Vielen Dank für deine Hilfe.
Ich werde erst wieder Morgen aktiv, daher, vielen Dank im Voraus!
Logs:
AdwCleaner[S0].txt Code:
# AdwCleaner v3.213 - Bericht erstellt am 28/06/2014 um 14:44:13
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Regina - REGINA-VAIO
# Gestartet von : C:\Users\Regina\Desktop\Trojaner logs\adwcleaner_3.213(1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Regina\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Regina\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Regina\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Regina\Documents\Updater
Datei Gelöscht : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\invalidprefs.js
Datei Gelöscht : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scanwiz_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scanwiz_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-mail_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-mail_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Complitly_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\prefs.js ]
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110004");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "f2480d0f00000000000006265ef9ee81");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "f2480d0f00000000000006265ef9ee81");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15390");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110004&babsrc=NT_ss&mntrId=f2480d0f00000000000006265ef9ee81");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:08:55");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
*************************
AdwCleaner[R0].txt - [9471 octets] - [28/06/2014 14:43:38]
AdwCleaner[S0].txt - [8939 octets] - [28/06/2014 14:44:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8999 octets] ########## AdwCleaner[R0].txt Code:
# AdwCleaner v3.213 - Bericht erstellt am 28/06/2014 um 14:43:38
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Regina - REGINA-VAIO
# Gestartet von : C:\Users\Regina\Desktop\Trojaner logs\adwcleaner_3.213(1).exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\invalidprefs.js
Datei Gefunden : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\searchplugins\bingp.xml
Datei Gefunden : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\searchplugins\zonealarm.xml
Datei Gefunden : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\DealPlyUpdate
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Regina\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Regina\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Regina\AppData\Roaming\DealPly
Ordner Gefunden : C:\Users\Regina\Documents\Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Complitly
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\Complitly
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\DealPly
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scanwiz_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scanwiz_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-mail_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-mail_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Complitly_is1
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\prefs.js ]
Zeile gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110004");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "f2480d0f00000000000006265ef9ee81");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.id", "f2480d0f00000000000006265ef9ee81");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15390");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110004&babsrc=NT_ss&mntrId=f2480d0f00000000000006265ef9ee81");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:08:55");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
*************************
AdwCleaner[R0].txt - [9291 octets] - [28/06/2014 14:43:38]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9351 octets] ########## mbam.txt Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 28.06.2014
Suchlauf-Zeit: 15:04:54
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.28.02
Rootkit Datenbank: v2014.06.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Regina
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 299713
Verstrichene Zeit: 10 Min, 4 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 1
PUP.Optional.DealPly.A, HKU\S-1-5-21-3471409487-2823058801-4123907049-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [557d6518f9829f973770c9ec956df20e],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 3
PUP.Optional.RegCleanPro, C:\Users\Regina\Downloads\regclean_my176681(1).exe, In Quarantäne, [d3ffe09d413ad660465a42f2669a7888],
PUP.Optional.RegCleanPro, C:\Users\Regina\Downloads\regclean_my176681(2).exe, In Quarantäne, [12c0423be19afd3929772410fd03b14f],
PUP.Optional.RegCleanPro, C:\Users\Regina\Downloads\regclean_my176681.exe, In Quarantäne, [dcf6324b42391224029e0b29e8189c64],
Physische Sektoren: 0
(No malicious items detected)
(end) zoek-result.txt Code:
Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Regina on 28.06.2014 at 15:42:07,77.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Regina\Desktop\Trojaner logs\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
28.06.2014 15:43:17 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7E51D40A-D587-4F66-9307-9AC9D9F2263B} deleted successfully
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP");
Added to C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default
user.js not found
---- Lines zonealarm removed from prefs.js ----
user_pref("extensions.zonealarm.admin", false);
user_pref("extensions.zonealarm.aflt", "1001");
user_pref("extensions.zonealarm.appId", "{C56C48A0-DA4E-46F6-9859-1553DC865F84}");
user_pref("extensions.zonealarm.autoRvrt", "false");
user_pref("extensions.zonealarm.dfltLng", "de");
user_pref("extensions.zonealarm.excTlbr", false);
user_pref("extensions.zonealarm.ffxUnstlRst", false);
user_pref("extensions.zonealarm.hmpg", true);
user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=fd58eeff6c914f8b86b8aa9292a75207&tu=10G9z00AV1
user_pref("extensions.zonealarm.hpOld0", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP");
user_pref("extensions.zonealarm.id", "f2480d0f00000000000006265ef9ee81");
user_pref("extensions.zonealarm.instlDay", "15991");
user_pref("extensions.zonealarm.instlRef", "ZLN120152920562965-1001");
user_pref("extensions.zonealarm.newTab", true);
user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=de&gu=fd58eeff6c914f8b86b8aa9292a75207&tu=10G9z00A
user_pref("extensions.zonealarm.prdct", "zonealarm");
user_pref("extensions.zonealarm.prtnrId", "checkpoint");
user_pref("extensions.zonealarm.rvrt", "true");
user_pref("extensions.zonealarm.smplGrp", "none");
user_pref("extensions.zonealarm.tlbrId", "goughDev3");
user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=fd58eeff6c914f8b86b8aa9292a75
user_pref("extensions.zonealarm.vrsn", "1.8.22.0");
user_pref("extensions.zonealarm.vrsni", "1.8.22.0");
user_pref("extensions.zonealarm.vrsnTs", "1.8.22.016:56:07");
---- FireFox user.js and prefs.js backups ----
prefs__1551_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\FoxTabPDFConverter deleted
C:\PROGRA~2\Check Point Software Technologies LTD deleted
C:\Users\Regina\AppData\Roaming\AutoGK.ini deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\DealPly deleted
C:\Users\Regina\Searches deleted
C:\user.js deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default
738C29EAC995029E13333034C1402F56 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02.03.2012 11:53]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=fd58eeff6c914f8b86b8aa9292a75207&tu=10G9z00AV1B0Ca0&sku=&tstsId=&ver=&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=de&gu=fd58eeff6c914f8b86b8aa9292a75207&tu=10G9z00AV1B0Ca0&sku=&tstsId=&ver=&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=de&gu=fd58eeff6c914f8b86b8aa9292a75207&tu=10G9z00AV1B0Ca0&sku=&tstsId=&ver=&"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=fd58eeff6c914f8b86b8aa9292a75207&tu=10G9z00AV1B0Ca0&sku=&tstsId=&ver=&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AD148393-C4BE-4611-B9C7-5583BB0F6E3C} eBay Url="hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}"
{B73E2343-509D-42B4-B229-E0429961F287} Zinio Url="hxxp://services.zinio.com/search?s={selection}&rf=sonyslices"
{F8A3B448-23D1-4457-89B8-0EF69E8FE458} Google Url="hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE363"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} deleted successfully
HKEY_USERS\S-1-5-21-3471409487-2823058801-4123907049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nonoh deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Regina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Regina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Regina\AppData\Local\Mozilla\Firefox\Profiles\zcxayyqc.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=585 folders=32 21341643 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Regina\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Regina\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Regina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6JK3T8GL\cdn.clipkit.de" not found
"C:\Users\Regina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6JK3T8GL\static.issuu.com" not found
"C:\Users\Regina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6JK3T8GL\static05.kaufda.de" not found
"C:\Users\Regina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6JK3T8GL\www.gfcmarkets.com" not found
"C:\Users\Regina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6JK3T8GL\www.ntv.ru" not found
==== EOF on 28.06.2014 at 16:02:20,22 ====================== FRST.txt
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 01
Ran by Regina (administrator) on REGINA-VAIO on 28-06-2014 16:04:35
Running from C:\Users\Regina\Desktop\Trojaner logs
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16335392 2009-07-27] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [532776 2007-09-25] (Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-3471409487-2823058801-4123907049-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Regina\AppData\Local\Apps\2.0\GCXDDADB.YZL\E88MQZZ1.OOP\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-22] (AVM Berlin)
HKU\S-1-5-21-3471409487-2823058801-4123907049-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=fd58eeff6c914f8b86b8aa9292a75207&tu=10G9z00AV1B0Ca0&sku=&tstsId=&ver=&
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/UP97_FRPage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - 2257BF687D114512BF6D9CA00CB422DF URL = hxxp://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=f2480d0f00000000000006265ef9ee81
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {AD148393-C4BE-4611-B9C7-5583BB0F6E3C} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {B73E2343-509D-42B4-B229-E0429961F287} URL = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices
SearchScopes: HKCU - {F8A3B448-23D1-4457-89B8-0EF69E8FE458} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE363
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\zcxayyqc.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-25]
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-08-27] (Macrovision Europe Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
R2 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
R2 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [522240 2009-08-12] (Sony Corporation) [File not signed]
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) [File not signed]
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-04-30] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-22] (AVM Berlin)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2013-08-04] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-08-04] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-08-04] (Kaspersky Lab)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 mr8980; C:\Windows\System32\DRIVERS\mr8980x64.sys [113280 2009-12-18] (Mars Semiconductor Corp.)
S3 mr8980; C:\Windows\SysWOW64\DRIVERS\mr8980x64.sys [113280 2009-12-18] (Mars Semiconductor Corp.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-28 15:56 - 2014-06-28 15:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-28 15:42 - 2014-06-28 16:02 - 00013060 _____ () C:\zoek-results.log
2014-06-28 15:42 - 2014-06-28 15:52 - 00000000 ____D () C:\zoek_backup
2014-06-28 14:43 - 2014-06-28 14:44 - 00000000 ____D () C:\AdwCleaner
2014-06-28 14:34 - 2014-06-28 15:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 14:34 - 2014-06-28 14:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 14:34 - 2014-06-28 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 14:34 - 2014-06-28 14:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 14:34 - 2014-06-28 14:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 14:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 14:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-28 14:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-28 14:22 - 2014-06-28 14:22 - 00546896 _____ () C:\Windows\Minidump\062814-42791-01.dmp
2014-06-28 14:09 - 2014-06-28 14:09 - 01342659 _____ () C:\Users\Regina\Downloads\adwcleaner_3.213(1).exe
2014-06-28 13:53 - 2014-06-28 13:53 - 00025671 _____ () C:\ComboFix.txt
2014-06-28 13:40 - 2014-06-28 13:53 - 00000000 ____D () C:\ComboFix
2014-06-28 13:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-28 13:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-28 13:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-28 13:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-28 13:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-28 13:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-28 13:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-28 13:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-28 13:31 - 2014-06-28 13:53 - 00000000 ____D () C:\Qoobox
2014-06-28 13:31 - 2014-06-28 13:51 - 00000000 ____D () C:\Windows\erdnt
2014-06-28 13:20 - 2014-06-28 13:20 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-06-28 12:52 - 2014-06-28 16:04 - 00000000 ____D () C:\FRST
2014-06-28 12:40 - 2014-06-28 12:41 - 94714880 _____ (AVAST Software) C:\Users\Regina\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-25 13:52 - 2014-06-25 13:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 11:04 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 11:04 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 11:04 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 11:04 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 11:04 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 11:04 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 11:04 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 11:04 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 11:04 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 11:04 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 11:04 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 11:04 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 11:04 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 11:04 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 11:04 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 11:04 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 11:04 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 11:04 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 11:04 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 11:04 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 11:04 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 11:04 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 11:04 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 11:04 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 11:04 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 11:04 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 11:04 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 11:04 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 11:04 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 11:04 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 11:04 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 11:04 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 11:04 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 11:04 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 11:04 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 11:04 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 11:04 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 11:04 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 11:04 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 11:04 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 11:04 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 11:04 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 11:04 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 11:04 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 11:04 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 11:04 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 11:04 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 11:04 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 11:04 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 11:04 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 11:04 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 11:04 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 11:04 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 11:04 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 11:04 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 11:04 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 11:04 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 11:04 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 11:04 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 11:04 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 11:04 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 11:04 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 11:04 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 11:04 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 11:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 11:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 11:03 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 11:03 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 21:54 - 2014-06-09 21:54 - 19649736 _____ () C:\Users\Regina\Documents\LxOffice20140609_213536.zip
2014-06-09 14:40 - 2014-06-09 14:54 - 00011822 _____ () C:\Users\Regina\Desktop\Abrechnung Iosif.odt
==================== One Month Modified Files and Folders =======
2014-06-28 16:06 - 2010-01-21 13:56 - 01990751 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 16:04 - 2014-06-28 12:52 - 00000000 ____D () C:\FRST
2014-06-28 16:04 - 2010-02-27 13:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype
2014-06-28 16:03 - 2014-04-27 20:46 - 00000000 ___RD () C:\Users\Regina\Dropbox
2014-06-28 16:03 - 2014-04-27 20:44 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster
2014-06-28 16:03 - 2014-04-27 20:43 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox
2014-06-28 16:02 - 2014-06-28 15:42 - 00013060 _____ () C:\zoek-results.log
2014-06-28 16:02 - 2009-08-27 09:54 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 16:01 - 2013-10-14 08:15 - 00144428 _____ () C:\Windows\PFRO.log
2014-06-28 16:01 - 2013-10-14 08:15 - 00005446 _____ () C:\Windows\setupact.log
2014-06-28 16:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 16:00 - 2010-01-22 20:55 - 00000000 ____D () C:\Users\Public\Documents\SoftGrid Client
2014-06-28 15:54 - 2010-01-21 13:56 - 00000000 ____D () C:\Users\Regina
2014-06-28 15:52 - 2014-06-28 15:42 - 00000000 ____D () C:\zoek_backup
2014-06-28 15:42 - 2014-06-28 15:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-28 15:41 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 15:41 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 15:40 - 2014-06-28 14:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 15:33 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-06-28 15:32 - 2012-04-08 20:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 15:15 - 2009-08-27 09:54 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 15:04 - 2011-04-30 18:48 - 00000000 ____D () C:\Users\Regina\AppData\Local\Deployment
2014-06-28 14:44 - 2014-06-28 14:43 - 00000000 ____D () C:\AdwCleaner
2014-06-28 14:34 - 2014-06-28 14:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 14:34 - 2014-06-28 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 14:34 - 2014-06-28 14:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 14:34 - 2014-06-28 14:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 14:30 - 2011-04-30 18:48 - 00000000 ____D () C:\Users\Regina\AppData\Local\Apps\2.0
2014-06-28 14:22 - 2014-06-28 14:22 - 00546896 _____ () C:\Windows\Minidump\062814-42791-01.dmp
2014-06-28 14:22 - 2014-05-22 06:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-28 14:22 - 2009-07-14 06:45 - 00515576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-28 14:21 - 2014-05-22 06:18 - 679274453 _____ () C:\Windows\MEMORY.DMP
2014-06-28 14:09 - 2014-06-28 14:09 - 01342659 _____ () C:\Users\Regina\Downloads\adwcleaner_3.213(1).exe
2014-06-28 13:59 - 2010-01-21 13:56 - 00127080 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 13:53 - 2014-06-28 13:53 - 00025671 _____ () C:\ComboFix.txt
2014-06-28 13:53 - 2014-06-28 13:40 - 00000000 ____D () C:\ComboFix
2014-06-28 13:53 - 2014-06-28 13:31 - 00000000 ____D () C:\Qoobox
2014-06-28 13:53 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-28 13:51 - 2014-06-28 13:31 - 00000000 ____D () C:\Windows\erdnt
2014-06-28 13:50 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-28 13:26 - 2010-01-21 15:02 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe
2014-06-28 13:26 - 2010-01-21 15:00 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AB223776-E04A-49D6-9174-193A35ADB17B}
2014-06-28 13:26 - 2009-08-27 09:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-06-28 12:43 - 2009-07-14 19:58 - 00699876 _____ () C:\Windows\system32\perfh007.dat
2014-06-28 12:43 - 2009-07-14 19:58 - 00149758 _____ () C:\Windows\system32\perfc007.dat
2014-06-28 12:43 - 2009-07-14 07:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 12:42 - 2012-04-08 20:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 12:42 - 2012-04-08 20:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-28 12:42 - 2012-02-06 17:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-28 12:41 - 2014-06-28 12:40 - 94714880 _____ (AVAST Software) C:\Users\Regina\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-28 12:35 - 2012-05-06 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-25 13:52 - 2014-06-25 13:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-24 01:10 - 2009-08-27 09:54 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 01:10 - 2009-08-27 09:54 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 23:05 - 2013-03-06 17:12 - 00000000 ____D () C:\Scan
2014-06-12 10:29 - 2009-08-27 10:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-12 10:29 - 2009-08-27 10:05 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 04:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:06 - 2013-10-22 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:04 - 2010-01-27 14:21 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:01 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 21:54 - 2014-06-09 21:54 - 19649736 _____ () C:\Users\Regina\Documents\LxOffice20140609_213536.zip
2014-06-09 14:54 - 2014-06-09 14:40 - 00011822 _____ () C:\Users\Regina\Desktop\Abrechnung Iosif.odt
2014-06-08 11:13 - 2014-06-11 11:03 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 11:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-30 12:21 - 2014-06-11 11:04 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 11:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 11:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 11:04 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 11:04 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 11:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 11:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 11:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 11:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 11:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 11:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 11:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 11:04 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 11:04 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 11:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 11:04 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 11:04 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 11:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 11:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 11:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 11:04 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 11:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 11:04 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 11:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 11:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 11:04 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 11:04 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 11:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 11:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 11:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 11:04 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 11:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 11:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 11:04 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 11:04 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 11:04 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 11:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 11:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 11:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 11:04 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 11:04 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 11:04 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 11:04 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 11:04 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 11:04 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 11:04 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 11:04 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 11:04 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 11:04 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 11:04 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 11:04 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 11:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymw_l4.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 08:27
==================== End Of Log ============================ --- --- ---
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 01
Ran by Regina at 2014-06-28 16:07:20
Running from C:\Users\Regina\Desktop\Trojaner logs
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adapter version 0.909 (HKLM-x32\...\{91c024bf-55a1-4167-8cdf-d7f40c7d41e2}_is1) (Version: - MyPod Apps)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1.3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (x32 Version: 7.0.1.3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.43.0005 - Brother)
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.35 - Piriform)
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.70.06160 - Sony Corporation)
Click to Disc (x32 Version: 1.2.70.06160 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.02 - Sony Corporation)
Click to Disc Editor (x32 Version: 2.0.02 - Sony Corporation) Hidden
Digital Wireless Camera (HKLM-x32\...\{8EE8D436-CF54-4713-ABA1-B885FAB43D33}) (Version: 1.00.0000 - Ihr Firmenname)
Dolby Control Center (HKLM\...\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}) (Version: 1.2.0702 - Dolby)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.0.06120 - Sony Corporation)
FoxTab PDF Creator (HKCU\...\FoxTab PDF Creator) (Version: - ) <==== ATTENTION
Free iPad Video Converter 3.7.2.1 (HKLM-x32\...\Free iPad Video Converter_is1) (Version: - FreeAudioVideoSoftTech, Inc.)
FRITZ!Box USB-Fernanschluss (HKCU\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin)
Gigaset QuickSync (HKLM\...\{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}) (Version: 7.1.0841.3 - Gigaset Communications GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 2.0.172.37 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guarding Anzeige 5.0.1.284 (HKLM-x32\...\{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1) (Version: - OEM)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Iomega Product Registration (HKLM-x32\...\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}) (Version: 7.24.0000 - Iomega Corporation)
Iomega ScreenPlay Discovery (HKLM-x32\...\{DC1B23F0-2A8C-49DD-8F83-74F50950D5A7}) (Version: 1.1.0.0 - Iomega Corporation an EMC Company)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 9 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 3.3.0728 - KYOCERA Document Solutions Inc.)
Lexware business office pro 2008 (HKLM-x32\...\{A9293E84-941F-4BB5-BFD0-1C84212E16E6}) (Version: 8.00.00.0084 - Lexware)
Lexware business office pro 2008 (x32 Version: 8.00.00.0084 - Lexware) Hidden
Lexware business office pro Aktualisierung Februar 2008, Version 8.20 (HKLM-x32\...\{955A56B1-102D-48CA-8036-DB3D73E27127}) (Version: 8.20.00.0016 - Lexware)
Lexware business office pro Aktualisierung Februar 2008, Version 8.20 (x32 Version: 8.20.00.0016 - Lexware) Hidden
Lexware Elster (HKLM-x32\...\{8B50F367-2686-4256-BA05-708B299961DF}) (Version: 7.40.00.0042 - Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{BEDFB0D0-CA1E-4CBA-9664-B25A74019D0C}) (Version: 2.50.39.0816 - Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Beta) (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4536.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Beta) (Version: 14.0.4536.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.01.13160 - Sony Corporation)
MusicStation (HKLM-x32\...\{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}) (Version: 1.2.2.180 - Omnifone)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Praktische Arbeitshilfe (HKLM-x32\...\{FF2E73E1-D8D5-48BC-9517-A3CB199B0B86}) (Version: - )
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy Media Creator Home (x32 Version: 10.3.121 - Roxio) Hidden
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Servicepack Datumsaktualisierung (HKLM-x32\...\{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}) (Version: 1.00.00.0005 - Haufe-Lexware)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.07300 - Sony Corporation)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.0.07280 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.0.07280 - Sony Corporation) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.12.16210 - Sony Corporation)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{0A5F02E5-1A52-4F85-892C-A35227641C75}) (Version: 3.5.0.06261 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{3B1168DE-1F8C-471C-AC49-0CA52F096170}) (Version: 3.5.0.06260 - Sony Corporation)
VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM-x32\...\{7395DD51-0D1A-47A7-9993-742073ECF4CE}) (Version: 3.5.0.06260 - Sony Corporation)
VAIO Content Metadata Manager Settings (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{949419DF-F4AF-4693-B60A-522B24F233C6}) (Version: 3.5.0.06180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.5.0.06180 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (x32 Version: 2.4.0.06120 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.0.0.06120 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.01.06290 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 4.0.0.07160 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.5.0.07230 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.5.0.07230 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.0.0.08030 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.0.0.08050 - Sony Corporation)
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.0.07280 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.5.00.06191 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.5.00.06191 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.5.00.06010 - Sony Corporation)
VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation)
VAIO Premium Partners 1.00 (HKLM-x32\...\VAIO Premium Partners 1.00) (Version: - )
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.0.0.08120 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.2.0.07300 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.0.0.07290 - Sony Corporation)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Driver Package - OEM (mr8980) Image (11/30/2009 1.0.0.0) (HKLM\...\404763020EF60406C2F89C3798F41D2D4E94CC94) (Version: 11/30/2009 1.0.0.0 - OEM)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
ZoneAlarm Antivirus (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 11.0.780.000 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
==================== Restore Points =========================
05-06-2014 08:14:01 Windows Update
09-06-2014 13:17:26 Windows Update
12-06-2014 01:00:42 Windows Update
17-06-2014 12:55:46 Windows Update
23-06-2014 23:00:31 Windows Update
27-06-2014 09:01:45 Windows Update
28-06-2014 13:42:58 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-06-28 13:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {02C45C6D-7721-4B19-B2A3-8BB606B301A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-08-27] (Google Inc.)
Task: {3D6148ED-EFAD-4796-B24A-08186D6223D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65CFF828-344A-441D-89D4-1F470A9445F6} - System32\Tasks\{5D1586B9-2E0F-407B-A966-FE0A5E124B34} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;systemlevelpresent
Task: {8EC72BF5-8493-483D-A26B-515432946930} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-08-05] (Sony Corporation)
Task: {9F503B06-8852-42A6-98F3-18E2D22C894B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-08-27] (Google Inc.)
Task: {B6AD4FD0-6736-47DA-86CE-70A3D836C1BE} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-30] (Sony Corporation)
Task: {BE2D0101-F41A-4357-80AE-5EFBB372CD8A} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {C1A91F00-1EA7-4374-AB43-CBE9EE435114} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-28] (Adobe Systems Incorporated)
Task: {E47FC575-D38A-4241-AB36-9BA00DC2369E} - System32\Tasks\{5F8A97AD-6C43-412E-842D-66C9789DC798} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.114/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;systemlevelpresent
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-04-30 19:06 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2011-04-30 19:06 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2012-02-20 18:54 - 2010-09-15 16:01 - 00065536 _____ () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-27 10:08 - 2009-07-27 16:58 - 00376832 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll
2009-08-27 10:07 - 2009-08-03 17:00 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2009-08-27 10:07 - 2009-08-03 17:00 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2009-08-27 10:08 - 2009-07-27 16:58 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2014-06-28 16:02 - 2014-06-28 16:02 - 00043008 _____ () c:\users\regina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymw_l4.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-25 13:52 - 2014-06-25 13:52 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-28 12:42 - 2014-06-28 12:42 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Regina\Desktop\Foto Alex bei VATI.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Regina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SHTtray.exe => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2014 04:02:00 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (06/28/2014 03:34:19 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (06/28/2014 02:46:07 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (06/28/2014 02:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e7c
Startzeit: 01cf92cd5686548a
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Berichts-ID: c2c0b179-fec0-11e3-822c-0024be7dd4bf
Error: (06/28/2014 02:22:35 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (06/28/2014 00:37:46 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (06/27/2014 06:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4290
Error: (06/27/2014 06:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4290
Error: (06/27/2014 06:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/27/2014 06:08:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
System errors:
=============
Error: (06/28/2014 04:03:21 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (06/28/2014 04:02:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/28/2014 04:01:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
Error: (06/28/2014 03:51:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/28/2014 03:51:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/28/2014 03:51:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/28/2014 03:51:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/28/2014 03:51:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/28/2014 03:35:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/28/2014 03:34:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
Microsoft Office Sessions:
=========================
Error: (06/28/2014 04:02:00 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
Error: (06/28/2014 03:34:19 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
Error: (06/28/2014 02:46:07 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
Error: (06/28/2014 02:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532e7c01cf92cd5686548a16C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exec2c0b179-fec0-11e3-822c-0024be7dd4bf
Error: (06/28/2014 02:22:35 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
Error: (06/28/2014 00:37:46 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
Error: (06/27/2014 06:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4290
Error: (06/27/2014 06:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4290
Error: (06/27/2014 06:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/27/2014 06:08:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
CodeIntegrity Errors:
===================================
Date: 2014-06-28 13:49:52.315
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-28 13:49:52.121
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-13 11:04:33.701
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-13 11:04:33.701
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-13 11:04:33.491
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-13 11:04:33.491
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-13 11:01:48.711
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-13 11:01:46.639
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-12 04:00:18.672
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-12 04:00:18.641
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 4031.18 MB
Available physical RAM: 1812.11 MB
Total Pagefile: 8060.54 MB
Available Pagefile: 5840.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:454.94 GB) (Free:289.94 GB) NTFS
Drive d: () (Removable) (Total:0.23 GB) (Free:0 GB) FAT32
Drive f: (ноя 23 2009) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4A1DC24E)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 241 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================ |