| |
| |||||||
Log-Analyse und Auswertung: Vista, ständige Werbe-Popups, rvzr-akamaihdWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.12.2013, 19:32
| #1 |
| |  Vista, ständige Werbe-Popups, rvzr-akamaihd Hallo, seit ein paar Wochen werden im Firefox ohne mein Zutun ständig irgendwelche Werbeseiten geöffnet und auf dem Inhalt von einigen Internet-Seiten erscheint beim "mit der Maus-Drüberfahren" Werbung (Plus-HD...). Bisher hatte ich das kostenlose AVG. Dachte, mit einer gekauften Version des Kasperskys 2014 würde mir geholfen; weit gefehlt... Habe gegoogelt und hoffe nun, dass mir hier geholfen werden kann. Vielen Dank bereits im Voraus. reiwei Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:06 on 27/12/2013 (R******* *****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013 01
Ran by R******* ***** (administrator) on PC on 27-12-2013 17:13:16
Running from C:\Users\R******* *****\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(IObit) C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Sony Corporation) C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6295552 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google)
HKLM\...\Run: [MarketingTools] - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [24576 2008-08-11] (Sony Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-07-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKCU\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-06-27] (Sony Corporation)
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\R******* *****\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid bcf721ddf4e1e0d58f5150a1f6f727a2-3f4c7d20555728012aa4769eb3f338582ca8bbb6 --CMPID 0913b
MountPoints2: G - G:\Autorun\Autorun.exe
MountPoints2: {50d41e78-e414-11dd-aebf-806e6f6e6963} - F:\autorun.exe
MountPoints2: {d4ccfef7-566f-11de-a007-001dba8b63ff} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
MountPoints2: {f1b9e9ef-bb06-11de-b196-001dba8b63ff} - G:\Menu.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-06-27] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-06-27] (Sony Corporation)
AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2010-08-10] (Google)
Startup: C:\Users\R******* *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.com
hxxp://www.club-vaio.com/vbc/ebay/index.html
hxxp://www.club-vaio.com/vbc
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,start page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&st=chrome&q=
URLSearchHook: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope {6C46687A-47DF-4C56-9E42-77258AB738EB} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&q={searchTerms}
SearchScopes: HKLM - {6c46687a-47df-4c56-9e42-77258ab738eb} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&q={searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - DefaultScope {41028964-49FC-49F6-8BCD-85999CECBA76} URL = hxxp://www.bing.com/search?q={searchTerms}&r=601
SearchScopes: HKCU - {30cc2044-7c89-4a16-9aee-bf77b9704241} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&q={searchTerms}
SearchScopes: HKCU - {41028964-49FC-49F6-8BCD-85999CECBA76} URL = hxxp://www.bing.com/search?q={searchTerms}&r=601
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=TNHx-uBEnLxDmzWG6IIjTa8bb8U?q={searchTerms}
SearchScopes: HKCU - {C9A777EA-9809-4635-AFF7-C046939FDF57} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://search.avg.com/route/?d=4b54daa4&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\R******* *****\AppData\Roaming\Mozilla\Firefox\Profiles\11jl8c6b.default
FF user.js: detected! => C:\Users\R******* *****\AppData\Roaming\Mozilla\Firefox\Profiles\11jl8c6b.default\user.js
FF NewTab: about:home
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1375821211169.000005&tguid=46364-3869-1375821211169-5C665F52D751F98EBD80E9C8AABF421D&st=chrome&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\R******* *****\AppData\Roaming\Mozilla\Firefox\Profiles\11jl8c6b.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\R******* *****\AppData\Roaming\Mozilla\Firefox\Profiles\11jl8c6b.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.4 - C:\Users\R******* *****\AppData\Roaming\Mozilla\Firefox\Profiles\11jl8c6b.default\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
========================== Services (Whitelisted) =================
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google)
S2 gupdate1c9ca882a24eb7; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-01] (Google Inc.)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-06-27] (Sony Corporation)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S4 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2864448 2013-08-06] (Iminent)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-03-05] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-07] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [480624 2009-09-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-03-05] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1013808 2013-03-26] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-03-05] (Sony Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
S3 MSCSPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [x]
S3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [501560 2008-01-23] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2013-12-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-27 17:13 - 2013-12-27 17:14 - 00023984 _____ C:\Users\R******* *****\Downloads\FRST.txt
2013-12-27 17:12 - 2013-12-27 17:12 - 00000000 ____D C:\FRST
2013-12-27 17:09 - 2013-12-27 17:09 - 01063657 _____ (Farbar) C:\Users\R******* *****\Downloads\FRST.exe
2013-12-27 17:06 - 2013-12-27 17:06 - 00000490 _____ C:\Users\R******* *****\Downloads\defogger_disable.log
2013-12-27 17:06 - 2013-12-27 17:06 - 00000000 _____ C:\Users\R******* *****\defogger_reenable
2013-12-27 17:05 - 2013-12-27 17:05 - 00050477 _____ C:\Users\R******* *****\Downloads\Defogger.exe
2013-12-27 17:02 - 2013-12-27 17:03 - 00000962 _____ C:\Users\R******* *****\Desktop\Continue Zip Extractor Installation.lnk
2013-12-27 17:00 - 2013-12-27 17:00 - 00673952 _____ ( ) C:\Users\R******* *****\Downloads\ZipExtractorSetup(1).exe
2013-12-24 23:09 - 2013-12-24 23:09 - 00163008 _____ C:\Windows\Minidump\Mini122413-03.dmp
2013-12-24 18:00 - 2013-12-24 18:00 - 00162960 _____ C:\Windows\Minidump\Mini122413-02.dmp
2013-12-24 12:22 - 2013-12-24 23:09 - 353798744 _____ C:\Windows\MEMORY.DMP
2013-12-24 12:22 - 2013-12-24 12:22 - 00162960 _____ C:\Windows\Minidump\Mini122413-01.dmp
2013-12-24 12:22 - 2013-12-24 12:22 - 00001686 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 15:27 - 2013-12-21 15:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 00:05 - 2013-12-20 00:05 - 00002073 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 22:15 - 2013-12-16 22:15 - 00002111 _____ C:\Users\R******* *****\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-16 22:14 - 2013-12-16 22:13 - 00001001 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-12-16 22:09 - 2013-12-27 15:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-16 22:09 - 2013-12-16 22:09 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-12-16 22:08 - 2013-12-19 23:53 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-12-16 22:08 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-12-16 21:30 - 2013-12-16 21:31 - 00000000 ____D C:\Users\R******* *****\AppData\Local\Avg2013
2013-12-16 03:01 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-16 03:01 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-16 03:01 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-16 03:01 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-16 03:01 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-16 03:01 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-16 03:01 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-16 03:01 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-16 03:01 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-16 03:01 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-16 03:01 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-16 03:01 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-16 03:01 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-16 03:01 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-16 03:01 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-16 03:01 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-15 16:42 - 2013-12-17 01:20 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-13 11:14 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 11:04 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-13 11:04 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 11:04 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 11:04 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 11:04 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 11:04 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 11:04 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-13 11:04 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 11:04 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
==================== One Month Modified Files and Folders =======
2013-12-27 17:14 - 2013-12-27 17:13 - 00023984 _____ C:\Users\R******* *****\Downloads\FRST.txt
2013-12-27 17:13 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-27 17:12 - 2013-12-27 17:12 - 00000000 ____D C:\FRST
2013-12-27 17:12 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 17:12 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 17:09 - 2013-12-27 17:09 - 01063657 _____ (Farbar) C:\Users\R******* *****\Downloads\FRST.exe
2013-12-27 17:06 - 2013-12-27 17:06 - 00000490 _____ C:\Users\R******* *****\Downloads\defogger_disable.log
2013-12-27 17:06 - 2013-12-27 17:06 - 00000000 _____ C:\Users\R******* *****\defogger_reenable
2013-12-27 17:06 - 2009-01-16 22:45 - 00000000 ____D C:\Users\R******* *****
2013-12-27 17:05 - 2013-12-27 17:05 - 00050477 _____ C:\Users\R******* *****\Downloads\Defogger.exe
2013-12-27 17:03 - 2013-12-27 17:02 - 00000962 _____ C:\Users\R******* *****\Desktop\Continue Zip Extractor Installation.lnk
2013-12-27 17:00 - 2013-12-27 17:00 - 00673952 _____ ( ) C:\Users\R******* *****\Downloads\ZipExtractorSetup(1).exe
2013-12-27 16:40 - 2013-08-06 21:35 - 00001826 _____ C:\Windows\Tasks\Plus-HD-2.4-firefoxinstaller.job
2013-12-27 16:35 - 2013-08-06 21:35 - 00001294 _____ C:\Windows\Tasks\Plus-HD-2.4-updater.job
2013-12-27 16:35 - 2013-08-06 21:35 - 00001206 _____ C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job
2013-12-27 16:35 - 2013-08-06 21:35 - 00001104 _____ C:\Windows\Tasks\Plus-HD-2.4-enabler.job
2013-12-27 16:35 - 2009-01-16 22:41 - 01391456 _____ C:\Windows\WindowsUpdate.log
2013-12-27 16:27 - 2013-10-23 12:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 16:18 - 2009-07-01 19:52 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 15:52 - 2013-12-16 22:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-27 15:48 - 2008-01-21 08:16 - 01718552 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 15:43 - 2009-07-01 19:52 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 15:12 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-27 00:16 - 2009-01-22 21:23 - 00000516 _____ C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
2013-12-27 00:11 - 2009-01-22 21:24 - 00000530 _____ C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
2013-12-24 23:09 - 2013-12-24 23:09 - 00163008 _____ C:\Windows\Minidump\Mini122413-03.dmp
2013-12-24 23:09 - 2013-12-24 12:22 - 353798744 _____ C:\Windows\MEMORY.DMP
2013-12-24 23:09 - 2010-02-17 10:51 - 00000000 ____D C:\Windows\Minidump
2013-12-24 18:00 - 2013-12-24 18:00 - 00162960 _____ C:\Windows\Minidump\Mini122413-02.dmp
2013-12-24 12:22 - 2013-12-24 12:22 - 00162960 _____ C:\Windows\Minidump\Mini122413-01.dmp
2013-12-24 12:22 - 2013-12-24 12:22 - 00001686 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-24 12:22 - 2013-08-17 13:10 - 00018902 _____ C:\Windows\PFRO.log
2013-12-24 11:35 - 2012-10-13 19:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-24 10:54 - 2008-07-10 13:41 - 00000000 ____D C:\Program Files\Sony
2013-12-22 23:45 - 2009-01-22 21:25 - 00000426 _____ C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
2013-12-21 15:27 - 2013-12-21 15:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-21 11:53 - 2006-11-02 13:47 - 00400952 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 20:04 - 2009-01-16 22:45 - 00002032 _____ C:\Users\R******* *****\AppData\Local\d3d9caps.dat
2013-12-20 00:05 - 2013-12-20 00:05 - 00002073 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-20 00:03 - 2008-07-10 10:28 - 00000000 ____D C:\Program Files\Google
2013-12-19 23:53 - 2013-12-16 22:08 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-12-19 23:53 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-12-17 13:50 - 2010-02-13 20:23 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-12-17 01:20 - 2013-12-15 16:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-16 22:39 - 2013-08-06 21:32 - 00002535 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-12-16 22:39 - 2013-08-06 17:14 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-16 22:39 - 2008-08-11 03:49 - 00000000 ____D C:\ProgramData\Skype
2013-12-16 22:27 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-16 22:15 - 2013-12-16 22:15 - 00002111 _____ C:\Users\R******* *****\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-16 22:13 - 2013-12-16 22:14 - 00001001 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-12-16 22:09 - 2013-12-16 22:09 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-12-16 21:31 - 2013-12-16 21:30 - 00000000 ____D C:\Users\R******* *****\AppData\Local\Avg2013
2013-12-16 21:31 - 2010-11-17 09:24 - 00000000 ____D C:\ProgramData\MFAData
2013-12-16 21:28 - 2012-12-03 21:41 - 00000000 ____D C:\Users\R******* *****\AppData\Roaming\TuneUp Software
2013-12-16 21:10 - 2013-08-06 21:35 - 00000000 ____D C:\Program Files\Plus-HD-2.4
2013-12-16 21:09 - 2009-01-16 22:45 - 00000000 ____D C:\Users\R******* *****\AppData\Local\Google
2013-12-16 21:09 - 2008-08-11 03:39 - 00000000 ____D C:\ProgramData\Google
2013-12-16 03:31 - 2008-07-10 10:40 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-16 03:13 - 2008-08-11 03:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-16 03:10 - 2013-07-14 22:36 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 03:05 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 18:12 - 2013-08-07 21:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:12 - 2013-08-07 21:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-08 22:26 - 2010-04-06 20:30 - 00000000 ____D C:\Users\R******* *****\Documents\Heruntergeladene Programm-Updates
2013-12-08 11:16 - 2009-01-17 15:07 - 00004096 _____ C:\Users\Public\Documents\00000755.LCS
2013-11-29 19:50 - 2009-01-16 22:45 - 00000000 ____D C:\Users\R******* *****\AppData\Local\Adobe
Files to move or delete:
====================
C:\Users\CD_Kopie_HWS\START.EXE
C:\Users\CD_Kopie_HWS_201006_Saarlouis\autorun.exe
C:\Users\Public\AlexaNSISPlugin.1804.dll
Some content of TEMP:
====================
C:\Users\R******* *****\AppData\Local\Temp\ICReinstall_ZipExtractorSetup(1).exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-27 15:27
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2013 01
Ran by R******* ***** at 2013-12-27 17:14:45
Running from C:\Users\R******* *****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Apple Mobile Device Support (Version: 2.5.2.2)
ArcSoft WebCam Companion 2
ATI Catalyst Install Manager (Version: 3.0.710.0)
Big Fish Games Spiel-Suite
Browser Address Error Redirector
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0515.32.42252)
Catalyst Control Center Graphics Full Existing (Version: 2009.0515.32.42252)
Catalyst Control Center Graphics Full New (Version: 2009.0515.32.42252)
Catalyst Control Center Graphics Light (Version: 2009.0515.32.42252)
Catalyst Control Center Graphics Previews Common (Version: 2009.0515.32.42252)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0515.32.42252)
Catalyst Control Center InstallProxy (Version: 2009.0515.32.42252)
Catalyst Control Center Localization All (Version: 2009.0515.32.42252)
CCC Help Chinese Standard (Version: 2009.0515.0031.42252)
CCC Help Chinese Traditional (Version: 2009.0515.0031.42252)
CCC Help Czech (Version: 2009.0515.0031.42252)
CCC Help Danish (Version: 2009.0515.0031.42252)
CCC Help Dutch (Version: 2009.0515.0031.42252)
CCC Help English (Version: 2009.0515.0031.42252)
CCC Help Finnish (Version: 2009.0515.0031.42252)
CCC Help French (Version: 2009.0515.0031.42252)
CCC Help German (Version: 2009.0515.0031.42252)
CCC Help Greek (Version: 2009.0515.0031.42252)
CCC Help Hungarian (Version: 2009.0515.0031.42252)
CCC Help Italian (Version: 2009.0515.0031.42252)
CCC Help Japanese (Version: 2009.0515.0031.42252)
CCC Help Korean (Version: 2009.0515.0031.42252)
CCC Help Norwegian (Version: 2009.0515.0031.42252)
CCC Help Polish (Version: 2009.0515.0031.42252)
CCC Help Portuguese (Version: 2009.0515.0031.42252)
CCC Help Russian (Version: 2009.0515.0031.42252)
CCC Help Spanish (Version: 2009.0515.0031.42252)
CCC Help Swedish (Version: 2009.0515.0031.42252)
CCC Help Thai (Version: 2009.0515.0031.42252)
CCC Help Turkish (Version: 2009.0515.0031.42252)
ccc-core-static (Version: 2009.0515.32.42252)
ccc-utility (Version: 2009.0515.32.42252)
Click to Disc (Version: 1.2.73.04270)
Click to Disc Editor (Version: 2.0.02)
Click to Disc Editor (Version: 2.0.03.04150)
Dragon NaturallySpeaking 10 (Version: 10.0.200)
Free System Utilities (Version: 1.1.0.95)
Free SystemUtilities (Version: 1.1.0.95)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
IBM VoiceType Simply Speaking Gold - Deutsch
Iminent (Version: 6.27.21.0) <==== ATTENTION
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.04.3000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Kaspersky Internet Security (Version: 14.0.0.4651)
Ligos Indeo® Codecs
MathePower
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft ActiveSync 4.0 (Version: 4.2.4876.0)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
Mozilla Thunderbird 24.2.0 (x86 de) (Version: 24.2.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenMG Secure Module 5.4.00 (Version: 5.4.00.04020)
Picasa 3 (Version: 3.1)
Plus-HD-2.4 (Version: 1.27.153.10) <==== ATTENTION
Primo (Version: 1.00.0000)
ProtectDisc Driver, Version 11 (Version: 11.0.0.10)
ProtectDisc Helper Driver 10 (Version: 10.0.0.5)
Realtek High Definition Audio Driver (Version: 6.0.1.5653)
Roxio Central Audio (Version: 3.7.0)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Core (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Easy Media Creator 10 LJ (Version: 10.1)
Roxio Easy Media Creator Home (Version: 10.1.177)
Setting Utility Series (Version: 4.1.00.07030)
Skins (Version: 2009.0515.32.42252)
Skype™ 5.10 (Version: 5.10.116)
Smart Defrag 2 (Version: 2.8)
Sony Picture Utility (Version: 3.2.02.06170)
Sony Video Shared Library (Version: 3.4.00)
Synaptics Pointing Device Driver (Version: 9.1.13.0)
Tommys Gebärdenwelt 1 3.0
TypeSpeak (Version: 5.40)
Unterstützung für VAIO-Präsentation (Version: 1.0.00.04240)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VAIO Content Folder Setting (Version: 2.0.00.17290)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.6.1.12010)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240)
VAIO Content Metadata XML Interface Library (Version: 3.6.0.09080)
VAIO Control Center (Version: 3.1.00.07040)
VAIO Data Restore Tool (Version: 1.0.04.01170)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Energie Verwaltung (Version: 3.1.00.06190)
VAIO Entertainment Platform (Version: 3.4.1.15040)
VAIO Event Service (Version: 4.1.00.07070)
VAIO Guide (Version: 2.4.00.06190)
VAIO Launcher (Version: 2.1.00.06130)
VAIO Marketing Tools
VAIO Media plus (Version: 1.1.00.05240)
VAIO Movie Story (Version: 1.3.00.06240)
VAIO Movie Story (Version: 1.5.01.05120)
VAIO Movie Story 1.5 Upgrade (Version: 1.5.00.06191)
VAIO Movie Story 1.5 Upgrade (Version: 1.5.01.05120)
VAIO Movie Story Template Data (Version: 1.5.01.05120)
VAIO MusicBox (Version: 2.1.00.06110)
VAIO MusicBox Sample Music (Version: 1.1.00.14140)
VAIO Smart Network (Version: 2.1.00.06270)
VAIO Update (Version: 5.1.1.04090)
VAIO Update (Version: 6.2.1.03260)
VAIO Wallpaper Contents (Version: 1.2.00.05200)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
Visual C++ Runtime for Dragon NaturallySpeaking (Version: 10.00.200.184)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
WinDVD for VAIO (Version: 8.0-B9.513)
ZoneAlarm Security Toolbar (Version: 1.8.22.0)
==================== Restore Points =========================
01-09-2013 21:05:31 Geplanter Prüfpunkt
14-09-2013 01:02:11 Windows Update
16-09-2013 20:53:35 Removed IObit Apps Toolbar v7.6.
10-10-2013 20:23:05 Windows Update
14-11-2013 02:01:01 Windows Update
14-11-2013 21:45:59 Geplanter Prüfpunkt
15-11-2013 19:39:41 Geplanter Prüfpunkt
15-12-2013 02:25:50 Geplanter Prüfpunkt
16-12-2013 02:00:49 Windows Update
16-12-2013 20:23:07 Removed AVG 2013
16-12-2013 20:30:41 Removed AVG 2013
16-12-2013 21:10:12 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
24-12-2013 20:02:20 Geplanter Prüfpunkt
27-12-2013 11:20:47 Free System Utilities 27.12.2013 12:20:39
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {080DEFF9-F678-4099-9767-C025419B930E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {1280D0FA-E7D9-4BD9-8E81-3FFC77063351} - System32\Tasks\NatSpeak Periodic Acoustic Optimization => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-10-15] (Nuance Communications, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {211AE993-D7F7-4958-8DBF-64F574E5DB2F} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe [2013-05-29] ()
Task: {3142B60D-D4C6-4CFB-9093-56CE0DBF2957} - System32\Tasks\SmartDefragUpdate => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {37003FEE-D113-4564-92A2-46C739C9E220} - System32\Tasks\Plus-HD-2.4-enabler => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-enabler.exe [2013-08-06] (Plus HD) <==== ATTENTION
Task: {3A43A435-7BF2-4628-B946-9D8A1DA1CA1A} - System32\Tasks\Plus-HD-2.4-updater => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-updater.exe <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4CED0211-4402-466D-B9E3-916C9EB2ECD0} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
Task: {5DC257ED-C214-49C4-8648-86535C7C8A8D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-08-02] (IObit)
Task: {686497F3-C560-4CAE-B4AD-6F8CDB089A83} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-03-26] (Sony Corporation)
Task: {69B34246-CCCE-49A6-81F8-E49E8E5473FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-01] (Google Inc.)
Task: {809307E4-27E7-42A6-BD52-17E02FB214E6} - System32\Tasks\NatSpeak Periodic Data Collection => C:\Program Files\Nuance\NaturallySpeaking10\Program\datacollector.exe [2008-10-15] (Nuance Communications, Inc.)
Task: {A24451ED-62F8-43A6-8A7E-2B85DAC45D18} - System32\Tasks\NatSpeak Periodic Language Model Optimization => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-10-15] (Nuance Communications, Inc.)
Task: {A65D8198-9344-4AB0-83AE-7DD5DA5CEE09} - System32\Tasks\Plus-HD-2.4-codedownloader => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-codedownloader.exe [2013-08-06] (Plus HD) <==== ATTENTION
Task: {CBFF1A75-15FE-4B6C-A0CE-323D8F85B6FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-01] (Google Inc.)
Task: {D34BEC13-C051-4FDE-B0A9-2E88C1EAD5FF} - System32\Tasks\Plus-HD-2.4-firefoxinstaller => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-firefoxinstaller.exe [2013-08-06] (Plus HD) <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EFDD4CCC-91BC-4128-9D3C-9974F6C2353F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-03-26] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Data Collection.job => C:\Program Files\Nuance\NaturallySpeaking10\Program\datacollector.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe
Task: C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.4-enabler.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.4-firefoxinstaller.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.4-updater.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2008-07-10 20:07 - 2009-05-14 22:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-08-06 22:51 - 2013-08-02 14:41 - 00048960 _____ () C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
2008-08-11 03:37 - 2010-08-10 22:05 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2006-06-26 21:08 - 2006-06-26 21:08 - 00017704 _____ () C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
2010-02-04 02:37 - 2010-02-04 02:37 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-12-21 15:27 - 2013-12-21 15:27 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-11 18:12 - 2013-12-11 18:12 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
2013-12-15 16:42 - 2013-12-15 16:42 - 03017840 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-12-15 16:42 - 2013-12-15 16:42 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-15 16:42 - 2013-12-15 16:42 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2013 04:16:35 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Dragon NaturallySpeaking 10 -- Fehler 1706. Für das Produkt Dragon NaturallySpeaking 10 wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "Dragon NaturallySpeaking 10.msi".
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\F\03> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\F\03> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\F\CE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\F\CE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\A\29> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\A\29> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\F\4F> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:37 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\F\4F> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/27/2013 03:14:36 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\R******* *****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\11JL8C6B.DEFAULT\CACHE.TRASH7940\4\F3> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (12/27/2013 03:47:05 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman
Error: (12/27/2013 03:12:29 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/27/2013 03:12:08 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 27.12.2013 um 14:55:37 unerwartet heruntergefahren.
Error: (12/27/2013 02:32:08 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/27/2013 02:31:48 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 27.12.2013 um 14:15:31 unerwartet heruntergefahren.
Error: (12/25/2013 09:21:02 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.179.118 für die Netzwerkkarte mit der Netzwerkadresse 00215DC065F4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (12/24/2013 11:10:17 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/24/2013 11:09:56 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 24.12.2013 um 23:07:31 unerwartet heruntergefahren.
Error: (12/24/2013 07:42:45 PM) (Source: Service Control Manager) (User: )
Description: Windows Update
Error: (12/24/2013 07:40:07 PM) (Source: Service Control Manager) (User: )
Description: Windows Mobile-based device connectivity%%1053
Microsoft Office Sessions:
=========================
Error: (12/07/2013 11:03:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1993267 seconds with 13080 seconds of active time. This session ended with a crash.
Error: (05/18/2013 02:21:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1021431 seconds with 17100 seconds of active time. This session ended with a crash.
Error: (02/04/2012 05:34:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1329504 seconds with 24660 seconds of active time. This session ended with a crash.
Error: (02/11/2011 03:26:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 189995 seconds with 3720 seconds of active time. This session ended with a crash.
Error: (05/27/2009 08:27:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 611 seconds with 360 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-12-27 17:14:27.385
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:27.158
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:26.942
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:26.623
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:26.365
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:26.147
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:25.930
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:25.707
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:25.435
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 17:14:25.191
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 66%
Total physical RAM: 3038.13 MB
Available physical RAM: 1020.93 MB
Total Pagefile: 6278.51 MB
Available Pagefile: 4130.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.98 GB) (Free:158.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (kis 2014) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 4DB107D6)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=290 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-27 18:57:58
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\REINHO~1\AppData\Local\Temp\pxldapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x9113F90A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x910EFCF0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x910EFF22]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x910EFAEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x911424D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x91103960]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x91141906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x91141498]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x910E0590]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9113FA4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x9113F578]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x91103980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x91140FCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x91142706]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x911415F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x91103970]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x91142140]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x910EFDF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x91141E5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x910EFBEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x91141FC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x910E09AA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x9113F8B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x911411D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x91141CFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x910E09BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x9114133A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x911417FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x9114280E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x91142598]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x91141B52]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 119 822C0764 4 Bytes [0A, F9, 13, 91]
.text ntkrnlpa.exe!KeSetEvent + 13D 822C0788 4 Bytes [F0, FC, 0E, 91] {CLD ; PUSH CS; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 181 822C07CC 4 Bytes [22, FF, 0E, 91] {AND BH, BH; PUSH CS; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1C1 822C080C 4 Bytes [EA, FA, 0E, 91]
.text ntkrnlpa.exe!KeSetEvent + 215 822C0860 4 Bytes [D6, 24, 14, 91] {SALC ; AND AL, 0x14; XCHG ECX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F80A000, 0x24DFB2, 0xE8000020]
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x906D7B80, 0x380E2, 0xE0000060]
.reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0x9EE0D000, 0x845FE, 0xE0000060]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0x9EEDA480, 0x306DD, 0xE0000060]
---- User code sections - GMER 2.1 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1496] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1496] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1496] USER32.dll!SetScrollInfo + 6A8 76837880 4 Bytes [96, 25, 3E, 73]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1496] USER32.dll!SetScrollInfo + 7A8 76837980 4 Bytes [A6, 2E, 3E, 73]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1496] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@LastProcessedRevision 18011832
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy140.gthr
---- EOF - GMER 2.1 ----
|
Baum-Darstellung