Nasdaq, may I ask you to help me with the FRST scan for my laptop too? It has Win 8.1, and I am using both PCs in a network. Maybe I can analyze afterwards what you have done and learn to do it by myself. I often meet people who have problems on their machines and I would use it with pleasure to help myself and anybody else along the way.
If you don't have time or interest, it is ok. Thanks a lot anyway!!
I have translated the topic bellow for you. Maybe you will find it useful. The link for the MS tool is already in english.
"Vermins undermine Windows certificate system
More and more Trojans install their own root CAs in Windows to sign their malicious programs or to manipulate Web page calls.
Certificates secure encrypted connections and use digital signatures to identify the software of trusted developers. Certificates and signatures are considered valid, if they are signed by a recognized certificate publisher. Criminals increasingly trust themselves to do so by installing an appropriate certificate on their victims' own systems.
A common on Youtube vermin impersonated himself as a Coin Generator and Aimbot for the survival game Fortnite. In the background, he reads the gamers web page invocations, and injects there his own advertising. In order to do this with encrypted HTTPS pages, he installs his own root CA and then latches himself as Man in the Middle in the connections (see: Man in the Middle Attack: Online gamblers in the sights of online criminals)
Miner or Ransomware
The malicious downloader Rakhni, analyzed by Kaspersky, installs electively a crypto miner or a blackmail Trojan on his victim's system. Before that, however, he does a lot to pave the way for the actual malicious software. He first tests in different ways, whether he is running in a virtual machine, whether analysis tools are running and he deactivates antivirus software like the Windows Defender. And before he reloads further malicious programs, he also corrupts the Windows certificate system sustainably.
To do this, he installs a new root CA in the certificate store of the Windows system via a brought-in original command line tool. The new certification authority is issued in the name of Microsoft or Adobe and may in the future then confirm the authenticity of digital signatures. The criminals are making heavy use of it: all subsequent malware components are signed with it. Presumably, the authors hope to gain on this way the trust of virus guards or avoid special security policies.
Checking Windows Crypto Infrastructure
These are not the first cases of malicious root CAs that deliberately infiltrate vermins into the system. The Trojan Retefe, for example, installed an alleged Thawte certificate for online banking scams years ago. With the increasing use of TLS and digital signatures, more and more malware is now using such tricks. This is treacherous, especially given the fact that such leftovers are often not discovered during a cleaning and are therefore not removed.
Checking the authenticity of CA certificates installed on a Windows system is astoundingly difficult. And it is by no means enough to compare the certificates with a clean reference system, because Microsoft dynamically adds CAs as needed. Only with the addition of tools such as sigcheck from the Sysinternals suite can you compare the currently installed certificates to Microsoft's official directory of registered CAs."