Danke, dass du mir hilfst.
So.
1.Schritt: Malware spuckt das aus Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.12.21.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Wissem :: VAIO [Administrator]
21.12.2013 16:32:37
mbam-log-2013-12-21 (16-32-37).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235396
Laufzeit: 16 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 4
C:\Users\Wissem\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\OpenCandy\37B0B18711BC42FA9F6576141CF69BF4 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\OpenCandy\EDFEBE4077DB40CE99055735E01DDD76 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 11
C:\Users\Wissem\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Local\Temp\is1590112554\4955247_stp.EXE (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\Downloads\Live_Soccer_TV.exe (PUP.Optional.iBryte) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\Downloads\nicht bestätigt 797467.crdownload (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\Downloads\plugin.exe (MSIL.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\OpenCandy\37B0B18711BC42FA9F6576141CF69BF4\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wissem\AppData\Roaming\OpenCandy\EDFEBE4077DB40CE99055735E01DDD76\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
2.Schritt: AdwCleaner, da hab ich zwei Dateien. Die erste ist eine R0 Datei, die zweite die S0 Datei.
AdwCleaner Logfile: Code:
# AdwCleaner v3.015 - Bericht erstellt am 21/12/2013 um 17:35:20
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Wissem - VAIO
# Gestartet von : C:\Users\Wissem\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Wissem\AppData\Roaming\Mozilla\Firefox\Profiles\mi8z95u3.default\searchplugins\softonic.xml
Datei Gefunden : C:\Users\Wissem\AppData\Roaming\Mozilla\Firefox\Profiles\mi8z95u3.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\digitalsite
Datei Gefunden : C:\Windows\Tasks\digitalsite.job
Ordner Gefunden C:\Program Files\myfree codec
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gefunden C:\Users\Wissem\AppData\LocalLow\Softonic
Ordner Gefunden C:\Users\Wissem\AppData\Roaming\digitalsite
Ordner Gefunden C:\Users\Wissem\AppData\Roaming\dvdvideosoftiehelpers
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\dsiteproducts
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\digitalsite
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF7FC274-B63D-42DB-8AC9-FF733C6F2276}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200
Schlüssel Gefunden : HKLM\Software\Myfree Codec
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16526
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=56cac5660000000000000022fb010e18
-\\ Mozilla Firefox v25.0 (de)
[ Datei : C:\Users\Wissem\AppData\Roaming\Mozilla\Firefox\Profiles\mi8z95u3.default\prefs.js ]
Zeile gefunden : user_pref("extensions.Softonic.admin", false);
Zeile gefunden : user_pref("extensions.Softonic.aflt", "OC");
Zeile gefunden : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gefunden : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gefunden : user_pref("extensions.Softonic.dnsErr", true);
Zeile gefunden : user_pref("extensions.Softonic.excTlbr", false);
Zeile gefunden : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gefunden : user_pref("extensions.Softonic.hmpg", true);
Zeile gefunden : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=56cac5660000000000000022fb010e18");
Zeile gefunden : user_pref("extensions.Softonic.id", "56cac5660000000000000022fb010e18");
Zeile gefunden : user_pref("extensions.Softonic.instlDay", "16021");
Zeile gefunden : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gefunden : user_pref("extensions.Softonic.newTab", true);
Zeile gefunden : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=56cac5660000000000000022fb010e18");
Zeile gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gefunden : user_pref("extensions.Softonic.rvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gefunden : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gefunden : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=56cac5660000000000000022fb010e18&q=");
Zeile gefunden : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gefunden : user_pref("extensions.Softonic.vrsnTs", "1.8.21.142:11:55");
Zeile gefunden : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6153 octets] - [21/12/2013 17:35:20]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6213 octets] ########## --- --- ---
[/CODE]
AdwCleaner Logfile: Code:
# AdwCleaner v3.015 - Bericht erstellt am 21/12/2013 um 17:37:58
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Wissem - VAIO
# Gestartet von : C:\Users\Wissem\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Users\Wissem\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Wissem\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Wissem\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Users\Wissem\AppData\Roaming\Mozilla\Firefox\Profiles\mi8z95u3.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\Wissem\AppData\Roaming\Mozilla\Firefox\Profiles\mi8z95u3.default\user.js
Datei Gelöscht : C:\Windows\Tasks\digitalsite.job
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF7FC274-B63D-42DB-8AC9-FF733C6F2276}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF7FC274-B63D-42DB-8AC9-FF733C6F2276}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16526
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v25.0 (de)
[ Datei : C:\Users\Wissem\AppData\Roaming\Mozilla\Firefox\Profiles\mi8z95u3.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=56cac5660000000000000022fb010e18");
Zeile gelöscht : user_pref("extensions.Softonic.id", "56cac5660000000000000022fb010e18");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16021");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=56cac5660000000000000022fb010e18");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=56cac5660000000000000022fb010e18&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.142:11:55");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6293 octets] - [21/12/2013 17:35:20]
AdwCleaner[S0].txt - [6168 octets] - [21/12/2013 17:37:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6228 octets] ########## --- --- ---
[/CODE]
3.Schritt: Junkware Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Wissem on 21.12.2013 at 17:48:31,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A77706B0-D6C9-40EF-9833-2FABCC21BF88}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.12.2013 at 17:51:55,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4.Schritt: FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Wissem (administrator) on VAIO on 21-12-2013 17:55:25
Running from C:\Users\Wissem\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMgr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\LANUtil.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Wissem\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6295552 2008-10-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [MarketingTools] - C:\Program Files\sony\Marketing Tools\MarketingTools.exe [24576 2013-01-21] (Sony Corporation)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-10-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BlueStacks Agent] - C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-04] (BlueStack Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [NSUFloatingUI] - C:\Program Files\sony\Network Utility\LANUtil.exe [270336 2008-11-05] (Sony Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-06-04] (Samsung)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Gast\...\Run: [NSUFloatingUI] - C:\Program Files\sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
Startup: C:\Users\Wissem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wissem\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sonystyle-europe.com?csint=140016340
hxxp://www.club-vaio.com/vbc/ebay/index.html
hxxp://www.club-vaio.com/vbc
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.com?csint=140016340
hxxp://www.club-vaio.com/vbc/ebay/index.html
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {D645DA1C-3672-4AE1-AD32-6ADE02A88FD2} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKCU - {D645DA1C-3672-4AE1-AD32-6ADE02A88FD2} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=&rlz=1I7SNYK_de
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Wissem\AppData\Roaming\Mozilla\Firefox\Profiles\mi8z95u3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Wissem\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFF
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.2.1.33_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (CnC TA Script Collection) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo\1.2.8.49_0
CHR Extension: (Google Wallet) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.2.3_0
CHR Extension: (Gmail) - C:\Users\Wissem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-04] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-04] (BlueStack Systems, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll [567600 2013-10-03] (Symantec Corporation)
R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-11-05] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [72856 2012-03-06] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [93336 2012-03-06] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-03-05] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2008-12-09] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-09-05] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [480624 2009-09-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-03-05] (Sony Corporation)
R3 VUAgent; C:\Program Files\sony\VAIO Update\VUAgent.exe [1020976 2013-08-01] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-03-05] (Sony Corporation)
S3 MSCSPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [x]
S3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [x]
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-04] (BlueStack Systems)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20131220.001\IDSvix86.sys [394456 2013-12-13] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20131220.008\NAVENG.SYS [93272 2013-12-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20131220.008\NAVEX15.SYS [1612376 2013-12-18] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-21 17:51 - 2013-12-21 17:51 - 00000782 _____ C:\Users\Wissem\Desktop\JRT.txt
2013-12-21 17:35 - 2013-12-21 17:38 - 00000000 ____D C:\AdwCleaner
2013-12-21 16:27 - 2013-12-21 16:27 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 16:27 - 2013-12-21 16:27 - 00000000 ____D C:\Users\Wissem\AppData\Roaming\Malwarebytes
2013-12-21 16:27 - 2013-12-21 16:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 16:27 - 2013-12-21 16:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-21 16:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-21 16:24 - 2013-12-21 16:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Wissem\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-21 16:24 - 2013-12-21 16:24 - 01226750 _____ C:\Users\Wissem\Desktop\adwcleaner.exe
2013-12-21 16:24 - 2013-12-21 16:24 - 01034531 _____ (Thisisu) C:\Users\Wissem\Desktop\JRT.exe
2013-12-21 05:09 - 2013-12-21 05:09 - 00008820 _____ C:\Users\Wissem\Desktop\Gmer.txt
2013-12-21 04:06 - 2013-12-21 04:14 - 00028685 _____ C:\Users\Wissem\Desktop\Addition.txt
2013-12-21 04:05 - 2013-12-21 17:55 - 00020040 _____ C:\Users\Wissem\Desktop\FRST.txt
2013-12-21 04:05 - 2013-12-21 04:05 - 00000000 ____D C:\FRST
2013-12-21 04:00 - 2013-12-21 04:01 - 00000474 _____ C:\Users\Wissem\Desktop\defogger_disable.log
2013-12-21 04:00 - 2013-12-21 04:00 - 00000000 _____ C:\Users\Wissem\defogger_reenable
2013-12-21 03:57 - 2013-12-21 03:57 - 00377856 _____ C:\Users\Wissem\Desktop\gmer_2.1.19163.exe
2013-12-21 03:56 - 2013-12-21 03:57 - 01325858 _____ (Farbar) C:\Users\Wissem\Desktop\FRST.exe
2013-12-21 03:55 - 2013-12-21 03:55 - 00050477 _____ C:\Users\Wissem\Desktop\Defogger.exe
2013-12-12 22:11 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 22:11 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 22:11 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 22:11 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 22:11 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 22:11 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 22:11 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 22:11 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 22:11 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 22:11 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 22:11 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 22:11 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 22:11 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 22:11 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 22:11 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 22:11 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 17:24 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 17:24 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:24 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 17:24 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:24 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:24 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:24 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:24 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 17:24 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:24 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-11-28 23:06 - 2013-11-28 23:06 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ArcSoft
2013-11-28 23:06 - 2013-11-28 23:06 - 00000000 ____D C:\ProgramData\ArcSoft
2013-11-28 23:04 - 2013-11-29 18:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Skype
2013-11-28 23:04 - 2013-11-28 23:04 - 00000000 ___RD C:\Program Files\Skype
2013-11-28 23:04 - 2013-11-28 23:04 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-28 23:03 - 2013-11-28 23:03 - 35095200 _____ (Skype Technologies S.A.) C:\Users\Gast\Downloads\Skype611SetupFull.exe
2013-11-23 22:12 - 2013-11-23 22:12 - 00564736 _____ C:\Users\Wissem\Desktop\6.Std 2013 EurR.ppt
==================== One Month Modified Files and Folders =======
2013-12-21 17:55 - 2013-12-21 04:05 - 00020040 _____ C:\Users\Wissem\Desktop\FRST.txt
2013-12-21 17:55 - 2013-06-04 18:27 - 00000000 ____D C:\Users\Wissem\AppData\Roaming\Dropbox
2013-12-21 17:51 - 2013-12-21 17:51 - 00000782 _____ C:\Users\Wissem\Desktop\JRT.txt
2013-12-21 17:48 - 2013-01-24 17:55 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 17:48 - 2013-01-24 04:39 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 17:47 - 2013-01-21 00:42 - 01891705 _____ C:\Windows\WindowsUpdate.log
2013-12-21 17:44 - 2013-06-04 18:31 - 00000000 ___RD C:\Users\Wissem\Dropbox
2013-12-21 17:40 - 2013-01-24 04:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 17:40 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 17:39 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 17:39 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 17:38 - 2013-12-21 17:35 - 00000000 ____D C:\AdwCleaner
2013-12-21 17:38 - 2006-11-02 14:01 - 00032518 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 17:34 - 2013-01-24 04:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 17:23 - 2008-01-21 03:47 - 00370036 _____ C:\Windows\PFRO.log
2013-12-21 17:13 - 2006-11-02 12:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-12-21 16:27 - 2013-12-21 16:27 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 16:27 - 2013-12-21 16:27 - 00000000 ____D C:\Users\Wissem\AppData\Roaming\Malwarebytes
2013-12-21 16:27 - 2013-12-21 16:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 16:27 - 2013-12-21 16:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-21 16:24 - 2013-12-21 16:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Wissem\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-21 16:24 - 2013-12-21 16:24 - 01226750 _____ C:\Users\Wissem\Desktop\adwcleaner.exe
2013-12-21 16:24 - 2013-12-21 16:24 - 01034531 _____ (Thisisu) C:\Users\Wissem\Desktop\JRT.exe
2013-12-21 05:09 - 2013-12-21 05:09 - 00008820 _____ C:\Users\Wissem\Desktop\Gmer.txt
2013-12-21 04:14 - 2013-12-21 04:06 - 00028685 _____ C:\Users\Wissem\Desktop\Addition.txt
2013-12-21 04:05 - 2013-12-21 04:05 - 00000000 ____D C:\FRST
2013-12-21 04:01 - 2013-12-21 04:00 - 00000474 _____ C:\Users\Wissem\Desktop\defogger_disable.log
2013-12-21 04:00 - 2013-12-21 04:00 - 00000000 _____ C:\Users\Wissem\defogger_reenable
2013-12-21 04:00 - 2013-01-21 02:49 - 00000000 ____D C:\Users\Wissem
2013-12-21 03:57 - 2013-12-21 03:57 - 00377856 _____ C:\Users\Wissem\Desktop\gmer_2.1.19163.exe
2013-12-21 03:57 - 2013-12-21 03:56 - 01325858 _____ (Farbar) C:\Users\Wissem\Desktop\FRST.exe
2013-12-21 03:55 - 2013-12-21 03:55 - 00050477 _____ C:\Users\Wissem\Desktop\Defogger.exe
2013-12-21 03:26 - 2013-01-27 19:37 - 00000000 ____D C:\Users\Wissem\AppData\Local\CrashDumps
2013-12-21 00:26 - 2013-10-16 00:02 - 00000000 ____D C:\Users\Wissem\Desktop\VerfR I
2013-12-21 00:12 - 2013-10-23 12:08 - 00000092 _____ C:\Users\Wissem\AppData\Roaming\WB.CFG
2013-12-21 00:12 - 2013-10-23 12:08 - 00000006 _____ C:\Users\Wissem\AppData\Roaming\WBPU-TTL.DAT
2013-12-21 00:01 - 2013-04-20 10:41 - 00000000 ____D C:\Users\Wissem\Desktop\Europarecht
2013-12-19 01:40 - 2013-06-04 18:31 - 00000922 _____ C:\Users\Wissem\Desktop\Dropbox.lnk
2013-12-19 01:40 - 2013-06-04 18:28 - 00000000 ____D C:\Users\Wissem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-17 19:12 - 2013-01-21 02:49 - 00002032 _____ C:\Users\Wissem\AppData\Local\d3d9caps.dat
2013-12-13 04:21 - 2006-11-02 13:47 - 00395888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 04:18 - 2008-10-23 12:25 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-12 22:19 - 2013-01-21 01:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 22:15 - 2013-07-19 02:01 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 22:12 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-10 18:57 - 2013-01-24 04:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 18:57 - 2013-01-24 04:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 18:57 - 2013-01-21 02:49 - 00000000 ____D C:\Users\Wissem\AppData\Local\Adobe
2013-12-09 13:35 - 2013-01-21 03:54 - 00000000 ____D C:\Users\Wissem\AppData\Local\Microsoft Help
2013-12-09 00:10 - 2013-11-06 17:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-09 00:10 - 2013-01-21 04:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-29 18:20 - 2013-11-28 23:04 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Skype
2013-11-28 23:06 - 2013-11-28 23:06 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ArcSoft
2013-11-28 23:06 - 2013-11-28 23:06 - 00000000 ____D C:\ProgramData\ArcSoft
2013-11-28 23:04 - 2013-11-28 23:04 - 00000000 ___RD C:\Program Files\Skype
2013-11-28 23:04 - 2013-11-28 23:04 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-28 23:04 - 2013-01-22 03:04 - 00000000 ____D C:\Users\Wissem\AppData\Roaming\Skype
2013-11-28 23:04 - 2013-01-21 01:20 - 00000000 ____D C:\ProgramData\Skype
2013-11-28 23:03 - 2013-11-28 23:03 - 35095200 _____ (Skype Technologies S.A.) C:\Users\Gast\Downloads\Skype611SetupFull.exe
2013-11-23 22:12 - 2013-11-23 22:12 - 00564736 _____ C:\Users\Wissem\Desktop\6.Std 2013 EurR.ppt
2013-11-21 19:14 - 2013-04-16 05:01 - 00000000 ____D C:\Users\Wissem\Desktop\wiss Hausi
2013-11-21 12:08 - 2013-11-20 17:17 - 00011427 _____ C:\Users\Wissem\Documents\Notenliste Hadjseyd ZRecht II.xlsx
Some content of TEMP:
====================
C:\Users\Wissem\AppData\Local\Temp\FileSystemView.dll
C:\Users\Wissem\AppData\Local\Temp\gf5nbe4a.dll
C:\Users\Wissem\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Wissem\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Wissem\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Wissem\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Wissem\AppData\Local\Temp\ply7cf_y.dll
C:\Users\Wissem\AppData\Local\Temp\Quarantine.exe
C:\Users\Wissem\AppData\Local\Temp\VzCdb.dll
C:\Users\Wissem\AppData\Local\Temp\VzCdbCtrl.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-21 17:46
==================== End Of Log ============================ --- --- ---
So, da bin ich mal gespannt. Was ist das alles?
Beste Grüße |