| |
| |||||||
Mülltonne: Ist mein System befallen? TEIL IWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
25.06.2020, 10:11
| #1 |
| |  Ist mein System befallen? TEIL I Ist mein System befallen? FSRT.TXT: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
durchgeführt von JAMy (Administrator) auf JAMY (TOSHIBA TECRA Z40-B) (25-06-2020 06:43:02)
Gestartet von C:\Users\JAMy\Downloads
Geladene Profile: JAMy
Platform: Windows 10 Pro Version 2004 19640.1 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
( (fLaSh) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Users\JAMy\Downloads\SQLi Dumper v.9.7\SQLi Dumper v.9.7 [Cracked By PC-RET].exe
( (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Program Files (x86)\DU Meter\DUMeter.exe
( (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
( (SoftPerfect) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Program Files\SoftPerfect Network Scanner\netscan.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <2>
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(B3RAP Softwares) [Datei ist nicht signiert] D:\Downloads\!infected-zone.com\B3RAP Leecher v2.1.0.0\B3RAP Leecher v2.1.0.0\B3RAP Leecher v2.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_394009051d127e50\dynabookSystemService.exe
(Essential Objects, Inc. -> Essential Objects, Inc.) C:\Program Files (x86)\NinjaGram\eowp.exe <11>
(FinalWire Kft. -> FinalWire Ltd.) C:\Users\JAMy\Downloads\AIDA64 Engineer Edition 6.10.5200\aida64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <71>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe <2>
(Louis Nel -> ) [Datei ist nicht signiert] C:\Program Files (x86)\NinjaGram\NinjaGram.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\20.103.0521.0002\FileCoAuth.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2006.15930.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(MPC-HC Team) [Datei ist nicht signiert] C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(Notepad++ -> Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe
(Opera Software AS -> Opera Software) C:\Users\JAMy\AppData\Local\Programs\Opera\68.0.3618.173\opera.exe <11>
(Opera Software AS -> Opera Software) C:\Users\JAMy\AppData\Local\Programs\Opera\68.0.3618.173\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\JAMy\AppData\Local\Programs\Opera\launcher.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe <2>
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\JAMy\AppData\Roaming\Telegram Desktop\Telegram.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(VanDyke Software, Inc. -> VanDyke Software, Inc.) [Datei ist nicht signiert] C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
Code:
ATTFilter ==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [119344 2020-06-05] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [9798824 2018-02-11] ( (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [Datei ist nicht signiert]) [Datei wird verwendet ]
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [DUControl] => C:\Program Files\DirectUpdate v4\DUControl.exe [358056 2020-05-10] (William Levra-Juillet -> WildUP - William Levra-Juillet)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7570240 2020-06-04] (ProtonVPN AG -> )
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [uTorrent] => C:\Users\JAMy\AppData\Roaming\uTorrent\uTorrent.exe [1897960 2020-05-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-06-05] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1844688 2020-06-17] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Uninstall 20.084.0426.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\20.084.0426.0006\amd64"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Uninstall 20.084.0426.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\20.084.0426.0006"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Policies\system: [shell] explorer.exe <==== ACHTUNG
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\CurrentVersion\Windows: [Load] C:\Users\JAMy\bdechangepin\AppVNice.exe <==== ACHTUNG
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
GroupPolicy: Beschränkung ? <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01AB943B-F4F4-44E6-B254-8385EFD6676F} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [2873736 2020-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {0704795A-7433-457C-BA93-8E43FBEBC5E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EE3B721-B429-4ED2-9DB2-A9D54CF09695} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [135504 2015-10-31] (TOSHIBA CORPORATION -> Toshiba Corporation)
Task: {1A5B13DF-6139-4811-B64D-58102B133118} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-06-05] (Siber Systems -> Siber Systems)
Task: {2019D2C6-0C92-438A-9B7C-D08D8CCFEF2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-20] (Google LLC -> Google LLC)
Task: {248075AA-BCF8-4AC4-AE4A-2227E85690E1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124744 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3338FB32-54C7-43CB-9662-504F59637240} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23755640 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {37405C41-00FE-4DC1-AC83-16D55B92849A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {44ABA7A7-6973-40AC-9686-636F848263F1} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
Task: {46D5AB68-42A7-4535-A8E9-A09F1742E98B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23755640 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A41BBF4-BB02-47A9-9B8C-2BBCCDCE6653} - System32\Tasks\Microsoft\Windows\Shell\UpdateAgentTask_SetCBSEndOfLife => C:\WINDOWS\System32\ShellUpdateAgentTask.exe
Task: {59ACA401-F9E1-4089-92FA-CD01B42FAC11} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [Datei ist nicht signiert]
Task: {5C4F7213-3CA6-4C68-AC4C-F13EB7BB5389} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [14320 2015-05-27] (DTS, Inc. -> )
Task: {6034F1B8-68E9-4295-BE36-2E78DE5E333E} - System32\Tasks\Opera scheduled Autoupdate 1576794672 => C:\Users\JAMy\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {70B298F3-EC38-4ACF-A85B-B52409FBF974} - System32\Tasks\Microsoft\Windows\Shell\UpdateAgentTask_RemoveFOD => C:\WINDOWS\System32\ShellUpdateAgentTask.exe
Task: {75968B3D-5BF4-4C56-8EF5-4B53C23EA167} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {763B80BB-CB0F-4B89-B9F2-994027E31FFC} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {7AED0539-48F9-4A80-9831-195BF6BC4E53} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [699272 2015-07-30] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {7BE0260B-1671-4E24-82C1-B5FD17E56B93} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNLOMJMLLGMIMGMGMCNLMIMMLPMCNKMLMOMOLCNOMLLLMMLCNMMMLOLNLJLJLNLJLHMJMOMLLJNJICMHMCNGMCNPMFMOMOMCNOMCNOMGMJMMMKMFMPMCNPMCNOMGMJMMMKMCNNMJNPICMPMFMEKMICNJJCKFMMMLMLMMMJNHICMEKMICNJJCKJNBJCMCJCJKIBJMJOJBJPLHJAJLICJOJGJDJBNMJAJC (Der Dateneintrag hat 112 mehr Zeichen).
Task: {85CE551E-95A9-4904-805D-C9BEA4C733AA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8E63F37C-7691-4369-B2D7-B64432C455AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A11BBF95-9AA3-4BA8-A1B8-5D74518BBEAD} - System32\Tasks\AIDA64 AutoStart => C:\Users\JAMy\Downloads\AIDA64 Engineer Edition 6.10.5200\aida64.exe [11488664 2020-04-06] (FinalWire Kft. -> FinalWire Ltd.)
Task: {AAFCE2B0-D793-49DC-8B69-F188CC9205C3} - System32\Tasks\Microsoft\Windows\Shell\UpdateAgentTask_AcquireFOD => C:\WINDOWS\System32\ShellUpdateAgentTask.exe
Task: {BAAD7B17-BE5B-484D-8569-162449809827} - System32\Tasks\Opera scheduled assistant Autoupdate 1582912770 => C:\Users\JAMy\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {BBCF1305-D3BA-4B31-8EC7-56B011EBCF82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BE51058A-DDE5-4BE8-9A1D-12E2383B1169} - System32\Tasks\Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup => C:\WINDOWS\system32\MdmDiagnosticsTool.exe [86016 2020-05-31] (Microsoft Windows -> Microsoft Corporation)
Task: {C2A90075-10F8-4A93-B66E-F3D052630A35} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D18D0ECC-C513-42D0-AC02-1F877CA6A117} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124744 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {D58F54AB-04C5-4959-8703-D0E089237DE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4368792 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA1E8E10-2D4A-41DA-8AA4-941FE8A383DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4368792 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD31C997-A4A9-4443-BC3C-35C2AD1CEE6C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-04-05] () [Datei ist nicht signiert]
Task: {EB418162-B46F-4AD1-9E45-513B9EA45488} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-20] (Google LLC -> Google LLC)
Task: {F2EC28DE-4229-4C3E-B862-EB61EEC20832} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {FA4C0411-4AFC-4E55-ABBF-FCE9C2594936} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {FF87276E-93E1-49A8-9115-A290495F65D3} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [475720 2015-11-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Code:
ATTFilter ==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\..\Interfaces\{535216d0-4a62-49ee-86c6-e7ec274937ef}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{cf2740b7-922f-4002-8a45-2dfa969bf798}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\JAMy\Downloads
Edge Session Restore: HKU\S-1-5-21-3394589027-3204535628-501861619-1001 -> ist aktiviert.
Edge Profile: C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-20]
Edge HomePage: Default -> hxxp://winfuture.de/
Edge Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2020-05-23]
FireFox:
========
FF DefaultProfile: 6auopfld.default
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default [2020-04-05]
FF user.js: detected! => C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\user.js [2020-04-14]
FF Extension: (Avira Browser Safety) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\abs@avira.com [2020-03-20]
FF Extension: (Avira Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\passwordmanager@avira.com [2020-03-20]
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> socks_remote_dns", true
FF Session Restore: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> hxxps://de.chaturbate.com; hxxps://www.instagram.com; hxxps://www.youtube.com; hxxps://www.infected-zone.com
FF Extension: (HackBar V2) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\hackbar@chewbaka.xpi [2020-04-24]
FF Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rf-firefox@siber.com.xpi [2020-05-29]
FF Extension: (Google Images Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rushikesh988@gmail.com.xpi [2020-02-01]
FF Extension: (Loading…) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\switchyomega@feliscatus.addons.mozilla.org.xpi [2020-02-15]
FF Extension: (uBlock Origin) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\uBlock0@raymondhill.net.xpi [2020-06-14]
FF Extension: (Geschlossenen Tab wiederherstellen) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4853d046-c5a3-436b-bc36-220fd935ee1d}.xpi [2020-06-14]
FF Extension: (Image Search Options) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2020-06-14]
FF Extension: (Bulk Image Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2020-03-06]
FF Extension: (Popup Blocker Ultimate) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-05-27]
FF Extension: (Video DownloadHelper) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-31]
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3394589027-3204535628-501861619-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\JAMy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Code:
ATTFilter ==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\..\Interfaces\{535216d0-4a62-49ee-86c6-e7ec274937ef}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{cf2740b7-922f-4002-8a45-2dfa969bf798}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\JAMy\Downloads
Edge Session Restore: HKU\S-1-5-21-3394589027-3204535628-501861619-1001 -> ist aktiviert.
Edge Profile: C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-20]
Edge HomePage: Default -> hxxp://winfuture.de/
Edge Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2020-05-23]
FireFox:
========
FF DefaultProfile: 6auopfld.default
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default [2020-04-05]
FF user.js: detected! => C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\user.js [2020-04-14]
FF Extension: (Avira Browser Safety) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\abs@avira.com [2020-03-20]
FF Extension: (Avira Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\passwordmanager@avira.com [2020-03-20]
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> socks_remote_dns", true
FF Session Restore: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> hxxps://de.chaturbate.com; hxxps://www.instagram.com; hxxps://www.youtube.com; hxxps://www.infected-zone.com
FF Extension: (HackBar V2) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\hackbar@chewbaka.xpi [2020-04-24]
FF Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rf-firefox@siber.com.xpi [2020-05-29]
FF Extension: (Google Images Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rushikesh988@gmail.com.xpi [2020-02-01]
FF Extension: (Loading…) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\switchyomega@feliscatus.addons.mozilla.org.xpi [2020-02-15]
FF Extension: (uBlock Origin) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\uBlock0@raymondhill.net.xpi [2020-06-14]
FF Extension: (Geschlossenen Tab wiederherstellen) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4853d046-c5a3-436b-bc36-220fd935ee1d}.xpi [2020-06-14]
FF Extension: (Image Search Options) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2020-06-14]
FF Extension: (Bulk Image Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2020-03-06]
FF Extension: (Popup Blocker Ultimate) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-05-27]
FF Extension: (Video DownloadHelper) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-31]
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3394589027-3204535628-501861619-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\JAMy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Code:
ATTFilter Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default [2020-06-25]
CHR Notifications: Default -> hxxps://drive.google.com; hxxps://hackforums.net; hxxps://mail.protonmail.com; hxxps://meet.google.com; hxxps://my.jdownloader.org; hxxps://onehack.us; hxxps://photos.google.com; hxxps://voice.google.com; hxxps://web.telegram.org; hxxps://web.whatsapp.com; hxxps://www.autoscout24.de; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://winfuture.de/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN12423099901259333&UM=2","hxxp://www.google.com","hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=101213","hxxp://start.qone8.com/?type=hp&ts=1382754999&from=cor&uid=ST3000DM001-9YN166_Z1F0D5LBXXXXZ1F0D5LB","hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN10735909922762190&UM=2","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://proxyscrape.com/images/icons/icon-72x72.png
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Google Übersetzer) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-04-17]
CHR Extension: (ProxyScrape) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdelhainajcnkaieebidnobdjdkddimo [2020-04-17]
CHR Extension: (External Application Button) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bifmfjgpgndemajpeeoiopbeilbaifdo [2020-06-04]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2020-04-17]
CHR Extension: (Listango Bookmark Manager) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbdkkenkdllkpiognpnmlaglmojagnh [2020-04-17]
CHR Extension: (NoScript) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\doojmbjmlfjjnbmnoijecmcbfeoakpjm [2020-06-23]
CHR Extension: (MyJDownloader Browser Erweiterung) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2020-05-08]
CHR Extension: (KProxy Extension) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2020-06-20]
CHR Extension: (PDF Mage) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gknphemhpcknkhegndlihchfonpdcben [2020-06-23]
CHR Extension: (Bookmarks) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcgggmjhkegncpcaffddonfhpnfocdk [2020-04-17]
CHR Extension: (Video DownloadHelper) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2020-04-17]
CHR Extension: (Offcloud for Drive) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaijleinoonghaenmjibfhbldeobllp [2020-04-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-17]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2020-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-28]
CHR Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-05-15]
CHR Profile: C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-16]
CHR Extension: (Slides) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-25]
CHR Extension: (Docs) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-25]
CHR Extension: (Google Drive) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-01-25]
CHR Extension: (YouTube) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-25]
CHR Extension: (Adobe Acrobat) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-16]
CHR Extension: (Sheets) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-25]
CHR Extension: (Gmail) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-16]
CHR Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-04-16]
CHR Profile: C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-16]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-12-20]
CHR HKU\S-1-5-21-3394589027-3204535628-501861619-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-12-20]
Opera:
=======
OPR Notifications: hxxps://board.streamboard.tv; hxxps://mail.protonmail.com; hxxps://www.instagram.com; hxxps://www.reddit.com
OPR Extension: (Install Chrome Extensions) - C:\Users\JAMy\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-26]
OPR Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Roaming\Opera Software\Opera Stable\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-05-20]
|
|
25.06.2020, 11:34
| #2 |
| /// TB-Ausbilder   | Ist mein System befallen? TEIL I Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. FRST.txt ist unvollständig und Addition.txt fehlt. |
|
28.06.2020, 08:11
| #3 |
| /// TB-Ausbilder | Ist mein System befallen? TEIL I Fehlende Rückmeldung
__________________Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und ein eigenes Thema erstellen! |
| Themen zu Ist mein System befallen? TEIL I |
| acrobat, administrator, adobe, amd, audio, datei, defender, desktop, deutsch, firefox, google, ics, microsoft, mozilla, office, opera, prozesse, realtek, rundll, scan, sound, system, system32, usb, viren, virus, windows, windowsapps |
Linear-Darstellung
