Weird Problems with VM and Comodo

Status
Not open for further replies.

Peppy

New Member
Thread author
Jan 22, 2022
7
Hi,

I am new to this forum and I have the following issue:

Some days ago, I clicked on a pop up-window in my Linux-VM that said I need to update some features or so ... after I clicked "Okay", my Comodo firewall gave me a warning that approx. read as follows: "VM.exe tries to access the protected COM interface" (This is a translation from German). And after I clicked "Okay" my Comodo bombarded me with a lot more messages which stated that chrome.exe (I have no chrome on my linux, only on my windows host system) and different other .exe-files tried to access the protected COM-interface. I then forced my computer to shut down by pressing the off-button and when I started it again, my desktop was totally blank and I could not access any programm and I could not even open the start menu with the windows button.

Starting my computer in safe mode works and a friend of mine advised me that comodo and avira are unneccessary tools that could cause me troubles so I tried to deinstall them. Avira deinstallation was successful while comodo deinstallation was not possible/failed, I can look up and translate the error message if that helps.

I planned to fix that error someday by reinstalling windows but until now it did not happen...

Now, I got me a new computer and I have worked with it for some days. First days no problem at all. But then, the following happened: I have an ova-file of my VM and and I imported it to the VM on my new computer. Yesterday, I opened my VM to work on a project for university (not for work! I do not get paid for this and there is no professional place at university where I could turn to with my problem), and then I got the same bombardment from my firewall like that one on my old computer, stating that different .exe-files try to access the protected COM interface. I immediatly forced a shut down on my computer and when I turned it back on, the VM was closed and my computer worked normally as before.

This happened yesterday. Since then, I have not opened the VM again bc. I am afraid of getting in trouble and having the same problems as on my old computer. I heard that it is hard for malware to infect the host system from the guest system, but might this be the case in my situation? Maybe it's also improtant to say, that there existed a shared folder between my windows and my linux system and that yesterday, before the COM interface incident happened, I got an advice from my linux, that my shared folder does not work or something like that (it was a notification about my shared folder, I don't really remember what it exactly was...).

Thanks for your help in advance!

Peppy
 
Last edited:
  • Like
Reactions: shmu26

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need additional information.

If you have Malwarebytes installed just run it as suggested, If not:

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer

  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>
 

Peppy

New Member
Thread author
Jan 22, 2022
7
Hi Nasdaq,

thanks for your advice!

a) find attached the Malwarebytes log. The scan resulted in one detection which I quarantined

b) I hope I was right to perform the scan on my new computer, since on my old one is only reachable in safe mode so there is no internet to download things or execute installation files...

c) Should I go right on with the next scans by AdwCleaner and Farbar or should I first wait for your response to this first log?

Thanks for your support!
(I wish I would have chosen another user name. In German peppy sounds just funny, but in English it is linked to a meaning ... whatever)
 

Attachments

  • Malwarebytes Log.txt
    1.4 KB · Views: 21
  • +Reputation
Reactions: oldschool

Peppy

New Member
Thread author
Jan 22, 2022
7
Update:

I was waiting for your answer to my above post when I got the following warning from Comodo: "chrome.exe tries to access your registry-key". I remember that this was another warning besides the COM interface-warning that I got from my firewall when my old computer crashed so I force-shut down my computer and hurried a bit up with your instructions.

(conclusion: Either this bullshit - excuse me - has nothing to do with my VM or it jumped again from my VM to my host system)

Adwcleaner found nothing but that there is a pre-installed software on this computer called LenovoPowerManager which I consider possible because I bought a used computer from the internet. (But my old computer was not a used one). i did not quarantine the PowerManager because I think it is harmless)

When I tried to execute FRST.exe a funny thing happened: There came some warnings from my comodo and eventually there was that familiar warning that made me suspicious: "frst.exe tries to access your protected COM interface" (the same warning that caused all the problems on my old computer). When I read that I forced a shut down and this is the state of the art ... help?!

Find attached the log file from AdwCleaner.
 

Attachments

  • AdwCleaner[S00].txt
    1.5 KB · Views: 22

Peppy

New Member
Thread author
Jan 22, 2022
7
Maybe it's just my Comodo doing sh*t. My Google Chome was not able to connect to the internet anymore so my friend advised me to finally de-install Comodo. Now that I did, my Chrome works again. ... Maybe it will also solve my other problems, let's see. ... Who cares about Comodo, I have Windows Firewall that's enough ...
 

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Yes the Widows Firewall is good.

If any remaining issues run the Farbar program and post the logs for my review.

You can post the logs even if all is well. I will review them.
 

Peppy

New Member
Thread author
Jan 22, 2022
7
Thanks Nasdaq!

I scanned my computer with Farbar. The created reports are in German as you can see. Should I translate them with Deepl or so? I'll happily do so, if it helps.

Greetings
Peppy

--------

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2022
durchgeführt von User (Administrator) auf DESKTOP-EC9A7J7 (LENOVO 20AWS0Y800) (24-01-2022 19:29:12)
Gestartet von C:\Users\User\Downloads
Geladene Profile: User
Plattform: Microsoft Windows 10 Pro Version 21H1 19043.1466 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Apache Software Foundation) [Datei ist nicht signiert] C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) [Datei ist nicht signiert] C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) [Datei ist nicht signiert] C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc) C:\Users\User\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe <2>
(Cisco Systems, Inc. -> Cisco Systems, Inc) C:\Users\User\AppData\Local\Programs\Cisco Spark\dependencies\CiscoCollabHostCef.exe <2>
(Cisco Systems, Inc. -> Cisco WebEx LLC) C:\Users\User\AppData\Local\Programs\Cisco Spark\dependencies\washost.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\User\AppData\Local\WebEx\WebEx\Meetings\atmgr.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\User\AppData\Local\WebEx\WebexHost.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\OneDrive\22.002.0103.0004\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-2262961252-2421112716-754752982-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2262961252-2421112716-754752982-1001\...\Run: [CiscoSpark] => C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1445 2022-01-15] () [Datei ist nicht signiert]
HKU\S-1-5-21-2262961252-2421112716-754752982-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\User\AppData\Local\WebEx\WebexHost.exe [6982480 2022-01-14] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-23] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1135C9A3-50C1-4110-BE64-F504E397AAB1} - System32\Tasks\GoogleUpdateTaskMachineCore{0804CF2D-5133-46E8-875A-8C54823519FB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-23] (Google LLC -> Google LLC)
Task: {20AAF531-E7A5-4049-82ED-722B59718C76} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1514416 2018-04-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {2E664F0D-31D2-4E29-A4C8-C0427CAE45C5} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [114112 2021-12-02] (Lenovo -> Lenovo)
Task: {39B53625-C706-465C-BD0C-F9FED0776F2B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2022-01-14] (Avast Software s.r.o. -> Avast Software)
Task: {3EE0E083-6B57-4DD2-B46E-6A7030903363} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4969240 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
Task: {5ABAB308-7A46-4505-8870-3C0867070627} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Keine Datei)
Task: {5B91A08F-0FDF-46EF-9947-FF5105930016} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {93B5B203-93E2-4CEC-9F15-2B8E6AD46093} - System32\Tasks\GoogleUpdateTaskMachineUA{CAAD8611-AFB5-4CBF-AF10-5EE9BC478711} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-23] (Google LLC -> Google LLC)
Task: {95E5823B-7ABE-4E60-9F79-F49F7BA1A5E7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1514416 2018-04-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9B6E70BB-8D91-416D-85E3-9BAF14DFA400} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (Keine Datei)
Task: {B89254AA-C3F7-44AA-AFD2-CE28F1FACD49} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [63936 2021-12-02] (Lenovo -> )
Task: {DC25C047-D6E9-4045-8859-3F9EE894B5A8} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a56aebe1-2d21-4496-98b1-4de214149f64}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: f8i4jt0e.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f8i4jt0e.default [2022-01-23]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3axvofhd.default-release [2022-01-23]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2022-01-24]
CHR Notifications: Default -> hxxps://malwaretips.com
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/","hxxps://www.bing.com/?PC=QI04","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=opensearch
CHR DefaultSearchKeyword: Default -> ecosia.org
CHR DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/autocomplete?q={searchTerms}&type=list
CHR Extension: (Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-01-14]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-01-14]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-01-14]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-01-14]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-01-15]
CHR Extension: (Talkie: text-to-speech, many languages!) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfbcfmmdpdminapkflljhbfeejjhjjk [2022-01-15]
CHR Extension: (Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-01-14]
CHR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2022-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-14]
CHR Extension: (XPath Helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl [2022-01-15]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2022-01-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-01-23]
CHR Extension: (Web Scraper - Free Web Scraping) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2022-01-15]
CHR Extension: (Jitsi Meetings) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglhbbefdnlheedjiejgomgmfplipfeb [2022-01-15]
CHR Extension: (ChroPath) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2022-01-15]
CHR Extension: (Scraper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2022-01-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-14]
CHR Extension: (Data Scraper - Easy Web Scraping) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2022-01-15]
CHR Extension: (Unfriend Finder) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olljnkilmblncgcghhaodkpdcnokhpah [2022-01-15]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-01-14]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8480848 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [452888 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [452888 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-01-23] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [694016 2020-07-09] (Oracle Corporation -> Oracle Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2022-01-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2022-01-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36784 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [223176 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [369216 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [252992 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [100416 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [21936 2022-01-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42416 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [186280 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [540056 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108912 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83976 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [853800 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [545176 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215432 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [318760 2022-01-14] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2022-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [63256 2018-08-29] (Comodo Security Solutions, Inc. -> COMODO)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220568 2022-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2022-01-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [194480 2022-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2022-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-01-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [156792 2022-01-24] (Malwarebytes Inc -> Malwarebytes)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [60072 2015-06-05] (AlcorMicro, Corp. -> Generic)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [237376 2020-07-10] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [248248 2020-07-10] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2022-01-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435432 2022-01-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86248 2022-01-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2022-01-24 19:26 - 2022-01-24 19:28 - 000037162 _____ C:\Users\User\Downloads\Addition.txt
2022-01-24 19:25 - 2022-01-24 19:29 - 000020393 _____ C:\Users\User\Downloads\FRST.txt
2022-01-24 19:24 - 2022-01-24 19:24 - 002311680 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2022-01-24 12:31 - 2022-01-24 12:32 - 001809820 _____ C:\Windows\Minidump\012422-7796-01.dmp
2022-01-24 08:56 - 2022-01-24 12:31 - 000156792 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-01-24 08:56 - 2022-01-24 08:56 - 000194480 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-01-24 08:56 - 2022-01-24 08:56 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-01-23 22:01 - 2022-01-23 22:01 - 000000000 _____ C:\Windows\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2022-01-23 21:44 - 2022-01-24 18:55 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2022-01-23 21:44 - 2022-01-24 18:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-01-23 21:44 - 2022-01-23 21:53 - 000000000 ____D C:\ProgramData\Mozilla
2022-01-23 21:44 - 2022-01-23 21:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-23 21:44 - 2022-01-23 21:45 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-01-23 21:44 - 2022-01-23 21:44 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-23 21:44 - 2022-01-23 21:44 - 000001216 _____ C:\Users\Public\Desktop\Firefox.lnk
2022-01-23 21:44 - 2022-01-23 21:44 - 000000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2022-01-23 21:44 - 2022-01-23 21:44 - 000000000 ____D C:\Users\User\AppData\Local\Mozilla
2022-01-23 21:43 - 2022-01-23 21:44 - 053536376 _____ (Mozilla) C:\Users\User\Downloads\Firefox_Setup_96.0.exe
2022-01-23 21:41 - 2022-01-23 21:41 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-23 21:41 - 2022-01-23 21:41 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-23 21:41 - 2022-01-23 21:41 - 000000000 ____D C:\Program Files\Google
2022-01-23 21:40 - 2022-01-24 00:55 - 000003636 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{CAAD8611-AFB5-4CBF-AF10-5EE9BC478711}
2022-01-23 21:40 - 2022-01-24 00:55 - 000003412 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{0804CF2D-5133-46E8-875A-8C54823519FB}
2022-01-23 21:39 - 2022-01-23 21:39 - 001343320 _____ (Google LLC) C:\Users\User\Downloads\ChromeSetup.exe
2022-01-23 20:52 - 2022-01-24 19:29 - 000000000 ____D C:\FRST
2022-01-23 20:34 - 2022-01-23 20:36 - 000000000 ____D C:\AdwCleaner
2022-01-23 20:33 - 2022-01-23 20:33 - 008540344 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_8.3.1.exe
2022-01-23 20:28 - 2022-01-23 20:28 - 002327794 _____ C:\Users\User\Downloads\Handschriftenerkennung_Erhard (1).pdf
2022-01-23 20:28 - 2022-01-23 20:28 - 001513085 _____ C:\Users\User\Downloads\Sacherschließung_BehrensAlena (1).pdf
2022-01-23 20:28 - 2022-01-23 20:28 - 000991311 _____ C:\Users\User\Downloads\Vortrag_Smartwatches_KatharinaKupfer (1).pdf
2022-01-23 19:09 - 2022-01-23 19:09 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-01-23 19:09 - 2022-01-23 19:09 - 000220568 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-01-23 19:09 - 2022-01-23 19:09 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-01-23 19:09 - 2022-01-23 19:09 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-01-23 19:09 - 2022-01-23 19:09 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-23 19:09 - 2022-01-23 19:09 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-01-23 19:09 - 2022-01-23 19:09 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2022-01-23 19:07 - 2022-01-23 19:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-23 19:07 - 2022-01-23 19:07 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-23 19:06 - 2022-01-23 19:06 - 002911928 _____ (Malwarebytes) C:\Users\User\Downloads\MBSetup.exe
2022-01-23 13:20 - 2022-01-23 13:21 - 001698444 _____ C:\Windows\Minidump\012322-10125-01.dmp
2022-01-21 22:21 - 2022-01-21 22:21 - 000991311 _____ C:\Users\User\Downloads\Vortrag_Smartwatches_KatharinaKupfer.pdf
2022-01-21 22:19 - 2022-01-21 22:19 - 001513085 _____ C:\Users\User\Downloads\Sacherschließung_BehrensAlena.pdf
2022-01-21 22:13 - 2022-01-21 22:13 - 002327794 _____ C:\Users\User\Downloads\Handschriftenerkennung_Erhard.pdf
2022-01-20 13:39 - 2022-01-20 13:39 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_LifeCamTrueColor_01011.Wdf
2022-01-20 13:39 - 2022-01-20 13:39 - 000000000 ____D C:\Windows\SysWOW64\LifeCamTrueColor
2022-01-20 13:39 - 2022-01-20 13:39 - 000000000 ____D C:\Windows\system32\LifeCamTrueColor
2022-01-20 13:39 - 2022-01-20 13:39 - 000000000 ____D C:\Windows\LastGood.Tmp
2022-01-19 21:29 - 2022-01-19 21:30 - 001877876 _____ C:\Windows\Minidump\011922-15250-01.dmp
2022-01-19 14:11 - 2022-01-19 14:11 - 000051536 _____ C:\Users\User\Downloads\Vorbereitung_Vorstellungsgespräch_KPMG 2.odt
2022-01-19 13:57 - 2022-01-18 21:40 - 000051329 _____ C:\Users\User\OneDrive\Documents\Vorbereitung_Vorstellungsgespräch_KPMG.docx_0.odt
2022-01-18 16:52 - 2022-01-18 16:52 - 000051512 _____ C:\Users\User\Downloads\Vorbereitung_Vorstellungsgespräch_KPMG.odt
2022-01-17 21:55 - 2022-01-17 21:55 - 000000000 ____D C:\Windows\SystemTemp
2022-01-17 21:03 - 2022-01-17 21:03 - 003771392 _____ C:\Users\User\Downloads\Präsentation_OPUS_final (1).ppt
2022-01-17 15:22 - 2022-01-17 15:22 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-01-17 15:22 - 2022-01-17 15:22 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-01-17 15:22 - 2022-01-17 15:22 - 000011797 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-01-17 15:21 - 2022-01-17 15:21 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-01-17 15:20 - 2022-01-17 15:20 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2022-01-17 15:20 - 2022-01-17 15:20 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-01-17 15:09 - 2022-01-17 15:09 - 000000000 ___HD C:\$WinREAgent
2022-01-17 13:55 - 2022-01-17 13:55 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-01-17 13:54 - 2022-01-17 13:55 - 000000000 ____D C:\Users\User\AppData\Roaming\Zoom
2022-01-17 10:58 - 2022-01-17 10:59 - 000000000 ____D C:\Users\User\AppData\Roaming\webex
2022-01-17 10:52 - 2022-01-17 13:36 - 003719168 _____ C:\Users\User\Downloads\Präsentation_OPUS_final.ppt
2022-01-17 10:40 - 2022-01-17 10:40 - 000997260 _____ C:\Users\User\Downloads\Präsentation_Drotleff.pdf
2022-01-16 19:16 - 2022-01-16 19:16 - 001903364 _____ C:\Windows\Minidump\011622-9812-01.dmp
2022-01-16 15:59 - 2022-01-16 16:00 - 022465880 _____ (Lenovo Group Limited ) C:\Users\User\Downloads\n1ccd22w.exe
2022-01-16 10:28 - 2022-01-16 10:29 - 001858308 _____ C:\Windows\Minidump\011622-9593-01.dmp
2022-01-15 22:37 - 2022-01-23 21:53 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2022-01-15 20:22 - 2022-01-22 20:46 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2022-01-15 20:22 - 2022-01-15 20:22 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2022-01-15 20:22 - 2022-01-15 20:22 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-15 20:22 - 2022-01-15 20:22 - 000000000 ____D C:\ProgramData\obs-studio-hook
2022-01-15 20:22 - 2022-01-15 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-01-15 20:22 - 2022-01-15 20:22 - 000000000 ____D C:\Program Files\obs-studio
2022-01-15 20:19 - 2022-01-17 19:01 - 000000000 ____D C:\Users\User\AppData\LocalLow\WebEx
2022-01-15 20:17 - 2022-01-24 12:32 - 000000000 ____D C:\Users\User\AppData\Local\CiscoSpark
2022-01-15 20:17 - 2022-01-24 00:55 - 000000000 ____D C:\Users\User\AppData\Local\WebEx
2022-01-15 20:17 - 2022-01-17 22:04 - 000000000 ____D C:\Users\User\AppData\Local\CiscoSparkLauncher
2022-01-15 20:15 - 2022-01-15 20:15 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex
2022-01-15 17:29 - 2022-01-15 17:32 - 090640720 _____ (obsproject.com) C:\Users\User\Downloads\OBS-Studio-27.1.3-Full-Installer-x64.exe
2022-01-15 17:28 - 2022-01-15 17:34 - 272388096 _____ C:\Users\User\Downloads\Webex.msi
2022-01-15 17:26 - 2022-01-15 17:26 - 000002359 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-01-15 17:26 - 2022-01-15 17:26 - 000000000 ____D C:\Users\User\AppData\Roaming\Teams
2022-01-15 17:10 - 2022-01-15 17:10 - 000000000 ____D C:\Users\User\VirtualBox VMs
2022-01-15 16:46 - 2022-01-24 12:10 - 000000000 ____D C:\Users\User\AppData\Roaming\WhatsApp
2022-01-15 16:46 - 2022-01-15 16:46 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2022-01-15 16:45 - 2022-01-15 21:23 - 000000000 ____D C:\Users\User\AppData\Local\WhatsApp
2022-01-15 16:45 - 2022-01-15 17:26 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2022-01-15 16:43 - 2022-01-15 16:45 - 135925456 _____ (WhatsApp) C:\Users\User\Downloads\WhatsAppSetup.exe
2022-01-15 16:30 - 2022-01-21 17:28 - 000000000 ____D C:\Users\User\.VirtualBox
2022-01-15 16:30 - 2022-01-21 17:28 - 000000000 ____D C:\ProgramData\VirtualBox
2022-01-15 16:27 - 2022-01-15 16:27 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2022-01-15 16:27 - 2022-01-15 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2022-01-15 16:27 - 2022-01-15 16:27 - 000000000 ____D C:\Program Files\Oracle
2022-01-15 16:27 - 2020-07-10 01:36 - 001024848 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2022-01-15 16:27 - 2020-07-10 01:36 - 000188072 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2022-01-15 16:22 - 2022-01-15 16:26 - 170537992 _____ (Oracle Corporation) C:\Users\User\Downloads\VirtualBox-6.0.24-139119-Win.exe
2022-01-15 16:22 - 2022-01-15 16:25 - 103144908 _____ C:\Users\User\Downloads\virtualbox-6.0_6.0.24-139119_Ubuntu_eoan_amd64.deb
2022-01-15 15:15 - 2022-01-15 15:15 - 000000000 ____D C:\Users\User\AppData\LocalLow\Temp
2022-01-15 14:25 - 2022-01-15 14:25 - 000000000 ____D C:\Users\User\AppData\Roaming\OpenOffice
2022-01-15 14:24 - 2022-01-15 14:24 - 000001132 _____ C:\Users\Public\Desktop\OpenOffice 4.1.11.lnk
2022-01-15 14:24 - 2022-01-15 14:24 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11
2022-01-15 14:24 - 2022-01-15 14:24 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2022-01-15 14:20 - 2022-01-15 14:23 - 176686736 _____ (Apache Software Foundation) C:\Users\User\Downloads\Apache_OpenOffice_4.1.11_Win_x86_install_de.exe
2022-01-15 13:05 - 2022-01-24 00:55 - 000002428 _____ C:\Windows\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2022-01-15 13:04 - 2022-01-15 13:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2022-01-15 10:42 - 2022-01-24 12:33 - 000000000 ____D C:\Windows\Minidump
2022-01-15 10:42 - 2022-01-24 12:31 - 865311226 _____ C:\Windows\MEMORY.DMP
2022-01-14 23:46 - 2022-01-14 23:46 - 001060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2022-01-14 23:46 - 2022-01-14 23:46 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2022-01-14 23:37 - 2022-01-14 23:37 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2022-01-14 23:37 - 2022-01-14 23:18 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2022-01-14 23:32 - 2022-01-21 14:17 - 000000000 ____D C:\Users\User\AppData\Local\Google
2022-01-14 23:29 - 2022-01-24 18:52 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-14 23:29 - 2022-01-14 23:37 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2022-01-14 23:29 - 2022-01-14 23:37 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2022-01-14 23:29 - 2022-01-14 23:29 - 000000000 ____D C:\Users\User\AppData\Roaming\Avast Software
2022-01-14 23:29 - 2022-01-14 23:29 - 000000000 ____D C:\Users\User\AppData\Local\Avast Software
2022-01-14 23:18 - 2022-01-24 00:55 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2022-01-14 23:18 - 2022-01-23 21:54 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2022-01-14 23:18 - 2022-01-14 23:18 - 000853800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000545176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000540056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000369216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000318760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000252992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000223176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000215432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000186280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000108912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000100416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000083976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000042416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000036784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000021936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2022-01-14 23:18 - 2022-01-14 23:18 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-01-14 23:17 - 2022-01-14 23:17 - 000000000 ____D C:\Program Files\Avast Software
2022-01-14 23:06 - 2022-01-23 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2022-01-14 23:06 - 2022-01-23 22:02 - 000000000 ____D C:\Program Files (x86)\Comodo
2022-01-14 23:06 - 2022-01-14 23:06 - 000000000 ____D C:\Users\User\AppData\Local\Comodo
2022-01-14 23:06 - 2019-01-29 09:42 - 000254440 _____ (COMODO) C:\Windows\system32\iseguard64.dll
2022-01-14 23:06 - 2019-01-29 09:42 - 000205024 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
2022-01-14 23:06 - 2018-08-29 23:55 - 000063256 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2022-01-14 22:59 - 2022-01-14 22:59 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2022-01-14 22:54 - 2022-01-14 22:54 - 005711824 _____ (COMODO) C:\Users\User\Downloads\cav_installer_138430010_1a (2).exe
2022-01-14 22:48 - 2022-01-14 22:48 - 005711824 _____ (COMODO) C:\Users\User\Downloads\cav_installer_138430010_1a (1).exe
2022-01-14 22:47 - 2022-01-14 22:47 - 000000000 ____D C:\Users\User\AppData\Local\CEF
2022-01-14 22:46 - 2022-01-14 22:46 - 000000000 ___HD C:\OneDriveTemp
2022-01-14 22:44 - 2022-01-14 22:44 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys.164219668171801
2022-01-14 22:44 - 2022-01-14 22:44 - 000000000 ____D C:\Users\User\AppData\Local\PeerDistRepub
2022-01-14 21:47 - 2022-01-14 21:50 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software
2022-01-14 21:46 - 2022-01-14 21:46 - 000000000 ___HD C:\Users\User\Downloads\.opera
2022-01-14 21:46 - 2022-01-14 21:46 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2022-01-14 21:45 - 2022-01-14 21:45 - 002618312 _____ (Opera Software) C:\Users\User\Downloads\OperaSetup.exe
2022-01-14 21:35 - 2022-01-14 21:35 - 000234280 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online (2).exe
2022-01-14 21:30 - 2022-01-24 08:56 - 000000000 ____D C:\ProgramData\Comodo
2022-01-14 21:28 - 2022-01-14 21:28 - 005711824 _____ (COMODO) C:\Users\User\Downloads\cav_installer_138430010_1a.exe
2022-01-14 21:22 - 2022-01-24 08:56 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-14 21:21 - 2022-01-14 21:21 - 000234280 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2022-01-14 21:21 - 2022-01-14 21:21 - 000234280 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online (1).exe

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2022-01-24 19:11 - 2020-11-18 23:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-01-24 18:52 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-24 12:38 - 2021-12-13 18:14 - 001632020 _____ C:\Windows\system32\PerfStringBackup.INI
2022-01-24 12:38 - 2019-12-07 15:51 - 000707214 _____ C:\Windows\system32\perfh007.dat
2022-01-24 12:38 - 2019-12-07 15:51 - 000142472 _____ C:\Windows\system32\perfc007.dat
2022-01-24 12:38 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-01-24 12:32 - 2021-12-13 18:16 - 000000000 ___RD C:\Users\User\OneDrive
2022-01-24 12:31 - 2021-12-13 18:25 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-24 12:31 - 2021-12-13 18:22 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-01-24 12:31 - 2021-12-13 18:22 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2022-01-24 12:31 - 2021-12-13 18:08 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-24 12:31 - 2020-11-19 00:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-01-24 00:55 - 2021-12-13 18:21 - 000002306 _____ C:\Windows\system32\Tasks\RtHDVBg_Dolby
2022-01-24 00:55 - 2021-12-13 18:21 - 000002302 _____ C:\Windows\system32\Tasks\RTKCPL
2022-01-24 00:55 - 2021-12-13 18:21 - 000002274 _____ C:\Windows\system32\Tasks\DolbySelectorTask
2022-01-24 00:55 - 2021-12-13 18:16 - 000003062 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2262961252-2421112716-754752982-1001
2022-01-24 00:55 - 2021-12-13 18:16 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2262961252-2421112716-754752982-1001
2022-01-24 00:55 - 2021-12-13 18:09 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2262961252-2421112716-754752982-500
2022-01-24 00:55 - 2020-11-19 00:53 - 000003628 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-24 00:55 - 2020-11-19 00:53 - 000003404 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-24 00:55 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-01-23 22:00 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-01-23 09:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-01-22 00:31 - 2020-11-19 00:53 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-22 00:31 - 2020-11-19 00:53 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-22 00:31 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-21 21:31 - 2021-12-13 18:11 - 000002392 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-21 13:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-01-17 21:56 - 2020-11-18 23:50 - 000295712 _____ C:\Windows\system32\FNTCACHE.DAT
2022-01-17 21:55 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-01-17 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-01-17 15:26 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-01-17 15:09 - 2021-12-13 18:18 - 000000000 ____D C:\Windows\system32\MRT
2022-01-17 15:07 - 2021-12-13 18:18 - 145765912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-01-16 18:22 - 2020-11-19 00:54 - 000000000 ____D C:\ProgramData\Packages
2022-01-16 15:20 - 2021-12-13 18:18 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2022-01-16 09:18 - 2021-12-13 18:13 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2022-01-16 09:04 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2022-01-15 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-01-15 10:46 - 2021-12-13 18:07 - 000000000 ____D C:\Windows\Panther
2022-01-14 22:54 - 2021-12-13 18:13 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2022-01-14 22:43 - 2020-11-19 00:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-01-14 21:17 - 2020-11-19 00:51 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
 

Attachments

  • Addition.txt
    36.3 KB · Views: 21

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

I'm sorry for this long wait.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:
start

Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:

Comment: Items from the FRST.TXT log that will be removed from the Registry.
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
Task: {5ABAB308-7A46-4505-8870-3C0867070627} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Keine Datei)
Task: {9B6E70BB-8D91-416D-85E3-9BAF14DFA400} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (Keine Datei)

Comment: Items from the Addition.txt log that will be removed from the Registry.
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
FirewallRules: [{022EBC74-E391-4765-B32F-4CB7BAD697AE}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{B5C32255-9386-4ED2-8488-1F16651B3D18}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei

Comment: The system will restart.
Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Have you tried this uninstaller?

Comodo
Download and run their uninstaller tool from this site.

Restart the computer when the removal completed.
-----

Please post the Fixlog.txt and let me know what problem persists.
 

Peppy

New Member
Thread author
Jan 22, 2022
7
Hi nasdaq =),

I think there is a little misunderstanding concerning Comodo: On my current computer, on which I ran all the scans and posted the logs from, I was actually able to uninstall Comodo. Since then (a few days ago) I have no more problems with my computer, even not when it runs my VM. I hope it will stay that way.
Do you think further actions are necessary now, or should I just let it be for a while and continue to observe whether the problem persists?

Concerning my old computer: He is really broken. I can only open it in safe mode so that I cannot download Farbar or something and I can even not uninstall Comodo there. Maybe I will talk about this other computer too, but I don't think I will have time to do this in the next days ...

Kindly,
Peppy
 

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Thank you for the feeback.

As for the other computer can you not copy the Farbar program to the Desktop of the compromised computer and scan the Computer.
If you get the logs then start a new topic for that computer.
You can say that the topic has been requested by me "nasdaq"
 
  • Like
Reactions: Peppy and upnorth

Peppy

New Member
Thread author
Jan 22, 2022
7
Last time I tried to copy a program to that computer in safe mode it did not work because of lacking internet connection.

I don't have time yet. But as soon as there is a bit of time, I will try to open Farbar on my old computer, start a new topic, reserve it for nasdaq and report what's going on.

Thanks a lot so far!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top