Ist mein System befallen? TEIL I
Ist mein System befallen?
FSRT.TXT: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
durchgeführt von JAMy (Administrator) auf JAMY (TOSHIBA TECRA Z40-B) (25-06-2020 06:43:02)
Gestartet von C:\Users\JAMy\Downloads
Geladene Profile: JAMy
Platform: Windows 10 Pro Version 2004 19640.1 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
( (fLaSh) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Users\JAMy\Downloads\SQLi Dumper v.9.7\SQLi Dumper v.9.7 [Cracked By PC-RET].exe
( (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Program Files (x86)\DU Meter\DUMeter.exe
( (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
( (SoftPerfect) [Datei ist nicht signiert]) [Datei wird verwendet ] C:\Program Files\SoftPerfect Network Scanner\netscan.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <2>
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(B3RAP Softwares) [Datei ist nicht signiert] D:\Downloads\!infected-zone.com\B3RAP Leecher v2.1.0.0\B3RAP Leecher v2.1.0.0\B3RAP Leecher v2.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_394009051d127e50\dynabookSystemService.exe
(Essential Objects, Inc. -> Essential Objects, Inc.) C:\Program Files (x86)\NinjaGram\eowp.exe <11>
(FinalWire Kft. -> FinalWire Ltd.) C:\Users\JAMy\Downloads\AIDA64 Engineer Edition 6.10.5200\aida64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <71>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe <2>
(Louis Nel -> ) [Datei ist nicht signiert] C:\Program Files (x86)\NinjaGram\NinjaGram.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\20.103.0521.0002\FileCoAuth.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2006.15930.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(MPC-HC Team) [Datei ist nicht signiert] C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(Notepad++ -> Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe
(Opera Software AS -> Opera Software) C:\Users\JAMy\AppData\Local\Programs\Opera\68.0.3618.173\opera.exe <11>
(Opera Software AS -> Opera Software) C:\Users\JAMy\AppData\Local\Programs\Opera\68.0.3618.173\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\JAMy\AppData\Local\Programs\Opera\launcher.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe <2>
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\JAMy\AppData\Roaming\Telegram Desktop\Telegram.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(VanDyke Software, Inc. -> VanDyke Software, Inc.) [Datei ist nicht signiert] C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
Code:
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [119344 2020-06-05] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [9798824 2018-02-11] ( (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [Datei ist nicht signiert]) [Datei wird verwendet ]
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [DUControl] => C:\Program Files\DirectUpdate v4\DUControl.exe [358056 2020-05-10] (William Levra-Juillet -> WildUP - William Levra-Juillet)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7570240 2020-06-04] (ProtonVPN AG -> )
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [uTorrent] => C:\Users\JAMy\AppData\Roaming\uTorrent\uTorrent.exe [1897960 2020-05-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-06-05] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1844688 2020-06-17] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Uninstall 20.084.0426.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\20.084.0426.0006\amd64"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\RunOnce: [Uninstall 20.084.0426.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JAMy\AppData\Local\Microsoft\OneDrive\20.084.0426.0006"
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Policies\system: [shell] explorer.exe <==== ACHTUNG
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\...\CurrentVersion\Windows: [Load] C:\Users\JAMy\bdechangepin\AppVNice.exe <==== ACHTUNG
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
GroupPolicy: Beschränkung ? <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01AB943B-F4F4-44E6-B254-8385EFD6676F} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [2873736 2020-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {0704795A-7433-457C-BA93-8E43FBEBC5E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EE3B721-B429-4ED2-9DB2-A9D54CF09695} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [135504 2015-10-31] (TOSHIBA CORPORATION -> Toshiba Corporation)
Task: {1A5B13DF-6139-4811-B64D-58102B133118} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145680 2020-06-05] (Siber Systems -> Siber Systems)
Task: {2019D2C6-0C92-438A-9B7C-D08D8CCFEF2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-20] (Google LLC -> Google LLC)
Task: {248075AA-BCF8-4AC4-AE4A-2227E85690E1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124744 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3338FB32-54C7-43CB-9662-504F59637240} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23755640 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {37405C41-00FE-4DC1-AC83-16D55B92849A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {44ABA7A7-6973-40AC-9686-636F848263F1} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
Task: {46D5AB68-42A7-4535-A8E9-A09F1742E98B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23755640 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A41BBF4-BB02-47A9-9B8C-2BBCCDCE6653} - System32\Tasks\Microsoft\Windows\Shell\UpdateAgentTask_SetCBSEndOfLife => C:\WINDOWS\System32\ShellUpdateAgentTask.exe
Task: {59ACA401-F9E1-4089-92FA-CD01B42FAC11} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [Datei ist nicht signiert]
Task: {5C4F7213-3CA6-4C68-AC4C-F13EB7BB5389} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [14320 2015-05-27] (DTS, Inc. -> )
Task: {6034F1B8-68E9-4295-BE36-2E78DE5E333E} - System32\Tasks\Opera scheduled Autoupdate 1576794672 => C:\Users\JAMy\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {70B298F3-EC38-4ACF-A85B-B52409FBF974} - System32\Tasks\Microsoft\Windows\Shell\UpdateAgentTask_RemoveFOD => C:\WINDOWS\System32\ShellUpdateAgentTask.exe
Task: {75968B3D-5BF4-4C56-8EF5-4B53C23EA167} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {763B80BB-CB0F-4B89-B9F2-994027E31FFC} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {7AED0539-48F9-4A80-9831-195BF6BC4E53} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [699272 2015-07-30] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {7BE0260B-1671-4E24-82C1-B5FD17E56B93} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNLOMJMLLGMIMGMGMCNLMIMMLPMCNKMLMOMOLCNOMLLLMMLCNMMMLOLNLJLJLNLJLHMJMOMLLJNJICMHMCNGMCNPMFMOMOMCNOMCNOMGMJMMMKMFMPMCNPMCNOMGMJMMMKMCNNMJNPICMPMFMEKMICNJJCKFMMMLMLMMMJNHICMEKMICNJJCKJNBJCMCJCJKIBJMJOJBJPLHJAJLICJOJGJDJBNMJAJC (Der Dateneintrag hat 112 mehr Zeichen).
Task: {85CE551E-95A9-4904-805D-C9BEA4C733AA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8E63F37C-7691-4369-B2D7-B64432C455AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A11BBF95-9AA3-4BA8-A1B8-5D74518BBEAD} - System32\Tasks\AIDA64 AutoStart => C:\Users\JAMy\Downloads\AIDA64 Engineer Edition 6.10.5200\aida64.exe [11488664 2020-04-06] (FinalWire Kft. -> FinalWire Ltd.)
Task: {AAFCE2B0-D793-49DC-8B69-F188CC9205C3} - System32\Tasks\Microsoft\Windows\Shell\UpdateAgentTask_AcquireFOD => C:\WINDOWS\System32\ShellUpdateAgentTask.exe
Task: {BAAD7B17-BE5B-484D-8569-162449809827} - System32\Tasks\Opera scheduled assistant Autoupdate 1582912770 => C:\Users\JAMy\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {BBCF1305-D3BA-4B31-8EC7-56B011EBCF82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BE51058A-DDE5-4BE8-9A1D-12E2383B1169} - System32\Tasks\Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup => C:\WINDOWS\system32\MdmDiagnosticsTool.exe [86016 2020-05-31] (Microsoft Windows -> Microsoft Corporation)
Task: {C2A90075-10F8-4A93-B66E-F3D052630A35} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D18D0ECC-C513-42D0-AC02-1F877CA6A117} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124744 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {D58F54AB-04C5-4959-8703-D0E089237DE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4368792 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA1E8E10-2D4A-41DA-8AA4-941FE8A383DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4368792 2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD31C997-A4A9-4443-BC3C-35C2AD1CEE6C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-04-05] () [Datei ist nicht signiert]
Task: {EB418162-B46F-4AD1-9E45-513B9EA45488} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-20] (Google LLC -> Google LLC)
Task: {F2EC28DE-4229-4C3E-B862-EB61EEC20832} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {FA4C0411-4AFC-4E55-ABBF-FCE9C2594936} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {FF87276E-93E1-49A8-9115-A290495F65D3} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [475720 2015-11-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Code:
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\..\Interfaces\{535216d0-4a62-49ee-86c6-e7ec274937ef}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{cf2740b7-922f-4002-8a45-2dfa969bf798}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\JAMy\Downloads
Edge Session Restore: HKU\S-1-5-21-3394589027-3204535628-501861619-1001 -> ist aktiviert.
Edge Profile: C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-20]
Edge HomePage: Default -> hxxp://winfuture.de/
Edge Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2020-05-23]
FireFox:
========
FF DefaultProfile: 6auopfld.default
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default [2020-04-05]
FF user.js: detected! => C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\user.js [2020-04-14]
FF Extension: (Avira Browser Safety) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\abs@avira.com [2020-03-20]
FF Extension: (Avira Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\passwordmanager@avira.com [2020-03-20]
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> socks_remote_dns", true
FF Session Restore: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> hxxps://de.chaturbate.com; hxxps://www.instagram.com; hxxps://www.youtube.com; hxxps://www.infected-zone.com
FF Extension: (HackBar V2) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\hackbar@chewbaka.xpi [2020-04-24]
FF Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rf-firefox@siber.com.xpi [2020-05-29]
FF Extension: (Google Images Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rushikesh988@gmail.com.xpi [2020-02-01]
FF Extension: (Loading…) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\switchyomega@feliscatus.addons.mozilla.org.xpi [2020-02-15]
FF Extension: (uBlock Origin) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\uBlock0@raymondhill.net.xpi [2020-06-14]
FF Extension: (Geschlossenen Tab wiederherstellen) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4853d046-c5a3-436b-bc36-220fd935ee1d}.xpi [2020-06-14]
FF Extension: (Image Search Options) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2020-06-14]
FF Extension: (Bulk Image Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2020-03-06]
FF Extension: (Popup Blocker Ultimate) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-05-27]
FF Extension: (Video DownloadHelper) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-31]
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3394589027-3204535628-501861619-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\JAMy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Code:
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\..\Interfaces\{535216d0-4a62-49ee-86c6-e7ec274937ef}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{cf2740b7-922f-4002-8a45-2dfa969bf798}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3394589027-3204535628-501861619-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-06-05] (Siber Systems -> Siber Systems Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-10] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\JAMy\Downloads
Edge Session Restore: HKU\S-1-5-21-3394589027-3204535628-501861619-1001 -> ist aktiviert.
Edge Profile: C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-20]
Edge HomePage: Default -> hxxp://winfuture.de/
Edge Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2020-05-23]
FireFox:
========
FF DefaultProfile: 6auopfld.default
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default [2020-04-05]
FF user.js: detected! => C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\user.js [2020-04-14]
FF Extension: (Avira Browser Safety) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\abs@avira.com [2020-03-20]
FF Extension: (Avira Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\6auopfld.default\Extensions\passwordmanager@avira.com [2020-03-20]
FF ProfilePath: C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> socks_remote_dns", true
FF Session Restore: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177 -> hxxps://de.chaturbate.com; hxxps://www.instagram.com; hxxps://www.youtube.com; hxxps://www.infected-zone.com
FF Extension: (HackBar V2) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\hackbar@chewbaka.xpi [2020-04-24]
FF Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rf-firefox@siber.com.xpi [2020-05-29]
FF Extension: (Google Images Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\rushikesh988@gmail.com.xpi [2020-02-01]
FF Extension: (Loading…) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\switchyomega@feliscatus.addons.mozilla.org.xpi [2020-02-15]
FF Extension: (uBlock Origin) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\uBlock0@raymondhill.net.xpi [2020-06-14]
FF Extension: (Geschlossenen Tab wiederherstellen) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4853d046-c5a3-436b-bc36-220fd935ee1d}.xpi [2020-06-14]
FF Extension: (Image Search Options) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2020-06-14]
FF Extension: (Bulk Image Downloader) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2020-03-06]
FF Extension: (Popup Blocker Ultimate) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-05-27]
FF Extension: (Video DownloadHelper) - C:\Users\JAMy\AppData\Roaming\Mozilla\Firefox\Profiles\nqa14m22.default-release-1580575227177\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-31]
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3394589027-3204535628-501861619-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\JAMy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Code:
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default [2020-06-25]
CHR Notifications: Default -> hxxps://drive.google.com; hxxps://hackforums.net; hxxps://mail.protonmail.com; hxxps://meet.google.com; hxxps://my.jdownloader.org; hxxps://onehack.us; hxxps://photos.google.com; hxxps://voice.google.com; hxxps://web.telegram.org; hxxps://web.whatsapp.com; hxxps://www.autoscout24.de; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://winfuture.de/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN12423099901259333&UM=2","hxxp://www.google.com","hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=101213","hxxp://start.qone8.com/?type=hp&ts=1382754999&from=cor&uid=ST3000DM001-9YN166_Z1F0D5LBXXXXZ1F0D5LB","hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN10735909922762190&UM=2","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://proxyscrape.com/images/icons/icon-72x72.png
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Google Übersetzer) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-04-17]
CHR Extension: (ProxyScrape) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdelhainajcnkaieebidnobdjdkddimo [2020-04-17]
CHR Extension: (External Application Button) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bifmfjgpgndemajpeeoiopbeilbaifdo [2020-06-04]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2020-04-17]
CHR Extension: (Listango Bookmark Manager) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbdkkenkdllkpiognpnmlaglmojagnh [2020-04-17]
CHR Extension: (NoScript) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\doojmbjmlfjjnbmnoijecmcbfeoakpjm [2020-06-23]
CHR Extension: (MyJDownloader Browser Erweiterung) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2020-05-08]
CHR Extension: (KProxy Extension) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2020-06-20]
CHR Extension: (PDF Mage) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gknphemhpcknkhegndlihchfonpdcben [2020-06-23]
CHR Extension: (Bookmarks) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcgggmjhkegncpcaffddonfhpnfocdk [2020-04-17]
CHR Extension: (Video DownloadHelper) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2020-04-17]
CHR Extension: (Offcloud for Drive) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaijleinoonghaenmjibfhbldeobllp [2020-04-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-17]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2020-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-28]
CHR Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-05-15]
CHR Profile: C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-16]
CHR Extension: (Slides) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-25]
CHR Extension: (Docs) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-25]
CHR Extension: (Google Drive) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-01-25]
CHR Extension: (YouTube) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-25]
CHR Extension: (Adobe Acrobat) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-16]
CHR Extension: (Sheets) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-25]
CHR Extension: (Gmail) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-16]
CHR Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-04-16]
CHR Profile: C:\Users\JAMy\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-16]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-12-20]
CHR HKU\S-1-5-21-3394589027-3204535628-501861619-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-12-20]
Opera:
=======
OPR Notifications: hxxps://board.streamboard.tv; hxxps://mail.protonmail.com; hxxps://www.instagram.com; hxxps://www.reddit.com
OPR Extension: (Install Chrome Extensions) - C:\Users\JAMy\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-26]
OPR Extension: (RoboForm Password Manager) - C:\Users\JAMy\AppData\Roaming\Opera Software\Opera Stable\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2020-05-20]
|
