021 07:37:09 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/26/2021 07:37:09 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/26/2021 07:37:07 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3)
Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/26/2021 07:37:06 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3)
Description: Fehler "1084" in DCOM, als der Dienst "TokenBroker" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal


CodeIntegrity:
===============
Date: 2021-03-26 19:36:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO ASCN40WW 10/11/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Celeron(R) CPU 4205U @ 1.80GHz
Percentage of memory in use: 89%
Total physical RAM: 3976.24 MB
Available physical RAM: 424.96 MB
Total Virtual: 9096.24 MB
Available Virtual: 4117.49 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:118 GB) (Free:75.57 GB) NTFS

\\?\Volume{e73b3c0b-4182-433f-a907-2654b64be442}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.15 GB) NTFS
\\?\Volume{65389b22-2299-4c13-9b92-da5ecf82e810}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: B288A94A)

Partition: GPT.

==================== End of Addition.txt =======================

 

 

Link to post
Share on other sites

  • Solution

Hiya Krischka,

Thanks for those logs, continue as follows:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply....

Thank you,

Kevin.

fixlist.txt

Link to post
Share on other sites

Hi there, 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021
Ran by Lenovo (27-03-2021 11:47:26) Run:1
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
C:\Program Files\Avast Software
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2429664 2021-03-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [2874592 2021-03-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\Installer\chrmstp.exe [2021-03-16] (Avast Software s.r.o. -> AVAST Software)
C:\Program Files (x86)\AVAST Software
BootExecute: autocheck autochk * icarus_rvrt.exe 
Task: {09786038-B6D2-48CB-A949-3D07436C5011} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {1AF56165-AC7A-4EF3-8F3C-91363C904EA6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-03-26] (Avast Software s.r.o. -> Avast Software)
Task: {2523954D-0BF1-4F96-966C-E69BD1F09A50} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4665568 2021-03-03] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log"  --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid be1c32b8-1a4f-43cc-b0cf-77dc966ab339
Task: {26A04298-F1A9-4479-97B1-D60C6FE6C250} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {35EAF669-7545-4051-9B09-0A15D97BBAA4} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {3E14DD90-1FAD-4DBD-BF2A-524D77A821B2} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-15] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log"  --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid fdc48cde-b9df-4f92-be59-e193f00b0215
Task: {45033028-695F-4357-9589-45AFAC45915C} - \Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24 -> No File <==== ATTENTION
Task: {6330F872-8723-4416-9543-F02E7A4701BE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {80CD123D-AE2B-4FAB-95A4-2115743E1989} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software)
Task: {85962931-1A10-43A0-A823-A2D234DBAE44} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {A71A954D-6387-4D08-99F4-6B7B5B7EC017} - \Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0 -> No File <==== ATTENTION
Task: {C7AD19C8-4CE6-4A28-8353-9ADC15915101} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [5493472 2021-02-15] (Avast Software s.r.o. -> Avast Software)
Task: {F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6} - \Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e -> No File <==== ATTENTION
Task: {F83328DA-81D8-43B7-AC21-F325C720E22B} - \Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06 -> No File <==== ATTENTION
Task: {FD58A045-531B-4E88-AD2C-6CEC76379E1B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software) 
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\elevation_service.exe [1504864 2021-03-14] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-15] (Avast Software s.r.o. -> AVAST Software)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [5903584 2021-03-03] (Avast Software s.r.o. -> AVAST Software)
R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [49920 2018-08-03] (McAfee, Inc. -> McAfee)
C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys
U3 aswbdisk; no ImagePath 
2021-03-26 19:34 - 2021-03-26 19:34 - 012519280 _____ (AVAST Software) C:\Users\Lenovo\Downloads\avastclear.exe
2021-03-26 19:34 - 2021-03-26 19:34 - 011049936 _____ (McAfee, LLC) C:\Users\Lenovo\Downloads\MCPR.exe
2021-03-26 21:20 - 2021-02-22 15:00 - 000000000 ____D C:\ProgramData\Avast Software
2021-03-26 19:38 - 2021-02-22 15:03 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Avast Software
2021-03-26 19:38 - 2021-02-22 15:00 - 000000000 ____D C:\Program Files\Avast Software
2021-03-25 19:10 - 2021-02-22 15:07 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AVAST Software
2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
CustomCLSID: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\amd64\FileCoAuthLib64.dll => No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
FirewallRules: [{768D8828-34A3-46B4-B3FE-25034000AD61}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: dism /online /cleanup-image /restorehealth
cmd: sfc /scannow
Hosts:
C:\Windows\Temp\*.*
EmptyTemp:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => removed successfully

"C:\Program Files\Avast Software" folder move:

Could not move "C:\Program Files\Avast Software" => Scheduled to move on reboot.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TuneupUI.exe" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DriverUpdUI.exe" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698} => removed successfully
C:\Program Files (x86)\AVAST Software => moved successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09786038-B6D2-48CB-A949-3D07436C5011}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09786038-B6D2-48CB-A949-3D07436C5011}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1AF56165-AC7A-4EF3-8F3C-91363C904EA6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AF56165-AC7A-4EF3-8F3C-91363C904EA6}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2523954D-0BF1-4F96-966C-E69BD1F09A50}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2523954D-0BF1-4F96-966C-E69BD1F09A50}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Avast Driver Updater BugReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Driver Updater BugReport" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26A04298-F1A9-4479-97B1-D60C6FE6C250}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26A04298-F1A9-4479-97B1-D60C6FE6C250}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C}" => removed successfully
C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35EAF669-7545-4051-9B09-0A15D97BBAA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35EAF669-7545-4051-9B09-0A15D97BBAA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3E14DD90-1FAD-4DBD-BF2A-524D77A821B2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E14DD90-1FAD-4DBD-BF2A-524D77A821B2}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Avast Cleanup BugReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup BugReport" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45033028-695F-4357-9589-45AFAC45915C}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6330F872-8723-4416-9543-F02E7A4701BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6330F872-8723-4416-9543-F02E7A4701BE}" => removed successfully
C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Avast Cleanup Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80CD123D-AE2B-4FAB-95A4-2115743E1989}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80CD123D-AE2B-4FAB-95A4-2115743E1989}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Logon)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{85962931-1A10-43A0-A823-A2D234DBAE44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85962931-1A10-43A0-A823-A2D234DBAE44}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Emergency Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71A954D-6387-4D08-99F4-6B7B5B7EC017}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C7AD19C8-4CE6-4A28-8353-9ADC15915101}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7AD19C8-4CE6-4A28-8353-9ADC15915101}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Avast Driver Updater Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Driver Updater Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F83328DA-81D8-43B7-AC21-F325C720E22B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD58A045-531B-4E88-AD2C-6CEC76379E1B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD58A045-531B-4E88-AD2C-6CEC76379E1B}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Hourly)" => removed successfully
HKLM\System\CurrentControlSet\Services\avast => removed successfully
avast => service removed successfully
HKLM\System\CurrentControlSet\Services\avastm => removed successfully
avastm => service removed successfully
HKLM\System\CurrentControlSet\Services\AvastSecureBrowserElevationService => removed successfully
AvastSecureBrowserElevationService => service removed successfully
CleanupPSvc => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\CleanupPSvc => removed successfully
CleanupPSvc => service removed successfully
DriverUpdSvc => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\DriverUpdSvc => removed successfully
DriverUpdSvc => service removed successfully
McAfeeIntegrationDriver => Unable to stop service.
HKLM\System\CurrentControlSet\Services\McAfeeIntegrationDriver => removed successfully
McAfeeIntegrationDriver => service removed successfully
C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys => moved successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
C:\Users\Lenovo\Downloads\avastclear.exe => moved successfully
C:\Users\Lenovo\Downloads\MCPR.exe => moved successfully
C:\ProgramData\Avast Software => moved successfully
C:\Users\Lenovo\AppData\Roaming\Avast Software => moved successfully
C:\Program Files\Avast Software => moved successfully
C:\Users\Lenovo\AppData\Local\AVAST Software => moved successfully
C:\Users\Public\Desktop\Avast Secure Browser.lnk => moved successfully
"C:\ProgramData\Desktop\Avast Secure Browser.lnk" => not found
"AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF}" => removed successfully
"AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}" => removed successfully
HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{768D8828-34A3-46B4-B3FE-25034000AD61}" => removed successfully

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= End of CMD: =========


========= dism /online /cleanup-image /restorehealth =========


Tool zur Imageverwaltung fr die Bereitstellung
Version: 10.0.19041.844

Abbildversion: 10.0.19041.867

[==                         3.8%                           ] 
[==                         3.9%                           ] 
[==                         4.2%                           ] 
[==                         4.5%                           ] 
[==                         4.8%                           ] 
[==                         4.9%                           ] 
[==                         5.1%                           ] 
[===                        5.5%                           ] 
[===                        5.8%                           ] 
[===                        6.3%                           ] 
[===                        6.7%                           ] 
[====                       7.2%                           ] 
[====                       7.4%                           ] 
[====                       7.5%                           ] 
[====                       7.7%                           ] 
[====                       8.1%                           ] 
[====                       8.6%                           ] 
[=====                      8.8%                           ] 
[=====                      9.3%                           ] 
[=====                      9.9%                           ] 
[======                     10.9%                          ] 
[======                     11.8%                          ] 
[=======                    12.8%                          ] 
[=======                    13.5%                          ] 
[========                   13.9%                          ] 
[========                   14.6%                          ] 
[========                   15.3%                          ] 
[=========                  16.2%                          ] 
[=========                  17.1%                          ] 
[==========                 17.5%                          ] 
[==========                 18.0%                          ] 
[==========                 18.3%                          ] 
[==========                 18.4%                          ] 
[==========                 18.7%                          ] 
[===========                19.1%                          ] 
[===========                19.3%                          ] 
[===========                19.7%                          ] 
[===========                19.8%                          ] 
[===========                19.8%                          ] 
[===========                19.8%                          ] 
[===========                19.9%                          ] 
[===========                20.2%                          ] 
[============               20.8%                          ] 
[============               21.4%                          ] 
[============               22.1%                          ] 
[=============              22.8%                          ] 
[=============              23.5%                          ] 
[==============             24.2%                          ] 
[==============             24.2%                          ] 
[==============             24.6%                          ] 
[==============             25.2%                          ] 
[===============            26.0%                          ] 
[===============            26.4%                          ] 
[===============            27.0%                          ] 
[===============            27.1%                          ] 
[===============            27.3%                          ] 
[================           27.7%                          ] 
[================           28.5%                          ] 
[=================          29.4%                          ] 
[=================          29.5%                          ] 
[=================          29.7%                          ] 
[=================          30.6%                          ] 
[==================         31.2%                          ] 
[==================         31.5%                          ] 
[==================         31.7%                          ] 
[==================         32.2%                          ] 
[==================         32.3%                          ] 
[==================         32.7%                          ] 
[===================        33.2%                          ] 
[===================        33.7%                          ] 
[===================        34.0%                          ] 
[===================        34.2%                          ] 
[===================        34.4%                          ] 
[====================       34.6%                          ] 
[====================       34.8%                          ] 
[====================       35.0%                          ] 
[====================       35.0%                          ] 
[====================       35.1%                          ] 
[====================       35.3%                          ] 
[====================       35.4%                          ] 
[====================       35.6%                          ] 
[====================       35.8%                          ] 
[====================       35.8%                          ] 
[====================       35.9%                          ] 
[====================       36.1%                          ] 
[=====================      36.2%                          ] 
[=====================      36.5%                          ] 
[=====================      36.6%                          ] 
[=====================      36.8%                          ] 
[=====================      36.9%                          ] 
[=====================      37.1%                          ] 
[=====================      37.2%                          ] 
[=====================      37.3%                          ] 
[=====================      37.4%                          ] 
[=====================      37.4%                          ] 
[=====================      37.5%                          ] 
[=====================      37.7%                          ] 
[=====================      37.7%                          ] 
[=====================      37.7%                          ] 
[=====================      37.7%                          ] 
[=====================      37.9%                          ] 
[======================     38.0%                          ] 
[======================     38.0%                          ] 
[======================     38.3%                          ] 
[======================     38.9%                          ] 
[======================     39.1%                          ] 
[======================     39.5%                          ] 
[=======================    39.7%                          ] 
[=======================    39.8%                          ] 
[=======================    40.0%                          ] 
[=======================    40.2%                          ] 
[=======================    40.4%                          ] 
[=======================    40.7%                          ] 
[========================   41.7%                          ] 
[========================   42.5%                          ] 
[=========================  43.5%                          ] 
[=========================  44.5%                          ] 
[========================== 45.4%                          ] 
[========================== 46.2%                          ] 
[===========================46.9%                          ] 
[===========================47.8%                          ] 
[===========================48.0%                          ] 
[===========================49.0%                          ] 
[===========================49.7%                          ] 
[===========================50.6%                          ] 
[===========================51.5%                          ] 
[===========================51.6%                          ] 
[===========================52.2%                          ] 
[===========================52.2%                          ] 
[===========================52.3%                          ] 
[===========================52.3%                          ] 
[===========================52.4%                          ] 
[===========================52.4%                          ] 
[===========================52.5%                          ] 
[===========================52.5%                          ] 
[===========================52.5%                          ] 
[===========================52.6%                          ] 
[===========================52.6%                          ] 
[===========================52.6%                          ] 
[===========================52.7%                          ] 
[===========================52.7%                          ] 
[===========================52.7%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.9%                          ] 
[===========================53.0%                          ] 
[===========================53.0%                          ] 
[===========================53.0%                          ] 
[===========================53.1%                          ] 
[===========================53.1%                          ] 
[===========================53.1%                          ] 
[===========================53.2%                          ] 
[===========================53.2%                          ] 
[===========================53.3%                          ] 
[===========================53.4%                          ] 
[===========================53.4%                          ] 
[===========================53.5%                          ] 
[===========================53.5%                          ] 
[===========================53.6%                          ] 
[===========================53.6%                          ] 
[===========================53.7%                          ] 
[===========================53.7%                          ] 
[===========================53.7%                          ] 
[===========================53.7%                          ] 
[===========================53.8%                          ] 
[===========================53.9%                          ] 
[===========================53.9%                          ] 
[===========================53.9%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.1%                          ] 
[===========================54.1%                          ] 
[===========================54.1%                          ] 
[===========================54.2%                          ] 
[===========================54.2%                          ] 
[===========================54.2%                          ] 
[===========================54.2%                          ] 
[===========================54.3%                          ] 
[===========================54.4%                          ] 
[===========================54.4%                          ] 
[===========================54.5%                          ] 
[===========================54.5%                          ] 
[===========================54.6%                          ] 
[===========================54.7%                          ] 
[===========================54.8%                          ] 
[===========================54.9%                          ] 
[===========================55.0%                          ] 
[===========================55.0%                          ] 
[===========================55.1%                          ] 
[===========================55.1%                          ] 
[===========================55.2%                          ] 
[===========================55.2%                          ] 
[===========================55.2%                          ] 
[===========================55.2%                          ] 
[===========================55.4%                          ] 
[===========================55.5%                          ] 
[===========================55.5%                          ] 
[===========================55.5%                          ] 
[===========================55.7%                          ] 
[===========================56.0%                          ] 
[===========================56.0%                          ] 
[===========================56.1%                          ] 
[===========================56.2%                          ] 
[===========================56.4%                          ] 
[===========================57.1%=                         ] 
[===========================58.1%=                         ] 
[===========================59.0%==                        ] 
[===========================60.0%==                        ] 
[===========================62.3%====                      ] 
[===========================84.9%=================         ] 
[===========================92.5%=====================     ] 
[==========================100.0%==========================] 
Der Wiederherstellungsvorgang wurde erfolgreich abgeschlossen.
Der Vorgang wurde erfolgreich beendet.

========= End of CMD: =========


========= sfc /scannow =========


Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.
Überprüfung 0 % abgeschlossen. Überprüfung 1 % abgeschlossen. Überprüfung 1 % abgeschlossen. Überprüfung 2 % abgeschlossen. Überprüfung 2 % abgeschlossen. Überprüfung 3 % abgeschlossen. Überprüfung 4 % abgeschlossen. Überprüfung 4 % abgeschlossen. Überprüfung 5 % abgeschlossen. Überprüfung 5 % abgeschlossen. Überprüfung 6 % abgeschlossen. Überprüfung 7 % abgeschlossen. Überprüfung 7 % abgeschlossen. Überprüfung 8 % abgeschlossen. Überprüfung 8 % abgeschlossen. Überprüfung 9 % abgeschlossen. Überprüfung 9 % abgeschlossen. Überprüfung 10 % abgeschlossen. Überprüfung 11 % abgeschlossen. Überprüfung 11 % abgeschlossen. Überprüfung 12 % abgeschlossen. Überprüfung 12 % abgeschlossen. Überprüfung 13 % abgeschlossen. Überprüfung 14 % abgeschlossen. Überprüfung 14 % abgeschlossen. Überprüfung 15 % abgeschlossen. Überprüfung 15 % abgeschlossen. Überprüfung 16 % abgeschlossen. Überprüfung 17 % abgeschlossen. Überprüfung 17 % abgeschlossen. Überprüfung 18 % abgeschlossen. Überprüfung 18 % abgeschlossen. Überprüfung 19 % abgeschlossen. Überprüfung 19 % abgeschlossen. Überprüfung 20 % abgeschlossen. Überprüfung 21 % abgeschlossen. Überprüfung 21 % abgeschlossen. Überprüfung 22 % abgeschlossen. Überprüfung 22 % abgeschlossen. Überprüfung 23 % abgeschlossen. Überprüfung 24 % abgeschlossen. Überprüfung 24 % abgeschlossen. Überprüfung 25 % abgeschlossen. Überprüfung 25 % abgeschlossen. Überprüfung 26 % abgeschlossen. Überprüfung 26 % abgeschlossen. Überprüfung 27 % abgeschlossen. Überprüfung 28 % abgeschlossen. Überprüfung 28 % abgeschlossen. Überprüfung 29 % abgeschlossen. Überprüfung 29 % abgeschlossen. Überprüfung 30 % abgeschlossen. Überprüfung 31 % abgeschlossen. Überprüfung 31 % abgeschlossen. Überprüfung 32 % abgeschlossen. Überprüfung 32 % abgeschlossen. Überprüfung 33 % abgeschlossen. Überprüfung 34 % abgeschlossen. Überprüfung 34 % abgeschlossen. Überprüfung 35 % abgeschlossen. Überprüfung 35 % abgeschlossen. Überprüfung 36 % abgeschlossen. Überprüfung 36 % abgeschlossen. Überprüfung 37 % abgeschlossen. Überprüfung 38 % abgeschlossen. Überprüfung 38 % abgeschlossen. Überprüfung 39 % abgeschlossen. Überprüfung 39 % abgeschlossen. Überprüfung 40 % abgeschlossen. Überprüfung 41 % abgeschlossen. Überprüfung 41 % abgeschlossen. Überprüfung 42 % abgeschlossen. Überprüfung 42 % abgeschlossen. Überprüfung 43 % abgeschlossen. Überprüfung 44 % abgeschlossen. Überprüfung 44 % abgeschlossen. Überprüfung 45 % abgeschlossen. Überprüfung 45 % abgeschlossen. Überprüfung 46 % abgeschlossen. Überprüfung 46 % abgeschlossen. Überprüfung 47 % abgeschlossen. Überprüfung 48 % abgeschlossen. Überprüfung 48 % abgeschlossen. Überprüfung 49 % abgeschlossen. Überprüfung 49 % abgeschlossen. Überprüfung 50 % abgeschlossen. Überprüfung 51 % abgeschlossen. Überprüfung 51 % abgeschlossen. Überprüfung 52 % abgeschlossen. Überprüfung 52 % abgeschlossen. Überprüfung 53 % abgeschlossen. Überprüfung 53 % abgeschlossen. Überprüfung 54 % abgeschlossen. Überprüfung 55 % abgeschlossen. Überprüfung 55 % abgeschlossen. Überprüfung 56 % abgeschlossen. Überprüfung 56 % abgeschlossen. Überprüfung 57 % abgeschlossen. Überprüfung 58 % abgeschlossen. Überprüfung 58 % abgeschlossen. Überprüfung 59 % abgeschlossen. Überprüfung 59 % abgeschlossen. Überprüfung 60 % abgeschlossen. Überprüfung 61 % abgeschlossen. Überprüfung 61 % abgeschlossen. Überprüfung 62 % abgeschlossen. Überprüfung 62 % abgeschlossen. Überprüfung 63 % abgeschlossen. Überprüfung 63 % abgeschlossen. Überprüfung 64 % abgeschlossen. Überprüfung 65 % abgeschlossen. Überprüfung 65 % abgeschlossen. Überprüfung 66 % abgeschlossen. Überprüfung 66 % abgeschlossen. Überprüfung 67 % abgeschlossen. Überprüfung 68 % abgeschlossen. Überprüfung 68 % abgeschlossen. Überprüfung 69 % abgeschlossen. Überprüfung 69 % abgeschlossen. Überprüfung 70 % abgeschlossen. Überprüfung 71 % abgeschlossen. Überprüfung 71 % abgeschlossen. Überprüfung 72 % abgeschlossen. Überprüfung 72 % abgeschlossen. Überprüfung 73 % abgeschlossen. Überprüfung 73 % abgeschlossen. Überprüfung 74 % abgeschlossen. Überprüfung 75 % abgeschlossen. Überprüfung 75 % abgeschlossen. Überprüfung 76 % abgeschlossen. Überprüfung 76 % abgeschlossen. Überprüfung 77 % abgeschlossen. Überprüfung 78 % abgeschlossen. Überprüfung 78 % abgeschlossen. Überprüfung 79 % abgeschlossen. Überprüfung 79 % abgeschlossen. Überprüfung 80 % abgeschlossen. Überprüfung 80 % abgeschlossen. Überprüfung 81 % abgeschlossen. Überprüfung 82 % abgeschlossen. Überprüfung 82 % abgeschlossen. Überprüfung 83 % abgeschlossen. Überprüfung 83 % abgeschlossen. Überprüfung 84 % abgeschlossen. Überprüfung 85 % abgeschlossen. Überprüfung 85 % abgeschlossen. Überprüfung 86 % abgeschlossen. Überprüfung 86 % abgeschlossen. Überprüfung 87 % abgeschlossen. Überprüfung 88 % abgeschlossen. Überprüfung 88 % abgeschlossen. Überprüfung 89 % abgeschlossen. Überprüfung 89 % abgeschlossen. Überprüfung 90 % abgeschlossen. Überprüfung 90 % abgeschlossen. Überprüfung 91 % abgeschlossen. Überprüfung 92 % abgeschlossen. Überprüfung 92 % abgeschlossen. Überprüfung 93 % abgeschlossen. Überprüfung 93 % abgeschlossen. Überprüfung 94 % abgeschlossen. Überprüfung 95 % abgeschlossen. Überprüfung 95 % abgeschlossen. Überprüfung 96 % abgeschlossen. Überprüfung 96 % abgeschlossen. Überprüfung 97 % abgeschlossen. Überprüfung 98 % abgeschlossen. Überprüfung 98 % abgeschlossen. Überprüfung 99 % abgeschlossen. Überprüfung 99 % abgeschlossen. Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden.

========= End of CMD: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\AdobeARM_Helper.log => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\aswca4fb06870c3c5d4.tmp => moved successfully
C:\Windows\Temp\AvastBrowser_installer.log => moved successfully
C:\Windows\Temp\avira_antivirus_presetup.log => moved successfully
C:\Windows\Temp\avira_antivirus_setup.log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\InfInstallerLog._21-03-24_08-29-29-224_95e35d66-9154-4ab0-8e8f-ebddf12827bc.log => moved successfully
C:\Windows\Temp\mat-debug-14320.log => moved successfully
C:\Windows\Temp\mat-debug-15012.log => moved successfully
C:\Windows\Temp\mat-debug-16488.log => moved successfully
C:\Windows\Temp\mat-debug-17876.log => moved successfully
C:\Windows\Temp\mat-debug-17956.log => moved successfully
C:\Windows\Temp\mat-debug-18816.log => moved successfully
C:\Windows\Temp\mat-debug-18848.log => moved successfully
C:\Windows\Temp\mat-debug-23004.log => moved successfully
C:\Windows\Temp\mat-debug-8728.log => moved successfully
C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\mb_errors3176.log => moved successfully
C:\Windows\Temp\mb_errors5480.log => moved successfully
C:\Windows\Temp\mb_errors6068.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12816105 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 21023463 B
Edge => 1948093 B
Chrome => 27767802 B
Firefox => 605789126 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 492206 B
systemprofile32 => 492206 B
LocalService => 631102 B
NetworkService => 632790 B
Lenovo => 68586057 B

RecycleBin => 13439 B
EmptyTemp: => 713.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-03-2021 12:08:45)

C:\Program Files\Avast Software => Is moved successfully
C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 12:08:45 ====

 

 


---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.333, (build 1.333.1384.0)
Started On Sat Mar 27 12:13:25 2021

Engine: 1.1.17900.7
Signatures: 1.333.1384.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
        SigSeq: 0x0000055555C57273

Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Sat Mar 27 12:23:25 2021


Return code: 6 (0x6)
 

 

 

 

Link to post
Share on other sites

Hiya Krischka,

Thanks for the update, good to hear you have no more issues. Continue to finish up:

Right click on FRST here: C:\Users\Lenovo\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Condsider the following:

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.