Krischka Posted March 23, 2021 ID:1446651 Share Posted March 23, 2021 Dear Team, seems I also got the worm bagle.zip. Cannot be deletet, I get a new found every day. I found a similar thread and already downloaded the farbar recovery scan tool and would like to send you the log in a private message. thx! Link to post Share on other sites More sharing options...
kevinf80 Posted March 23, 2021 ID:1446689 Share Posted March 23, 2021 Hello Krischka and welcome to Malwarebytes, We do not do help via private messages, if you do require our help any requested logs have to be included in the replies you make to this thread... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your native tongue rename FRST to FRSTEnglish. Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
kevinf80 Posted March 26, 2021 ID:1447235 Share Posted March 26, 2021 Any progress...? Link to post Share on other sites More sharing options...
Krischka Posted March 26, 2021 Author ID:1447295 Share Posted March 26, 2021 Hi Kevin, thank so much for your help and time already. In the process of sorting out some of my programs I ditched some of the virus-scanners I had installes as I has 4 different ones....And now I dont get the warning any more/cant recall which one gave me the alert....I dont think the worm has magically disappeared though.Anyway, here we go: Malwarebytes: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/26/21 Scan Time: 8:22 AM Log File: 117f8c7c-8e04-11eb-908f-e8d0fcd765c8.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38719 License: Trial -System Information- OS: Windows 10 (Build 19041.867) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 279927 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 9 min, 13 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-03-22.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-24-2021 # Duration: 00:00:03 # OS: Windows 10 Home # Cleaned: 11 # Awaiting reboot:3 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check Deleted C:\Users\Lenovo\AppData\Roaming\QScan System-Check ***** [ Files ] ***** Deleted C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QScan System-Check.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|QScan System-Check.lnk Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|QScan System-Check Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER Needs Reboot Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER Needs Reboot Preinstalled.LenovoIMController Folder C:\Users\Lenovo\AppData\Local\LENOVO\IMCONTROLLER Needs Reboot Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ***** Reboot Required to Complete ***** ***** [ Folders ] ***** Cleaning failed C:\ProgramData\LENOVO\IMCONTROLLER Cleaning failed C:\Users\Lenovo\AppData\Local\LENOVO\IMCONTROLLER Cleaning failed C:\Windows\LENOVO\IMCONTROLLER ************************* AdwCleaner[S00].txt - [2438 octets] - [24/03/2021 09:09:58] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-03-22.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 03-24-2021 # Duration: 00:00:40 # OS: Windows 10 Home # Scanned: 31988 # Detected: 11 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.QScanSystemCheck C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check PUP.Optional.QScanSystemCheck C:\Users\Lenovo\AppData\Roaming\QScan System-Check ***** [ Files ] ***** PUP.Optional.QScanSystemCheck C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QScan System-Check.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|QScan System-Check.lnk PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Run|QScan System-Check PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Users\Lenovo\AppData\Local\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-03-2021 Ran by Lenovo (administrator) on LAPTOP-J5GA9RT3 (LENOVO 81MU) (26-03-2021 12:00:52) Running from C:\Users\Lenovo\Downloads Loaded Profiles: Lenovo Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: Deutsch (Deutschland) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <4> (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2> (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <3> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe <3> (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_7ecc5be6ca7b3b0d\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe (Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe (LENOVO INC.) C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8\LenovoVantage.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, Inc. -> McAfee) C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [116960 2021-02-22] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2429664 2021-03-15] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [2874592 2021-03-03] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2264672 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [470112 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [] => [X] HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\WINDOWS\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-18] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\Installer\chrmstp.exe [2021-03-16] (Avast Software s.r.o. -> AVAST Software) Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk [2020-10-15] ShortcutTarget: RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () [File not signed] BootExecute: autocheck autochk * icarus_rvrt.exe ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06E605F3-8402-42DC-B2F0-E4E1682B6097} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [24368 2020-12-29] (Lenovo -> Lenovo Group Ltd.) Task: {09786038-B6D2-48CB-A949-3D07436C5011} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION Task: {0DD8E74A-E0E2-404C-B6B3-15D6A27F3DAC} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {17A337D1-0EA4-4DBA-AE90-C187DDED022B} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [234200 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {1AF56165-AC7A-4EF3-8F3C-91363C904EA6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software) Task: {2523954D-0BF1-4F96-966C-E69BD1F09A50} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4665568 2021-03-03] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid be1c32b8-1a4f-43cc-b0cf-77dc966ab339 Task: {26A04298-F1A9-4479-97B1-D60C6FE6C250} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION Task: {2A9990FE-3DF7-47A4-913B-8244413F86F2} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility:// Task: {2B7B0CA2-97EB-4860-BDA8-B44C9DC588BD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform) Task: {2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) Task: {2FC3A376-28FA-44BA-9322-B04B5CE61903} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {3543225B-42C3-417E-9898-912A396847DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC) Task: {35EAF669-7545-4051-9B09-0A15D97BBAA4} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION Task: {3E14DD90-1FAD-4DBD-BF2A-524D77A821B2} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-15] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid fdc48cde-b9df-4f92-be59-e193f00b0215 Task: {45033028-695F-4357-9589-45AFAC45915C} - \Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24 -> No File <==== ATTENTION Task: {48AA9965-2795-4476-8AD9-7AEDD7087AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC) Task: {6330F872-8723-4416-9543-F02E7A4701BE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) Task: {64A52C5A-7BF3-4182-818C-8311FD58C343} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software) Task: {73F24A1A-F215-466C-9D19-C8514762C8C3} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {7E9642C7-3981-4706-9689-9D4068D469DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {80CD123D-AE2B-4FAB-95A4-2115743E1989} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software) Task: {85962931-1A10-43A0-A823-A2D234DBAE44} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4682976 2021-02-22] (Avast Software s.r.o. -> AVAST Software) Task: {8A5A17BF-D672-4219-84CE-51C26482CCA6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.) Task: {A71A954D-6387-4D08-99F4-6B7B5B7EC017} - \Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0 -> No File <==== ATTENTION Task: {A9485EF7-972E-4D84-993D-091901066CD4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {BC502FCB-F87D-4D2B-88BD-2779789937BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-24] (Mozilla Corporation -> Mozilla Foundation) Task: {C7AD19C8-4CE6-4A28-8353-9ADC15915101} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [5493472 2021-02-15] (Avast Software s.r.o. -> Avast Software) Task: {D77AFB92-DEE1-410A-905F-3E16235673FF} - System32\Tasks\Mirkat => C:\Users\Lenovo\AppData\Local\Microsoft\WindowsApps\MirkatService.exe Task: {DB3D61AC-76E4-46D8-A35E-C5B7BAAB4C42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6} - \Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e -> No File <==== ATTENTION Task: {F83328DA-81D8-43B7-AC21-F325C720E22B} - \Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06 -> No File <==== ATTENTION Task: {FD58A045-531B-4E88-AD2C-6CEC76379E1B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{656725eb-9c36-4ff8-8500-f48d29b23d01}: [DhcpNameServer] 150.205.1.2 Tcpip\..\Interfaces\{bdfe217f-aad3-4ec7-b017-fb5fbf5bf7eb}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-22] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: su0f3597.default FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\su0f3597.default [2020-01-25] FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release [2021-03-26] FF Homepage: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://falldoku.psychologische-hochschule.de/index.php FF Notifications: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://web.instahelp.me; hxxps://pressbar.eu; hxxps://room.edudip.com; hxxps://meet.google.com FF Extension: (Malwarebytes Browser Guard) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-20] FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2021-03-25] CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E211DE1451G0&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} CHR Extension: (Präsentationen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-10] CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-10] CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-08] CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-10] CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-02-08] CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-02-08] CHR Extension: (Tabellen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-10] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-02-08] CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-08] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08] CHR Extension: (Google Mail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-08] CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-08] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7878680 2021-03-18] (Avast Software s.r.o. -> AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621608 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [352480 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\elevation_service.exe [1504864 2021-03-14] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56904 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384360 2020-12-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [247232 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-15] (Avast Software s.r.o. -> AVAST Software) S4 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [44128 2020-12-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.) R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> ) R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [5903584 2021-03-03] (Avast Software s.r.o. -> AVAST Software) R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.) S4 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [29488 2020-12-29] (Lenovo -> Lenovo Group Ltd.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-19] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC) R2 mcafeeintegrationservice; C:\WINDOWS\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe [2578272 2018-08-03] (McAfee, Inc. -> McAfee) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-03-25] (Avast Software s.r.o. -> AVAST Software) S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) S3 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R3 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-18] (Avast Software s.r.o. -> AVAST Software) S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215328 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-02-22] (Avast Software s.r.o. -> AVAST Software) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [206896 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-04] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-19] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-24] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-24] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-25] (Malwarebytes Inc -> Malwarebytes) R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [49920 2018-08-03] (McAfee, Inc. -> McAfee) R1 vbdenum; C:\WINDOWS\System32\drivers\vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation) U3 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-26 12:00 - 2021-03-26 12:00 - 000000000 ____D C:\Users\Lenovo\Downloads\FRST-OlderVersion 2021-03-26 11:50 - 2021-03-26 11:50 - 000001219 _____ C:\Users\Lenovo\Desktop\MWB scan 26.03.21.txt 2021-03-25 20:35 - 2021-03-25 20:35 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2021-03-25 20:35 - 2021-03-25 20:35 - 000002087 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2021-03-25 20:35 - 2021-03-25 20:35 - 000002087 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk 2021-03-25 20:34 - 2021-03-25 20:34 - 000035648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2021-03-25 20:34 - 2021-02-22 15:01 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2021-03-25 19:15 - 2021-03-25 19:15 - 000003710 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2021-03-25 19:14 - 2021-03-25 19:14 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray 2021-03-25 19:13 - 2021-02-09 18:03 - 000206896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2021-03-25 19:13 - 2021-02-09 18:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2021-03-25 19:13 - 2019-06-07 14:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys 2021-03-25 19:12 - 2021-03-25 19:12 - 000003782 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate 2021-03-25 19:12 - 2021-03-25 19:12 - 000000000 ____D C:\Users\Public\Speedup Sessions 2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\Users\Public\Desktop\Avira.lnk 2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\ProgramData\Desktop\Avira.lnk 2021-03-25 19:11 - 2021-03-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2021-03-24 09:23 - 2021-03-26 12:02 - 000032473 _____ C:\Users\Lenovo\Downloads\FRST.txt 2021-03-24 09:16 - 2021-03-24 09:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-24 09:15 - 2021-03-24 09:16 - 000002843 _____ C:\Users\Lenovo\Desktop\AdwCleaner[C00] 24.03.21.txt 2021-03-24 09:14 - 2021-03-24 09:14 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-03-24 09:13 - 2021-03-25 18:25 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-03-24 09:13 - 2021-03-24 09:13 - 000295488 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-03-24 09:13 - 2021-03-24 09:13 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-03-24 09:08 - 2021-03-24 09:12 - 000000000 ____D C:\AdwCleaner 2021-03-24 09:08 - 2021-03-24 09:08 - 008534696 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\adwcleaner_8.2.exe 2021-03-24 09:08 - 2021-03-24 09:08 - 002084016 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\MBSetup.exe 2021-03-24 08:59 - 2021-03-24 08:59 - 000001232 _____ C:\Users\Lenovo\Desktop\Scan 24.03.21.txt 2021-03-24 08:37 - 2021-03-24 09:13 - 000000000 ____D C:\ProgramData\McInstTemp0191041616571459 2021-03-23 18:15 - 2021-03-24 09:29 - 000030305 _____ C:\Users\Lenovo\Downloads\Addition.txt 2021-03-23 18:10 - 2021-03-23 18:18 - 000057406 _____ C:\Users\Lenovo\Downloads\FRSTEnglish.txt 2021-03-23 18:09 - 2021-03-26 12:01 - 000000000 ____D C:\FRST 2021-03-23 18:00 - 2021-03-26 12:00 - 002300928 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64English.exe 2021-03-19 23:20 - 2021-03-19 23:20 - 000170357 _____ C:\Users\Lenovo\Downloads\Kuelz_Innerer_Drache.pdf 2021-03-19 23:11 - 2021-03-20 08:48 - 000000000 ____D C:\Users\Lenovo\Documents\Zwang 2021-03-19 22:42 - 2021-03-19 22:42 - 004509083 _____ C:\Users\Lenovo\Downloads\achtsamkeit-und-selbstmitgefhl-2020.pdf 2021-03-19 12:08 - 2021-03-25 18:25 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\IGDump 2021-03-19 12:06 - 2021-03-19 12:06 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-03-19 12:06 - 2020-06-08 06:34 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-03-17 16:44 - 2021-03-17 16:44 - 002874314 _____ C:\Users\Lenovo\Downloads\PTV10_web.pdf 2021-03-17 11:53 - 2021-03-17 11:54 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(2).exe 2021-03-14 12:36 - 2021-03-22 20:50 - 000000000 ____D C:\Users\Lenovo\Documents\Praxisgründung 2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-13 16:41 - 2021-03-13 16:41 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-13 16:41 - 2021-03-13 16:41 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-13 16:41 - 2021-03-13 16:41 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-13 16:41 - 2021-03-13 16:41 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-13 16:41 - 2021-03-13 16:41 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-03-13 16:41 - 2021-03-13 16:41 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-03-13 16:41 - 2021-03-13 16:41 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-13 16:41 - 2021-03-13 16:41 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-03-13 16:41 - 2021-03-13 16:41 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-03-12 08:41 - 2021-03-19 11:53 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps 2021-03-05 20:50 - 2021-03-05 20:50 - 000244484 _____ C:\Users\Lenovo\Downloads\Bewerbungsformular_Female_Health_Incubator_2.0.pdf 2021-03-03 12:48 - 2021-03-03 12:48 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32 (1).exe 2021-03-03 12:48 - 2021-03-03 12:48 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater.lnk 2021-03-03 12:38 - 2021-03-03 12:38 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(1).exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-26 11:59 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-26 11:51 - 2020-02-17 16:02 - 000000000 ____D C:\Users\Lenovo\Documents\PHB Therapie 2021-03-26 11:20 - 2021-02-18 00:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-26 08:30 - 2020-01-25 17:36 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-26 08:29 - 2020-01-25 17:50 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla 2021-03-26 08:21 - 2020-01-25 17:34 - 000000000 ____D C:\Program Files\CCleaner 2021-03-26 00:56 - 2021-02-22 15:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-03-26 00:56 - 2021-02-18 01:13 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-03-26 00:56 - 2021-02-18 01:13 - 000003554 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup 2021-03-26 00:56 - 2021-02-18 01:13 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-03-26 00:56 - 2021-02-18 01:13 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001 2021-03-26 00:56 - 2021-02-18 01:13 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500 2021-03-26 00:56 - 2021-02-18 01:13 - 000002016 _____ C:\WINDOWS\system32\Tasks\Mirkat 2021-03-25 20:34 - 2021-02-22 15:02 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-03-25 20:34 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\ProgramData\Avira 2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\Program Files (x86)\Avira 2021-03-25 19:11 - 2019-06-28 06:15 - 000000000 ____D C:\ProgramData\Package Cache 2021-03-25 19:10 - 2021-02-22 15:07 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AVAST Software 2021-03-25 18:25 - 2021-02-18 01:13 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-25 18:25 - 2021-02-18 01:13 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-03-25 18:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-03-24 10:55 - 2021-02-18 01:13 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-03-24 09:24 - 2021-02-22 15:00 - 000000000 ____D C:\ProgramData\Avast Software 2021-03-24 09:21 - 2021-02-18 01:03 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-24 09:21 - 2019-12-07 15:50 - 000708592 _____ C:\WINDOWS\system32\perfh007.dat 2021-03-24 09:21 - 2019-12-07 15:50 - 000142834 _____ C:\WINDOWS\system32\perfc007.dat 2021-03-24 09:21 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-03-24 09:16 - 2021-02-12 17:47 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-03-24 09:16 - 2020-01-25 17:36 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-24 09:16 - 2020-01-25 17:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-24 09:13 - 2021-02-18 01:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-24 09:13 - 2021-02-18 00:59 - 000008192 ___SH C:\DumpStack.log.tmp 2021-03-24 09:13 - 2020-01-25 17:33 - 000000000 ____D C:\Program Files\McAfee 2021-03-24 09:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-03-24 09:13 - 2019-11-08 19:10 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles 2021-03-24 09:13 - 2019-06-28 06:41 - 000000000 ____D C:\ProgramData\McAfee 2021-03-24 09:13 - 2019-06-28 06:38 - 000000134 _____ C:\WINDOWS\system32\regtest.txt 2021-03-24 09:13 - 2019-06-28 06:37 - 000000000 ___HD C:\Intel 2021-03-24 09:12 - 2021-02-18 01:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo 2021-03-24 09:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-24 09:12 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-03-24 08:40 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-03-24 08:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-24 08:36 - 2019-11-08 19:10 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages 2021-03-24 08:31 - 2020-08-22 14:54 - 000000000 ____D C:\Program Files\Pixum 2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\WhatsApp 2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\WhatsApp 2021-03-21 16:10 - 2020-02-28 13:26 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-03-19 12:07 - 2020-11-13 21:11 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-03-19 12:07 - 2020-05-04 18:43 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-03-19 11:44 - 2020-04-21 13:54 - 000000000 ____D C:\Users\Lenovo\Documents\Partnerschaft und Sexualität 2021-03-19 10:52 - 2020-11-28 12:29 - 000000000 ____D C:\Users\Lenovo\Documents\Prüfungsanmeldung 2021-03-18 19:02 - 2021-02-22 15:01 - 000465160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2021-03-18 04:29 - 2020-06-10 19:40 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-03-16 20:00 - 2021-02-22 15:06 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-03-13 16:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-13 16:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-13 13:07 - 2019-11-08 13:14 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-13 12:28 - 2019-11-08 13:14 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-12 15:19 - 2021-02-18 01:01 - 000000000 ____D C:\Users\Lenovo 2021-03-05 20:50 - 2021-01-04 19:28 - 000000000 ____D C:\Users\Lenovo\Documents\zäpfchen 2021-03-03 12:50 - 2020-12-28 10:25 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\ICAClient 2021-03-03 12:50 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\SquirrelTemp 2021-03-03 12:50 - 2020-03-30 13:34 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Zoom 2021-03-03 12:49 - 2021-02-22 15:03 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Avast Software 2021-03-03 12:49 - 2021-02-02 20:47 - 000000000 ___DC C:\WINDOWS\Panther 2021-03-03 12:48 - 2021-02-22 15:00 - 000000000 ____D C:\Program Files\Avast Software 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-03-01 18:04 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing ==================== Files in the root of some directories ======== 2019-09-04 01:40 - 2019-09-04 01:40 - 131028644 _____ () C:\Program Files\openoffice1.cab 2019-09-04 01:38 - 2019-09-04 01:38 - 002465792 _____ () C:\Program Files\openoffice417.msi 2019-09-04 01:38 - 2019-09-04 01:38 - 000479232 _____ () C:\Program Files\setup.exe 2019-09-04 01:38 - 2019-09-04 01:38 - 000000279 _____ () C:\Program Files\setup.ini ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021 Ran by Lenovo (26-03-2021 12:05:20) Running from C:\Users\Lenovo\Downloads Windows 10 Home Version 2004 19041.867 (X64) (2021-02-18 00:13:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4294009755-3694156625-1329034997-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4294009755-3694156625-1329034997-503 - Limited - Disabled) Gast (S-1-5-21-4294009755-3694156625-1329034997-501 - Limited - Disabled) Lenovo (S-1-5-21-4294009755-3694156625-1329034997-1001 - Administrator - Enabled) => C:\Users\Lenovo WDAGUtilityAccount (S-1-5-21-4294009755-3694156625-1329034997-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated) Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software) Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 21.1.1187.3478 - Avast Software) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 89.0.8688.91 - Die Avast Secure Browser-Autoren) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2103.2081 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.1.24458 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.46.16549 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;) Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform) Citrix Workspace 2012 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 20.12.1.42 - Citrix Systems, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Mozilla Firefox 87.0 (x64 de) (HKLM\...\Mozilla Firefox 87.0 (x64 de)) (Version: 87.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla) Online Plug-in (HKLM-x32\...\{A6DDB28C-02F3-4D7F-A898-12C13EE95008}) (Version: 20.11.0.26 - Citrix Systems, Inc.) Hidden OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation) RED Medical Commander (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\RED Medical Commander) (Version: - RED Medical Systems GmbH) Self-Service Plug-in (HKLM-x32\...\{B91E7894-1983-4BF6-A3D8-F77AD832AECC}) (Version: 20.12.1.28 - Citrix Systems, Inc.) Hidden WebAdvisor von McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.200 - McAfee, LLC) Zoom (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.) Packages: ========= Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2020-02-18] (Dolby Laboratories) Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-18] (HP Inc.) Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-18] (INTEL CORP) [Startup Task] Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.) LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4 [2021-01-23] (LENOVO INC) [Startup Task] Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation) Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad] Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Studios) [MS Ad] Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-07-06] (Realtek Semiconductor Corp) VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-01-25] (VideoLAN) Ziply Lite -> C:\Program Files\WindowsApps\1901TwentyOneTeam.ZiplyLite_1.0.12.0_x64__qfdnnpxetjjmm [2020-03-28] (Twenty One Team) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\amd64\FileCoAuthLib64.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RED Medical\RED Medical Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () ==================== Loaded Modules (Whitelisted) ============= 2021-01-23 06:19 - 2021-01-23 06:20 - 000184832 _____ (Fortemedia) [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8\FMAPOCTL.dll 2021-01-23 06:19 - 2021-01-23 06:21 - 027074560 _____ (Lenovo Group Ltd.) [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8\LenovoVantage.dll 2020-12-21 12:44 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll 2020-02-04 23:21 - 2020-02-04 23:21 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll 2020-02-04 23:21 - 2020-02-04 23:21 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll 2020-02-04 23:21 - 2020-02-04 23:21 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll 2020-02-04 23:21 - 2020-02-04 23:21 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll 2020-02-04 23:21 - 2020-02-04 23:21 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll 2020-06-19 14:55 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> DefaultScope {65AD6144-0445-4680-964B-7CD4F71D26CB} URL = SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> {65AD6144-0445-4680-964B-7CD4F71D26CB} URL = BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\back.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "Redirector" HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\StartupApproved\StartupFolder: => "RED Commander.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{0C3DFC74-818E-4DCD-95FD-7197B24F88A7}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{925F2E71-C204-4970-894F-F936712DE39A}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C912AD46-47C9-4CC8-8005-054B133B428F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{06D24F51-E592-49FA-ADA9-9A718FC798AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9F6B5FE1-6CCB-44DA-8A4B-50ADB4CC571C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7B7304DB-91C9-44A0-8073-4AD35D7897A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{06270C6D-DAEB-4511-BC67-FF937D76A86B}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{8A1EA0A5-67D4-45D9-A128-BE80E37EE119}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{9B0FD35E-BD42-4F5B-941E-08DF1E83F7E7}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{AA2505AA-D585-4C04-B5A9-5307768DFCFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1E5627CB-48A8-4C99-9A8C-9C6351E7C23E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{EC54A0A3-CAC3-4DDD-850B-F816CDE9221A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{768D8828-34A3-46B4-B3FE-25034000AD61}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{DE308017-856C-4D1C-A48F-3352E8F94B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{B65C134E-D513-4D20-A35D-FE6FA0C4EB3A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{793A2169-F43B-4CA8-B055-816446E43C8D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{E92DF44B-D9B6-412D-B3EA-29BDA5A73DCA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:118 GB) (Free:73.53 GB) (62%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/25/2021 07:15:52 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (03/25/2021 06:24:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.2.0.943, Zeitstempel: 0x5fbd5689 Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.19041.844, Zeitstempel: 0x60a6ca36 Ausnahmecode: 0xc000070a Fehleroffset: 0x0000000000111efd ID des fehlerhaften Prozesses: 0x1bdc Startzeit der fehlerhaften Anwendung: 0x01d7208595b733b3 Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 3a9a3709-6263-4dbd-8785-9b9d48d97da6 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (03/19/2021 08:33:57 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (03/19/2021 08:33:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.804, Zeitstempel: 0x0e9c5eae Ausnahmecode: 0xe06d7363 Fehleroffset: 0x000000000002d759 ID des fehlerhaften Prozesses: 0x16d0 Startzeit der fehlerhaften Anwendung: 0x01d71c92007520a7 Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll Berichtskennung: e41f8578-ef28-4677-81ce-e52743e9b2db Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (03/19/2021 08:32:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IntelAudioService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode e06d7363, Ausnahmeadresse 00007FF8E5A6D759 Stapel: Error: (03/17/2021 11:12:43 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (03/17/2021 11:11:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d Name des fehlerhaften Moduls: ControlModule.dll, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2de9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000006100e ID des fehlerhaften Prozesses: 0x1668 Startzeit der fehlerhaften Anwendung: 0x01d71b15d6ad03ca Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\ControlModule.dll Berichtskennung: e3e43eda-6c21-4c4d-96cf-f1dcd31eebce Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (03/17/2021 11:11:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IntelAudioService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 00007FFEC75D100E Stapel: System errors: ============= Error: (03/26/2021 08:20:41 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3) Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/25/2021 06:29:28 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3) Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/25/2021 06:25:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/25/2021 06:24:13 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT) Description: Für den Miniport "Qualcomm Atheros QCA9377 Wireless Network Adapter, {bdfe217f-aad3-4ec7-b017-fb5fbf5bf7eb}" ist das Ereignis "71" aufgetreten. Error: (03/25/2021 06:24:13 PM) (Source: Qcamain10x64) (EventID: 5002) (User: ) Description: Qualcomm Atheros QCA9377 Wireless Network Adapter : Fehlfunktion des Netzwerkadapters wurde ermittelt. Error: (03/25/2021 06:24:07 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3) Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/24/2021 11:23:42 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J5GA9RT3) Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/24/2021 09:22:37 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{E60687F7-01A1-40AA-86AC-DB1CBF673334}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. CodeIntegrity: =============== Date: 2021-03-25 18:25:14 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-03-25 18:24:36 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: LENOVO ASCN40WW 10/11/2019 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Celeron(R) CPU 4205U @ 1.80GHz Percentage of memory in use: 89% Total physical RAM: 3976.24 MB Available physical RAM: 407.76 MB Total Virtual: 9096.24 MB Available Virtual: 2535.23 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:118 GB) (Free:73.53 GB) NTFS \\?\Volume{e73b3c0b-4182-433f-a907-2654b64be442}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.15 GB) NTFS \\?\Volume{65389b22-2299-4c13-9b92-da5ecf82e810}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: B288A94A) Partition: GPT. ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
kevinf80 Posted March 26, 2021 ID:1447302 Share Posted March 26, 2021 Hiya Krischka, Thanks for those logs, your securiity still needs to be sorted out before we can progress. Avira and Kalwarebytes are enabled and active, thats ok. Avast and McAfee are not active and need to be uninstalled... For Avast removal go here - https://www.avast.com/uninstall-utility use their tool to remove Avast.. For McAfee removal go here - http://mcafee-removal-tool.com/ use their tool to remove McAfee. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Thank you, Kevin.... Link to post Share on other sites More sharing options...
Krischka Posted March 26, 2021 Author ID:1447320 Share Posted March 26, 2021 Did unistall as described and rerun - I think they are still in that list though? Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-03-2021 Ran by Lenovo (administrator) on LAPTOP-J5GA9RT3 (LENOVO 81MU) (26-03-2021 21:25:04) Running from C:\Users\Lenovo\Downloads\FRST-OlderVersion Loaded Profiles: Lenovo Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: Deutsch (Deutschland) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <3> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe <3> (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_7ecc5be6ca7b3b0d\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe (Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_48d2cae4a577c591\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, Inc. -> McAfee) C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2429664 2021-03-15] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [2874592 2021-03-03] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2264672 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [470112 2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [] => [X] HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\WINDOWS\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-18] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\Installer\chrmstp.exe [2021-03-16] (Avast Software s.r.o. -> AVAST Software) Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk [2020-10-15] ShortcutTarget: RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () [File not signed] BootExecute: autocheck autochk * icarus_rvrt.exe ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06E605F3-8402-42DC-B2F0-E4E1682B6097} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [24368 2020-12-29] (Lenovo -> Lenovo Group Ltd.) Task: {09786038-B6D2-48CB-A949-3D07436C5011} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION Task: {0DD8E74A-E0E2-404C-B6B3-15D6A27F3DAC} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {17A337D1-0EA4-4DBA-AE90-C187DDED022B} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [234200 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {1AF56165-AC7A-4EF3-8F3C-91363C904EA6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-03-26] (Avast Software s.r.o. -> Avast Software) Task: {2523954D-0BF1-4F96-966C-E69BD1F09A50} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4665568 2021-03-03] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid be1c32b8-1a4f-43cc-b0cf-77dc966ab339 Task: {26A04298-F1A9-4479-97B1-D60C6FE6C250} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION Task: {2A9990FE-3DF7-47A4-913B-8244413F86F2} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility:// Task: {2B7B0CA2-97EB-4860-BDA8-B44C9DC588BD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform) Task: {2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) Task: {2FC3A376-28FA-44BA-9322-B04B5CE61903} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {3543225B-42C3-417E-9898-912A396847DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC) Task: {35EAF669-7545-4051-9B09-0A15D97BBAA4} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION Task: {3E14DD90-1FAD-4DBD-BF2A-524D77A821B2} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-15] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid fdc48cde-b9df-4f92-be59-e193f00b0215 Task: {45033028-695F-4357-9589-45AFAC45915C} - \Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24 -> No File <==== ATTENTION Task: {48AA9965-2795-4476-8AD9-7AEDD7087AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-10] (Google LLC -> Google LLC) Task: {6330F872-8723-4416-9543-F02E7A4701BE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) Task: {64A52C5A-7BF3-4182-818C-8311FD58C343} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software) Task: {73F24A1A-F215-466C-9D19-C8514762C8C3} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {7E9642C7-3981-4706-9689-9D4068D469DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {80CD123D-AE2B-4FAB-95A4-2115743E1989} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software) Task: {85962931-1A10-43A0-A823-A2D234DBAE44} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe Task: {8A5A17BF-D672-4219-84CE-51C26482CCA6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.) Task: {A71A954D-6387-4D08-99F4-6B7B5B7EC017} - \Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0 -> No File <==== ATTENTION Task: {A9485EF7-972E-4D84-993D-091901066CD4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {BC502FCB-F87D-4D2B-88BD-2779789937BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-24] (Mozilla Corporation -> Mozilla Foundation) Task: {C7AD19C8-4CE6-4A28-8353-9ADC15915101} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [5493472 2021-02-15] (Avast Software s.r.o. -> Avast Software) Task: {D77AFB92-DEE1-410A-905F-3E16235673FF} - System32\Tasks\Mirkat => C:\Users\Lenovo\AppData\Local\Microsoft\WindowsApps\MirkatService.exe Task: {DB3D61AC-76E4-46D8-A35E-C5B7BAAB4C42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6} - \Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e -> No File <==== ATTENTION Task: {F83328DA-81D8-43B7-AC21-F325C720E22B} - \Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06 -> No File <==== ATTENTION Task: {FD58A045-531B-4E88-AD2C-6CEC76379E1B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{656725eb-9c36-4ff8-8500-f48d29b23d01}: [DhcpNameServer] 150.205.1.2 Tcpip\..\Interfaces\{bdfe217f-aad3-4ec7-b017-fb5fbf5bf7eb}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-22] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: su0f3597.default FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\su0f3597.default [2020-01-25] FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release [2021-03-26] FF Homepage: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://falldoku.psychologische-hochschule.de/index.php FF Notifications: Mozilla\Firefox\Profiles\ksm4rkn8.default-release -> hxxps://web.instahelp.me; hxxps://pressbar.eu; hxxps://room.edudip.com; hxxps://meet.google.com FF Extension: (Malwarebytes Browser Guard) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ksm4rkn8.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-20] FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-22] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2021-03-26] CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E211DE1451G0&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} CHR Extension: (Präsentationen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-10] CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-10] CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-08] CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-10] CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-02-08] CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-02-08] CHR Extension: (Tabellen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-10] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-02-08] CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-08] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08] CHR Extension: (Google Mail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-08] CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-08] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\elevation_service.exe [1504864 2021-03-14] (Avast Software s.r.o. -> AVAST Software) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384360 2020-12-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [247232 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-15] (Avast Software s.r.o. -> AVAST Software) S4 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [44128 2020-12-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.) R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> ) R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [5903584 2021-03-03] (Avast Software s.r.o. -> AVAST Software) R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.) S4 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [29488 2020-12-29] (Lenovo -> Lenovo Group Ltd.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-19] (Malwarebytes Inc -> Malwarebytes) R2 mcafeeintegrationservice; C:\WINDOWS\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe [2578272 2018-08-03] (McAfee, Inc. -> McAfee) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [206896 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-04] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-26] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-26] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-26] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-26] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-26] (Malwarebytes Inc -> Malwarebytes) R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [49920 2018-08-03] (McAfee, Inc. -> McAfee) R1 vbdenum; C:\WINDOWS\System32\drivers\vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation) U3 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-26 21:22 - 2021-03-26 21:22 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-03-26 21:22 - 2021-03-26 21:22 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\IGDump 2021-03-26 21:21 - 2021-03-26 21:21 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-03-26 21:21 - 2021-03-26 21:21 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-03-26 19:36 - 2021-03-26 19:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-03-26 19:34 - 2021-03-26 19:34 - 012519280 _____ (AVAST Software) C:\Users\Lenovo\Downloads\avastclear.exe 2021-03-26 19:34 - 2021-03-26 19:34 - 011049936 _____ (McAfee, LLC) C:\Users\Lenovo\Downloads\MCPR.exe 2021-03-26 12:00 - 2021-03-26 21:25 - 000000000 ____D C:\Users\Lenovo\Downloads\FRST-OlderVersion 2021-03-26 11:50 - 2021-03-26 11:50 - 000001219 _____ C:\Users\Lenovo\Desktop\MWB scan 26.03.21.txt 2021-03-25 19:15 - 2021-03-26 19:17 - 000002782 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2021-03-25 19:14 - 2021-03-26 19:17 - 000002566 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray 2021-03-25 19:13 - 2021-02-09 18:03 - 000206896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2021-03-25 19:13 - 2021-02-09 18:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2021-03-25 19:13 - 2019-06-07 14:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2021-03-25 19:13 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys 2021-03-25 19:12 - 2021-03-26 19:17 - 000002854 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate 2021-03-25 19:12 - 2021-03-25 19:12 - 000000000 ____D C:\Users\Public\Speedup Sessions 2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\Users\Public\Desktop\Avira.lnk 2021-03-25 19:11 - 2021-03-25 19:15 - 000001323 _____ C:\ProgramData\Desktop\Avira.lnk 2021-03-25 19:11 - 2021-03-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2021-03-24 09:23 - 2021-03-26 12:07 - 000048629 _____ C:\Users\Lenovo\Downloads\FRST.txt 2021-03-24 09:16 - 2021-03-24 09:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-24 09:15 - 2021-03-24 09:16 - 000002843 _____ C:\Users\Lenovo\Desktop\AdwCleaner[C00] 24.03.21.txt 2021-03-24 09:13 - 2021-03-24 09:13 - 000295488 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-03-24 09:08 - 2021-03-24 09:12 - 000000000 ____D C:\AdwCleaner 2021-03-24 09:08 - 2021-03-24 09:08 - 008534696 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\adwcleaner_8.2.exe 2021-03-24 09:08 - 2021-03-24 09:08 - 002084016 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\MBSetup.exe 2021-03-24 08:59 - 2021-03-24 08:59 - 000001232 _____ C:\Users\Lenovo\Desktop\Scan 24.03.21.txt 2021-03-23 18:15 - 2021-03-26 12:07 - 000033210 _____ C:\Users\Lenovo\Downloads\Addition.txt 2021-03-23 18:10 - 2021-03-23 18:18 - 000057406 _____ C:\Users\Lenovo\Downloads\FRSTEnglish.txt 2021-03-23 18:09 - 2021-03-26 21:25 - 000000000 ____D C:\FRST 2021-03-23 18:00 - 2021-03-26 12:00 - 002300928 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64English.exe 2021-03-19 23:20 - 2021-03-19 23:20 - 000170357 _____ C:\Users\Lenovo\Downloads\Kuelz_Innerer_Drache.pdf 2021-03-19 23:11 - 2021-03-20 08:48 - 000000000 ____D C:\Users\Lenovo\Documents\Zwang 2021-03-19 22:42 - 2021-03-19 22:42 - 004509083 _____ C:\Users\Lenovo\Downloads\achtsamkeit-und-selbstmitgefhl-2020.pdf 2021-03-19 12:06 - 2021-03-26 19:39 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-03-19 12:06 - 2020-06-08 06:34 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-03-17 16:44 - 2021-03-17 16:44 - 002874314 _____ C:\Users\Lenovo\Downloads\PTV10_web.pdf 2021-03-17 11:53 - 2021-03-17 11:54 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(2).exe 2021-03-14 12:36 - 2021-03-26 20:48 - 000000000 ____D C:\Users\Lenovo\Documents\Praxisgründung 2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-13 16:42 - 2021-03-13 16:42 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-13 16:41 - 2021-03-13 16:41 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-13 16:41 - 2021-03-13 16:41 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-13 16:41 - 2021-03-13 16:41 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-13 16:41 - 2021-03-13 16:41 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-13 16:41 - 2021-03-13 16:41 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-03-13 16:41 - 2021-03-13 16:41 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-03-13 16:41 - 2021-03-13 16:41 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-13 16:41 - 2021-03-13 16:41 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-03-13 16:41 - 2021-03-13 16:41 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-03-12 08:41 - 2021-03-19 11:53 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps 2021-03-05 20:50 - 2021-03-05 20:50 - 000244484 _____ C:\Users\Lenovo\Downloads\Bewerbungsformular_Female_Health_Incubator_2.0.pdf 2021-03-03 12:48 - 2021-03-03 12:48 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32 (1).exe 2021-03-03 12:48 - 2021-03-03 12:48 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater.lnk 2021-03-03 12:38 - 2021-03-03 12:38 - 069526480 _____ (RED Medical GmbH) C:\Users\Lenovo\Downloads\RED_Commander-4.0.0-x86-32(1).exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-26 21:25 - 2021-02-18 01:13 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-03-26 21:23 - 2020-01-25 17:36 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-26 21:23 - 2020-01-25 17:34 - 000000000 ____D C:\Program Files\CCleaner 2021-03-26 21:22 - 2020-01-25 17:50 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla 2021-03-26 21:22 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-26 21:21 - 2021-02-18 01:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-26 21:21 - 2021-02-18 00:59 - 000008192 ___SH C:\DumpStack.log.tmp 2021-03-26 21:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-03-26 21:21 - 2019-11-08 19:10 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles 2021-03-26 21:21 - 2019-06-28 06:38 - 000000134 _____ C:\WINDOWS\system32\regtest.txt 2021-03-26 21:21 - 2019-06-28 06:37 - 000000000 ___HD C:\Intel 2021-03-26 21:20 - 2021-02-22 15:00 - 000000000 ____D C:\ProgramData\Avast Software 2021-03-26 21:20 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-03-26 21:18 - 2021-02-18 00:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-26 19:43 - 2021-02-18 01:03 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-26 19:43 - 2019-12-07 15:50 - 000708592 _____ C:\WINDOWS\system32\perfh007.dat 2021-03-26 19:43 - 2019-12-07 15:50 - 000142834 _____ C:\WINDOWS\system32\perfc007.dat 2021-03-26 19:43 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-03-26 19:38 - 2021-02-22 15:03 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Avast Software 2021-03-26 19:38 - 2021-02-22 15:00 - 000000000 ____D C:\Program Files\Avast Software 2021-03-26 19:36 - 2021-02-12 17:47 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-03-26 19:36 - 2020-11-13 21:11 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-03-26 19:36 - 2020-01-25 17:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-26 19:17 - 2021-02-22 15:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-03-26 19:17 - 2021-02-18 01:13 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-03-26 19:17 - 2021-02-18 01:13 - 000003554 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup 2021-03-26 19:17 - 2021-02-18 01:13 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-03-26 19:17 - 2021-02-18 01:13 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-26 19:17 - 2021-02-18 01:13 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-1001 2021-03-26 19:17 - 2021-02-18 01:13 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4294009755-3694156625-1329034997-500 2021-03-26 19:17 - 2021-02-18 01:13 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-03-26 19:17 - 2021-02-18 01:13 - 000002016 _____ C:\WINDOWS\system32\Tasks\Mirkat 2021-03-26 11:51 - 2020-02-17 16:02 - 000000000 ____D C:\Users\Lenovo\Documents\PHB Therapie 2021-03-25 20:34 - 2021-02-22 15:02 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-03-25 20:34 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\ProgramData\Avira 2021-03-25 19:15 - 2020-05-04 16:14 - 000000000 ____D C:\Program Files (x86)\Avira 2021-03-25 19:11 - 2019-06-28 06:15 - 000000000 ____D C:\ProgramData\Package Cache 2021-03-25 19:10 - 2021-02-22 15:07 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AVAST Software 2021-03-25 18:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-03-24 09:16 - 2020-01-25 17:36 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-24 09:12 - 2021-02-18 01:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo 2021-03-24 09:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-24 08:40 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-03-24 08:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-24 08:36 - 2019-11-08 19:10 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages 2021-03-24 08:31 - 2020-08-22 14:54 - 000000000 ____D C:\Program Files\Pixum 2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\WhatsApp 2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2021-03-24 08:29 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\WhatsApp 2021-03-21 16:10 - 2020-02-28 13:26 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-03-19 12:07 - 2020-05-04 18:43 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-03-19 12:07 - 2020-05-04 18:43 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-03-19 11:44 - 2020-04-21 13:54 - 000000000 ____D C:\Users\Lenovo\Documents\Partnerschaft und Sexualität 2021-03-19 10:52 - 2020-11-28 12:29 - 000000000 ____D C:\Users\Lenovo\Documents\Prüfungsanmeldung 2021-03-18 04:29 - 2020-06-10 19:40 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-03-18 04:29 - 2020-06-10 19:40 - 000002263 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-03-16 20:00 - 2021-02-22 15:06 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-03-13 16:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-03-13 16:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-13 16:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-13 13:07 - 2019-11-08 13:14 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-13 12:28 - 2019-11-08 13:14 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-12 15:19 - 2021-02-18 01:01 - 000000000 ____D C:\Users\Lenovo 2021-03-05 20:50 - 2021-01-04 19:28 - 000000000 ____D C:\Users\Lenovo\Documents\zäpfchen 2021-03-03 12:50 - 2020-12-28 10:25 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\ICAClient 2021-03-03 12:50 - 2020-08-22 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\SquirrelTemp 2021-03-03 12:50 - 2020-03-30 13:34 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Zoom 2021-03-03 12:49 - 2021-02-02 20:47 - 000000000 ___DC C:\WINDOWS\Panther 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-03-01 18:04 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-03-01 18:04 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing ==================== Files in the root of some directories ======== 2019-09-04 01:40 - 2019-09-04 01:40 - 131028644 _____ () C:\Program Files\openoffice1.cab 2019-09-04 01:38 - 2019-09-04 01:38 - 002465792 _____ () C:\Program Files\openoffice417.msi 2019-09-04 01:38 - 2019-09-04 01:38 - 000479232 _____ () C:\Program Files\setup.exe 2019-09-04 01:38 - 2019-09-04 01:38 - 000000279 _____ () C:\Program Files\setup.ini ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021 Ran by Lenovo (26-03-2021 21:29:44) Running from C:\Users\Lenovo\Downloads\FRST-OlderVersion Windows 10 Home Version 2004 19041.867 (X64) (2021-02-18 00:13:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4294009755-3694156625-1329034997-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4294009755-3694156625-1329034997-503 - Limited - Disabled) Gast (S-1-5-21-4294009755-3694156625-1329034997-501 - Limited - Disabled) Lenovo (S-1-5-21-4294009755-3694156625-1329034997-1001 - Administrator - Enabled) => C:\Users\Lenovo WDAGUtilityAccount (S-1-5-21-4294009755-3694156625-1329034997-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated) Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software) Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 21.1.1187.3478 - Avast Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 89.0.8688.91 - Die Avast Secure Browser-Autoren) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2103.2081 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.1.24458 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.46.16549 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;) Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform) Citrix Workspace 2012 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 20.12.1.42 - Citrix Systems, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Mozilla Firefox 87.0 (x64 de) (HKLM\...\Mozilla Firefox 87.0 (x64 de)) (Version: 87.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla) Online Plug-in (HKLM-x32\...\{A6DDB28C-02F3-4D7F-A898-12C13EE95008}) (Version: 20.11.0.26 - Citrix Systems, Inc.) Hidden OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation) RED Medical Commander (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\RED Medical Commander) (Version: - RED Medical Systems GmbH) Self-Service Plug-in (HKLM-x32\...\{B91E7894-1983-4BF6-A3D8-F77AD832AECC}) (Version: 20.12.1.28 - Citrix Systems, Inc.) Hidden Zoom (HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.) Packages: ========= Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2020-02-18] (Dolby Laboratories) Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-18] (HP Inc.) Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-18] (INTEL CORP) [Startup Task] Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.) LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4 [2021-01-23] (LENOVO INC) [Startup Task] Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation) Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation) [MS Ad] Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Studios) [MS Ad] Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13628.20448.0_x86__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation) MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-07-06] (Realtek Semiconductor Corp) VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-01-25] (VideoLAN) Ziply Lite -> C:\Program Files\WindowsApps\1901TwentyOneTeam.ZiplyLite_1.0.12.0_x64__qfdnnpxetjjmm [2020-03-28] (Twenty One Team) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\amd64\FileCoAuthLib64.dll => No File ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RED Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RED Medical\RED Medical Commander.lnk -> C:\Users\Public\Documents\RED Medical Commander\commander-launcher.bat () ==================== Loaded Modules (Whitelisted) ============= 2020-12-21 12:44 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll 2020-06-19 14:55 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> DefaultScope {65AD6144-0445-4680-964B-7CD4F71D26CB} URL = SearchScopes: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001 -> {65AD6144-0445-4680-964B-7CD4F71D26CB} URL = BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-12-08] (Citrix Systems, Inc. -> Citrix Systems, Inc.) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\back.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "Redirector" HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\StartupApproved\StartupFolder: => "RED Commander.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{0C3DFC74-818E-4DCD-95FD-7197B24F88A7}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{925F2E71-C204-4970-894F-F936712DE39A}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C912AD46-47C9-4CC8-8005-054B133B428F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{06D24F51-E592-49FA-ADA9-9A718FC798AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9F6B5FE1-6CCB-44DA-8A4B-50ADB4CC571C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7B7304DB-91C9-44A0-8073-4AD35D7897A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{06270C6D-DAEB-4511-BC67-FF937D76A86B}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{8A1EA0A5-67D4-45D9-A128-BE80E37EE119}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{9B0FD35E-BD42-4F5B-941E-08DF1E83F7E7}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{AA2505AA-D585-4C04-B5A9-5307768DFCFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1E5627CB-48A8-4C99-9A8C-9C6351E7C23E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{EC54A0A3-CAC3-4DDD-850B-F816CDE9221A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13628.20448.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{768D8828-34A3-46B4-B3FE-25034000AD61}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{DE308017-856C-4D1C-A48F-3352E8F94B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{B65C134E-D513-4D20-A35D-FE6FA0C4EB3A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{793A2169-F43B-4CA8-B055-816446E43C8D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{E92DF44B-D9B6-412D-B3EA-29BDA5A73DCA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:118 GB) (Free:75.57 GB) (64%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/26/2021 07:39:55 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (03/26/2021 07:39:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.804, Zeitstempel: 0x0e9c5eae Ausnahmecode: 0xe06d7363 Fehleroffset: 0x000000000002d759 ID des fehlerhaften Prozesses: 0x1504 Startzeit der fehlerhaften Anwendung: 0x01d7226f409e6fb9 Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll Berichtskennung: 1acefae7-8175-40c7-adea-429aeb9283e7 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (03/26/2021 07:39:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IntelAudioService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode e06d7363, Ausnahmeadresse 00007FF94816D759 Stapel: Error: (03/25/2021 07:15:52 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (03/25/2021 06:24:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.2.0.943, Zeitstempel: 0x5fbd5689 Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.19041.844, Zeitstempel: 0x60a6ca36 Ausnahmecode: 0xc000070a Fehleroffset: 0x0000000000111efd ID des fehlerhaften Prozesses: 0x1bdc Startzeit der fehlerhaften Anwendung: 0x01d7208595b733b3 Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 3a9a3709-6263-4dbd-8785-9b9d48d97da6 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (03/19/2021 08:33:57 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (03/19/2021 08:33:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IntelAudioService.exe, Version: 1.0.1271.0, Zeitstempel: 0x5e3d2e0d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.804, Zeitstempel: 0x0e9c5eae Ausnahmecode: 0xe06d7363 Fehleroffset: 0x000000000002d759 ID des fehlerhaften Prozesses: 0x16d0 Startzeit der fehlerhaften Anwendung: 0x01d71c92007520a7 Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll Berichtskennung: e41f8578-ef28-4677-81ce-e52743e9b2db Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (03/19/2021 08:32:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IntelAudioService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode e06d7363, Ausnahmeadresse 00007FF8E5A6D759 Stapel: System errors: ============= Error: (03/26/2021 09:20:47 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT) Description: Fehler "1115" in DCOM, als der Dienst "SecurityHealthService" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {EDAE4045-CAE6-4706-8973-FA69715B8C10} Error: (03/26/2021 07:39:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/26/2021 07:38:15 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3) Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/26/2021 07:38:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2021 07:37:09 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3) Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (03/26/2021 07:37:09 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3) Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/26/2021 07:37:07 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2021 07:37:06 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-J5GA9RT3) Description: Fehler "1084" in DCOM, als der Dienst "TokenBroker" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal CodeIntegrity: =============== Date: 2021-03-26 19:36:27 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO ASCN40WW 10/11/2019 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Celeron(R) CPU 4205U @ 1.80GHz Percentage of memory in use: 89% Total physical RAM: 3976.24 MB Available physical RAM: 424.96 MB Total Virtual: 9096.24 MB Available Virtual: 4117.49 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:118 GB) (Free:75.57 GB) NTFS \\?\Volume{e73b3c0b-4182-433f-a907-2654b64be442}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.15 GB) NTFS \\?\Volume{65389b22-2299-4c13-9b92-da5ecf82e810}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: B288A94A) Partition: GPT. ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
Solution kevinf80 Posted March 27, 2021 Solution ID:1447381 Share Posted March 27, 2021 Hiya Krischka, Thanks for those logs, continue as follows: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply.... Thank you, Kevin. fixlist.txt Link to post Share on other sites More sharing options...
Krischka Posted March 27, 2021 Author ID:1447390 Share Posted March 27, 2021 Hi there, Fix result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021 Ran by Lenovo (27-03-2021 11:47:26) Run:1 Running from C:\Users\Lenovo\Desktop Loaded Profiles: Lenovo Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui C:\Program Files\Avast Software HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2429664 2021-03-15] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [2874592 2021-03-03] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\...\Run: [] => [X] HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\Installer\chrmstp.exe [2021-03-16] (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software BootExecute: autocheck autochk * icarus_rvrt.exe Task: {09786038-B6D2-48CB-A949-3D07436C5011} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION Task: {1AF56165-AC7A-4EF3-8F3C-91363C904EA6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-03-26] (Avast Software s.r.o. -> Avast Software) Task: {2523954D-0BF1-4F96-966C-E69BD1F09A50} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4665568 2021-03-03] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid be1c32b8-1a4f-43cc-b0cf-77dc966ab339 Task: {26A04298-F1A9-4479-97B1-D60C6FE6C250} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION Task: {2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) Task: {35EAF669-7545-4051-9B09-0A15D97BBAA4} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION Task: {3E14DD90-1FAD-4DBD-BF2A-524D77A821B2} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-15] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid fdc48cde-b9df-4f92-be59-e193f00b0215 Task: {45033028-695F-4357-9589-45AFAC45915C} - \Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24 -> No File <==== ATTENTION Task: {6330F872-8723-4416-9543-F02E7A4701BE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) Task: {6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software) Task: {80CD123D-AE2B-4FAB-95A4-2115743E1989} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software) Task: {85962931-1A10-43A0-A823-A2D234DBAE44} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe Task: {A71A954D-6387-4D08-99F4-6B7B5B7EC017} - \Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0 -> No File <==== ATTENTION Task: {C7AD19C8-4CE6-4A28-8353-9ADC15915101} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [5493472 2021-02-15] (Avast Software s.r.o. -> Avast Software) Task: {F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6} - \Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e -> No File <==== ATTENTION Task: {F83328DA-81D8-43B7-AC21-F325C720E22B} - \Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06 -> No File <==== ATTENTION Task: {FD58A045-531B-4E88-AD2C-6CEC76379E1B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2250232 2021-03-14] (Avast Software s.r.o. -> AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-22] (Avast Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\89.0.8688.91\elevation_service.exe [1504864 2021-03-14] (Avast Software s.r.o. -> AVAST Software) R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-15] (Avast Software s.r.o. -> AVAST Software) R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [5903584 2021-03-03] (Avast Software s.r.o. -> AVAST Software) R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [49920 2018-08-03] (McAfee, Inc. -> McAfee) C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys U3 aswbdisk; no ImagePath 2021-03-26 19:34 - 2021-03-26 19:34 - 012519280 _____ (AVAST Software) C:\Users\Lenovo\Downloads\avastclear.exe 2021-03-26 19:34 - 2021-03-26 19:34 - 011049936 _____ (McAfee, LLC) C:\Users\Lenovo\Downloads\MCPR.exe 2021-03-26 21:20 - 2021-02-22 15:00 - 000000000 ____D C:\ProgramData\Avast Software 2021-03-26 19:38 - 2021-02-22 15:03 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Avast Software 2021-03-26 19:38 - 2021-02-22 15:00 - 000000000 ____D C:\Program Files\Avast Software 2021-03-25 19:10 - 2021-02-22 15:07 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AVAST Software 2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2021-03-16 20:00 - 2021-02-22 15:06 - 000002466 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4} CustomCLSID: HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\amd64\FileCoAuthLib64.dll => No File BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File FirewallRules: [{768D8828-34A3-46B4-B3FE-25034000AD61}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: dism /online /cleanup-image /restorehealth cmd: sfc /scannow Hosts: C:\Windows\Temp\*.* EmptyTemp: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => removed successfully "C:\Program Files\Avast Software" folder move: Could not move "C:\Program Files\Avast Software" => Scheduled to move on reboot. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TuneupUI.exe" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DriverUpdUI.exe" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKU\S-1-5-21-4294009755-3694156625-1329034997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully HKLM\Software\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698} => removed successfully C:\Program Files (x86)\AVAST Software => moved successfully HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09786038-B6D2-48CB-A949-3D07436C5011}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09786038-B6D2-48CB-A949-3D07436C5011}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1AF56165-AC7A-4EF3-8F3C-91363C904EA6}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AF56165-AC7A-4EF3-8F3C-91363C904EA6}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2523954D-0BF1-4F96-966C-E69BD1F09A50}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2523954D-0BF1-4F96-966C-E69BD1F09A50}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Software\Avast Driver Updater BugReport => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Driver Updater BugReport" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26A04298-F1A9-4479-97B1-D60C6FE6C250}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26A04298-F1A9-4479-97B1-D60C6FE6C250}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FAFFBF4-4D03-4C6F-AE54-4A7681C0A04C}" => removed successfully C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35EAF669-7545-4051-9B09-0A15D97BBAA4}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35EAF669-7545-4051-9B09-0A15D97BBAA4}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3E14DD90-1FAD-4DBD-BF2A-524D77A821B2}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E14DD90-1FAD-4DBD-BF2A-524D77A821B2}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Software\Avast Cleanup BugReport => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup BugReport" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45033028-695F-4357-9589-45AFAC45915C}" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\af00e186-ba8b-4441-96be-d3708d172d24" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6330F872-8723-4416-9543-F02E7A4701BE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6330F872-8723-4416-9543-F02E7A4701BE}" => removed successfully C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E2B3F0B-9FD2-4425-BBFA-03F73AB99BAE}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Software\Avast Cleanup Update => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup Update" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80CD123D-AE2B-4FAB-95A4-2115743E1989}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80CD123D-AE2B-4FAB-95A4-2115743E1989}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Logon)" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{85962931-1A10-43A0-A823-A2D234DBAE44}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85962931-1A10-43A0-A823-A2D234DBAE44}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Emergency Update => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71A954D-6387-4D08-99F4-6B7B5B7EC017}" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\31f36f7a-14ce-4219-b63b-8d1c7a18e6b0" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C7AD19C8-4CE6-4A28-8353-9ADC15915101}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7AD19C8-4CE6-4A28-8353-9ADC15915101}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Software\Avast Driver Updater Update => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Driver Updater Update" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F68D0D2E-0A80-4507-8FAF-E0D42BCC53A6}" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\01f1fd4d-f0dc-404d-8f71-0b6bfe8d495e" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F83328DA-81D8-43B7-AC21-F325C720E22B}" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\dcaf67ad-4fc3-4e21-82c5-583cb2a6bd06" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD58A045-531B-4E88-AD2C-6CEC76379E1B}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD58A045-531B-4E88-AD2C-6CEC76379E1B}" => removed successfully C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Hourly)" => removed successfully HKLM\System\CurrentControlSet\Services\avast => removed successfully avast => service removed successfully HKLM\System\CurrentControlSet\Services\avastm => removed successfully avastm => service removed successfully HKLM\System\CurrentControlSet\Services\AvastSecureBrowserElevationService => removed successfully AvastSecureBrowserElevationService => service removed successfully CleanupPSvc => Service stopped successfully. HKLM\System\CurrentControlSet\Services\CleanupPSvc => removed successfully CleanupPSvc => service removed successfully DriverUpdSvc => Service stopped successfully. HKLM\System\CurrentControlSet\Services\DriverUpdSvc => removed successfully DriverUpdSvc => service removed successfully McAfeeIntegrationDriver => Unable to stop service. HKLM\System\CurrentControlSet\Services\McAfeeIntegrationDriver => removed successfully McAfeeIntegrationDriver => service removed successfully C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys => moved successfully HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully aswbdisk => service removed successfully C:\Users\Lenovo\Downloads\avastclear.exe => moved successfully C:\Users\Lenovo\Downloads\MCPR.exe => moved successfully C:\ProgramData\Avast Software => moved successfully C:\Users\Lenovo\AppData\Roaming\Avast Software => moved successfully C:\Program Files\Avast Software => moved successfully C:\Users\Lenovo\AppData\Local\AVAST Software => moved successfully C:\Users\Public\Desktop\Avast Secure Browser.lnk => moved successfully "C:\ProgramData\Desktop\Avast Secure Browser.lnk" => not found "AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF}" => removed successfully "AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}" => removed successfully HKU\S-1-5-21-4294009755-3694156625-1329034997-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7} => removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{768D8828-34A3-46B4-B3FE-25034000AD61}" => removed successfully ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= End of CMD: ========= ========= dism /online /cleanup-image /restorehealth ========= Tool zur Imageverwaltung fr die Bereitstellung Version: 10.0.19041.844 Abbildversion: 10.0.19041.867 [== 3.8% ] [== 3.9% ] [== 4.2% ] [== 4.5% ] [== 4.8% ] [== 4.9% ] [== 5.1% ] [=== 5.5% ] [=== 5.8% ] [=== 6.3% ] [=== 6.7% ] [==== 7.2% ] [==== 7.4% ] [==== 7.5% ] [==== 7.7% ] [==== 8.1% ] [==== 8.6% ] [===== 8.8% ] [===== 9.3% ] [===== 9.9% ] [====== 10.9% ] [====== 11.8% ] [======= 12.8% ] [======= 13.5% ] [======== 13.9% ] [======== 14.6% ] [======== 15.3% ] [========= 16.2% ] [========= 17.1% ] [========== 17.5% ] [========== 18.0% ] [========== 18.3% ] [========== 18.4% ] [========== 18.7% ] [=========== 19.1% ] [=========== 19.3% ] [=========== 19.7% ] [=========== 19.8% ] [=========== 19.8% ] [=========== 19.8% ] [=========== 19.9% ] [=========== 20.2% ] [============ 20.8% ] [============ 21.4% ] [============ 22.1% ] [============= 22.8% ] [============= 23.5% ] [============== 24.2% ] [============== 24.2% ] [============== 24.6% ] [============== 25.2% ] [=============== 26.0% ] [=============== 26.4% ] [=============== 27.0% ] [=============== 27.1% ] [=============== 27.3% ] [================ 27.7% ] [================ 28.5% ] [================= 29.4% ] [================= 29.5% ] [================= 29.7% ] [================= 30.6% ] [================== 31.2% ] [================== 31.5% ] [================== 31.7% ] [================== 32.2% ] [================== 32.3% ] [================== 32.7% ] [=================== 33.2% ] [=================== 33.7% ] [=================== 34.0% ] [=================== 34.2% ] [=================== 34.4% ] [==================== 34.6% ] [==================== 34.8% ] [==================== 35.0% ] [==================== 35.0% ] [==================== 35.1% ] [==================== 35.3% ] [==================== 35.4% ] [==================== 35.6% ] [==================== 35.8% ] [==================== 35.8% ] [==================== 35.9% ] [==================== 36.1% ] [===================== 36.2% ] [===================== 36.5% ] [===================== 36.6% ] [===================== 36.8% ] [===================== 36.9% ] [===================== 37.1% ] [===================== 37.2% ] [===================== 37.3% ] [===================== 37.4% ] [===================== 37.4% ] [===================== 37.5% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.9% ] [====================== 38.0% ] [====================== 38.0% ] [====================== 38.3% ] [====================== 38.9% ] [====================== 39.1% ] [====================== 39.5% ] [======================= 39.7% ] [======================= 39.8% ] [======================= 40.0% ] [======================= 40.2% ] [======================= 40.4% ] [======================= 40.7% ] [======================== 41.7% ] [======================== 42.5% ] [========================= 43.5% ] [========================= 44.5% ] [========================== 45.4% ] [========================== 46.2% ] [===========================46.9% ] [===========================47.8% ] [===========================48.0% ] [===========================49.0% ] [===========================49.7% ] [===========================50.6% ] [===========================51.5% ] [===========================51.6% ] [===========================52.2% ] [===========================52.2% ] [===========================52.3% ] [===========================52.3% ] [===========================52.4% ] [===========================52.4% ] [===========================52.5% ] [===========================52.5% ] [===========================52.5% ] [===========================52.6% ] [===========================52.6% ] [===========================52.6% ] [===========================52.7% ] [===========================52.7% ] [===========================52.7% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.9% ] [===========================53.0% ] [===========================53.0% ] [===========================53.0% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.2% ] [===========================53.2% ] [===========================53.3% ] [===========================53.4% ] [===========================53.4% ] [===========================53.5% ] [===========================53.5% ] [===========================53.6% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.9% ] [===========================53.9% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.1% ] [===========================54.1% ] [===========================54.2% ] [===========================54.2% ] [===========================54.2% ] [===========================54.2% ] [===========================54.3% ] [===========================54.4% ] [===========================54.4% ] [===========================54.5% ] [===========================54.5% ] [===========================54.6% ] [===========================54.7% ] [===========================54.8% ] [===========================54.9% ] [===========================55.0% ] [===========================55.0% ] [===========================55.1% ] [===========================55.1% ] [===========================55.2% ] [===========================55.2% ] [===========================55.2% ] [===========================55.2% ] [===========================55.4% ] [===========================55.5% ] [===========================55.5% ] [===========================55.5% ] [===========================55.7% ] [===========================56.0% ] [===========================56.0% ] [===========================56.1% ] [===========================56.2% ] [===========================56.4% ] [===========================57.1%= ] [===========================58.1%= ] [===========================59.0%== ] [===========================60.0%== ] [===========================62.3%==== ] [===========================84.9%================= ] [===========================92.5%===================== ] [==========================100.0%==========================] Der Wiederherstellungsvorgang wurde erfolgreich abgeschlossen. Der Vorgang wurde erfolgreich beendet. ========= End of CMD: ========= ========= sfc /scannow ========= Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern. Überprüfungsphase der Systemsuche wird gestartet. Überprüfung 0 % abgeschlossen. Überprüfung 1 % abgeschlossen. Überprüfung 1 % abgeschlossen. Überprüfung 2 % abgeschlossen. Überprüfung 2 % abgeschlossen. Überprüfung 3 % abgeschlossen. Überprüfung 4 % abgeschlossen. Überprüfung 4 % abgeschlossen. Überprüfung 5 % abgeschlossen. Überprüfung 5 % abgeschlossen. Überprüfung 6 % abgeschlossen. Überprüfung 7 % abgeschlossen. Überprüfung 7 % abgeschlossen. Überprüfung 8 % abgeschlossen. Überprüfung 8 % abgeschlossen. Überprüfung 9 % abgeschlossen. Überprüfung 9 % abgeschlossen. Überprüfung 10 % abgeschlossen. Überprüfung 11 % abgeschlossen. Überprüfung 11 % abgeschlossen. Überprüfung 12 % abgeschlossen. Überprüfung 12 % abgeschlossen. Überprüfung 13 % abgeschlossen. Überprüfung 14 % abgeschlossen. Überprüfung 14 % abgeschlossen. Überprüfung 15 % abgeschlossen. Überprüfung 15 % abgeschlossen. Überprüfung 16 % abgeschlossen. Überprüfung 17 % abgeschlossen. Überprüfung 17 % abgeschlossen. Überprüfung 18 % abgeschlossen. Überprüfung 18 % abgeschlossen. Überprüfung 19 % abgeschlossen. Überprüfung 19 % abgeschlossen. Überprüfung 20 % abgeschlossen. Überprüfung 21 % abgeschlossen. Überprüfung 21 % abgeschlossen. Überprüfung 22 % abgeschlossen. Überprüfung 22 % abgeschlossen. Überprüfung 23 % abgeschlossen. Überprüfung 24 % abgeschlossen. Überprüfung 24 % abgeschlossen. Überprüfung 25 % abgeschlossen. Überprüfung 25 % abgeschlossen. Überprüfung 26 % abgeschlossen. Überprüfung 26 % abgeschlossen. Überprüfung 27 % abgeschlossen. Überprüfung 28 % abgeschlossen. Überprüfung 28 % abgeschlossen. Überprüfung 29 % abgeschlossen. Überprüfung 29 % abgeschlossen. Überprüfung 30 % abgeschlossen. Überprüfung 31 % abgeschlossen. Überprüfung 31 % abgeschlossen. Überprüfung 32 % abgeschlossen. Überprüfung 32 % abgeschlossen. Überprüfung 33 % abgeschlossen. Überprüfung 34 % abgeschlossen. Überprüfung 34 % abgeschlossen. Überprüfung 35 % abgeschlossen. Überprüfung 35 % abgeschlossen. Überprüfung 36 % abgeschlossen. Überprüfung 36 % abgeschlossen. Überprüfung 37 % abgeschlossen. Überprüfung 38 % abgeschlossen. Überprüfung 38 % abgeschlossen. Überprüfung 39 % abgeschlossen. Überprüfung 39 % abgeschlossen. Überprüfung 40 % abgeschlossen. Überprüfung 41 % abgeschlossen. Überprüfung 41 % abgeschlossen. Überprüfung 42 % abgeschlossen. Überprüfung 42 % abgeschlossen. Überprüfung 43 % abgeschlossen. Überprüfung 44 % abgeschlossen. Überprüfung 44 % abgeschlossen. Überprüfung 45 % abgeschlossen. Überprüfung 45 % abgeschlossen. Überprüfung 46 % abgeschlossen. Überprüfung 46 % abgeschlossen. Überprüfung 47 % abgeschlossen. Überprüfung 48 % abgeschlossen. Überprüfung 48 % abgeschlossen. Überprüfung 49 % abgeschlossen. Überprüfung 49 % abgeschlossen. Überprüfung 50 % abgeschlossen. Überprüfung 51 % abgeschlossen. Überprüfung 51 % abgeschlossen. Überprüfung 52 % abgeschlossen. Überprüfung 52 % abgeschlossen. Überprüfung 53 % abgeschlossen. Überprüfung 53 % abgeschlossen. Überprüfung 54 % abgeschlossen. Überprüfung 55 % abgeschlossen. Überprüfung 55 % abgeschlossen. Überprüfung 56 % abgeschlossen. Überprüfung 56 % abgeschlossen. Überprüfung 57 % abgeschlossen. Überprüfung 58 % abgeschlossen. Überprüfung 58 % abgeschlossen. Überprüfung 59 % abgeschlossen. Überprüfung 59 % abgeschlossen. Überprüfung 60 % abgeschlossen. Überprüfung 61 % abgeschlossen. Überprüfung 61 % abgeschlossen. Überprüfung 62 % abgeschlossen. Überprüfung 62 % abgeschlossen. Überprüfung 63 % abgeschlossen. Überprüfung 63 % abgeschlossen. Überprüfung 64 % abgeschlossen. Überprüfung 65 % abgeschlossen. Überprüfung 65 % abgeschlossen. Überprüfung 66 % abgeschlossen. Überprüfung 66 % abgeschlossen. Überprüfung 67 % abgeschlossen. Überprüfung 68 % abgeschlossen. Überprüfung 68 % abgeschlossen. Überprüfung 69 % abgeschlossen. Überprüfung 69 % abgeschlossen. Überprüfung 70 % abgeschlossen. Überprüfung 71 % abgeschlossen. Überprüfung 71 % abgeschlossen. Überprüfung 72 % abgeschlossen. Überprüfung 72 % abgeschlossen. Überprüfung 73 % abgeschlossen. Überprüfung 73 % abgeschlossen. Überprüfung 74 % abgeschlossen. Überprüfung 75 % abgeschlossen. Überprüfung 75 % abgeschlossen. Überprüfung 76 % abgeschlossen. Überprüfung 76 % abgeschlossen. Überprüfung 77 % abgeschlossen. Überprüfung 78 % abgeschlossen. Überprüfung 78 % abgeschlossen. Überprüfung 79 % abgeschlossen. Überprüfung 79 % abgeschlossen. Überprüfung 80 % abgeschlossen. Überprüfung 80 % abgeschlossen. Überprüfung 81 % abgeschlossen. Überprüfung 82 % abgeschlossen. Überprüfung 82 % abgeschlossen. Überprüfung 83 % abgeschlossen. Überprüfung 83 % abgeschlossen. Überprüfung 84 % abgeschlossen. Überprüfung 85 % abgeschlossen. Überprüfung 85 % abgeschlossen. Überprüfung 86 % abgeschlossen. Überprüfung 86 % abgeschlossen. Überprüfung 87 % abgeschlossen. Überprüfung 88 % abgeschlossen. Überprüfung 88 % abgeschlossen. Überprüfung 89 % abgeschlossen. Überprüfung 89 % abgeschlossen. Überprüfung 90 % abgeschlossen. Überprüfung 90 % abgeschlossen. Überprüfung 91 % abgeschlossen. Überprüfung 92 % abgeschlossen. Überprüfung 92 % abgeschlossen. Überprüfung 93 % abgeschlossen. Überprüfung 93 % abgeschlossen. Überprüfung 94 % abgeschlossen. Überprüfung 95 % abgeschlossen. Überprüfung 95 % abgeschlossen. Überprüfung 96 % abgeschlossen. Überprüfung 96 % abgeschlossen. Überprüfung 97 % abgeschlossen. Überprüfung 98 % abgeschlossen. Überprüfung 98 % abgeschlossen. Überprüfung 99 % abgeschlossen. Überprüfung 99 % abgeschlossen. Überprüfung 100 % abgeschlossen. Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden. ========= End of CMD: ========= Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot. =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\AdobeARM.log => moved successfully C:\Windows\Temp\AdobeARM_Helper.log => moved successfully C:\Windows\Temp\ArmUI.ini => moved successfully C:\Windows\Temp\aswca4fb06870c3c5d4.tmp => moved successfully C:\Windows\Temp\AvastBrowser_installer.log => moved successfully C:\Windows\Temp\avira_antivirus_presetup.log => moved successfully C:\Windows\Temp\avira_antivirus_setup.log => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully C:\Windows\Temp\InfInstallerLog._21-03-24_08-29-29-224_95e35d66-9154-4ab0-8e8f-ebddf12827bc.log => moved successfully C:\Windows\Temp\mat-debug-14320.log => moved successfully C:\Windows\Temp\mat-debug-15012.log => moved successfully C:\Windows\Temp\mat-debug-16488.log => moved successfully C:\Windows\Temp\mat-debug-17876.log => moved successfully C:\Windows\Temp\mat-debug-17956.log => moved successfully C:\Windows\Temp\mat-debug-18816.log => moved successfully C:\Windows\Temp\mat-debug-18848.log => moved successfully C:\Windows\Temp\mat-debug-23004.log => moved successfully C:\Windows\Temp\mat-debug-8728.log => moved successfully C:\Windows\Temp\mbamiservice.log => moved successfully C:\Windows\Temp\mb_errors3176.log => moved successfully C:\Windows\Temp\mb_errors5480.log => moved successfully C:\Windows\Temp\mb_errors6068.log => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\msedge_installer.log => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12816105 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 21023463 B Edge => 1948093 B Chrome => 27767802 B Firefox => 605789126 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 492206 B systemprofile32 => 492206 B LocalService => 631102 B NetworkService => 632790 B Lenovo => 68586057 B RecycleBin => 13439 B EmptyTemp: => 713.4 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-03-2021 12:08:45) C:\Program Files\Avast Software => Is moved successfully C:\Windows\System32\Drivers\etc\hosts => Could not move Could not restore Hosts. ==== End of Fixlog 12:08:45 ==== --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.333, (build 1.333.1384.0) Started On Sat Mar 27 12:13:25 2021 Engine: 1.1.17900.7 Signatures: 1.333.1384.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Quick Scan Results: ------------------- Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed! Action: Remove, Result: 0x00000000 regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Sat Mar 27 12:23:25 2021 Return code: 6 (0x6) Link to post Share on other sites More sharing options...
kevinf80 Posted March 27, 2021 ID:1447396 Share Posted March 27, 2021 How is your PC responding now, any issues or concerns..? Link to post Share on other sites More sharing options...
Krischka Posted March 27, 2021 Author ID:1447412 Share Posted March 27, 2021 firefox and adobe not working anymore, but I guess I can just download it again. Nothing else I noticed so far. You think we are good now? Link to post Share on other sites More sharing options...
kevinf80 Posted March 27, 2021 ID:1447444 Share Posted March 27, 2021 Can you reinstall those two apps you mention, see if they work... Link to post Share on other sites More sharing options...
Krischka Posted March 28, 2021 Author ID:1447509 Share Posted March 28, 2021 firefox works now, adobe acrobat reader cannot be found Link to post Share on other sites More sharing options...
kevinf80 Posted March 28, 2021 ID:1447519 Share Posted March 28, 2021 Do you need Adobe Acrobat Reader..? If so is available here: https://get.adobe.com/de/reader/ Any other issues or concerns...? Link to post Share on other sites More sharing options...
Krischka Posted March 28, 2021 Author ID:1447527 Share Posted March 28, 2021 I tried to install it multiple times, but for some reason it wont work. I will figure it out eventually or use another pdf reader. So far everything else seems fine, thank you very much for your help Kevin, I appreaciate it and I will send a donation! Link to post Share on other sites More sharing options...
kevinf80 Posted March 28, 2021 ID:1447530 Share Posted March 28, 2021 Hiya Krischka, Thanks for the update, good to hear you have no more issues. Continue to finish up: Right click on FRST here: C:\Users\Lenovo\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted March 29, 2021 ID:1447591 Share Posted March 29, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts