Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part

avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part


Plagegeister aller Art und deren Bekämpfung: avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.02.2013, 11:39   #1
hanhab
 
avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part - Standard

avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part


Hallo liebes Trojaner-board Team,

ich habe gestern meine Plugins bei firefox mittels des pluginchecks auf ihre Aktualität hin geprüft. Daraufhin wurde mir angezeit, dass beide java Plugins nicht auf dem aktuellsten Stand sind. (Anm.: Ich aktiviere die java Plugins nur nach Bedarf)

Es handelte sich dabei um das Java deployment toolkit 7.0.110.21 10.11.2.21
Da ich java inzwischen deinstalliert habe, kann ich leider nicht den genauen Namen des anderen Plugins nennen, es wird sich aber somit um ein Standard Plugin handeln.

Ich wurde von der firefox/plugincheck Seite auf die offizielle java Seite weitergeleitet, um das Recommended Version 7 Update 13 runterzuladen. Als der java Download startete, meldete avira den besagten Fund:

Avira Fundmeldung

Die Datei 'C:\Users\***\Application Data\XMind\configuration-cathy\Downloads\jre-7u13-windows-i586-iftw.exe.part'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' [trojan]

Leider kann ich den Report nicht mehr finden.


Ich habe anschließend einen Malwarebytes scan gemacht, der nichts fand, als auch spybot durchlaufen lassen, das ebenso nichts fand.

Diese Problembeschreibung deutet beim ersten Anblick auf einen Fehlalarm hin. Da ich jedoch am selben Tag auch zwei Demo-Spiele runtergeladen habe, möchte ich nochmal auf Nummer sichergehen und poste folgende gesammelte Daten:

vorher noch eine kurze Anmerkung, da diese eventuell für die Auswertung relevant ist: ich habe die besagte .exe Datei inzwischen gelöscht. Außerdem habe ich den Ordner Application Data\XMind\configuration-cathy\Downloads bevor ich defogger, OTL und GMER durchlaufen hab lassen, verschoben nach C:\Users\***\downloads
Außerdem habe ich CCleaner einmal durchlaufen lassen, allerdings ohne die Registry zu reinigen.


defogger gibt keine Fehlermeldungen aus.


OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.02.2013 10:03:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\users\***\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,70% Memory free
6,08 Gb Paging File | 4,96 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,15 Gb Total Space | 153,57 Gb Free Space | 63,68% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 224,48 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.06 09:21:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\users\***\downloads\OTL.exe
PRC - [2012.08.09 09:16:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012.07.02 16:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Veoh_Giraffic.exe
PRC - [2012.05.08 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:00:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:00:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.10 13:34:38 | 000,100,120 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2011.01.27 15:26:28 | 000,931,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OFFICE14\osaui.exe
PRC - [2011.01.27 15:26:26 | 000,492,424 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OFFICE14\osa.exe
PRC - [2010.08.16 19:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.11.19 03:23:12 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.27 17:50:32 | 000,144,744 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\PSUtility\TrayManager.exe
PRC - [2009.07.27 17:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.09 22:40:10 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\8e00a00d61ada6010319cf3063fd8d95\log4net.ni.dll
MOD - [2013.01.09 22:40:09 | 000,115,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\f4be3d6c9622aa1289008d073183cf6d\DeskUpdateNotifier.ni.exe
MOD - [2013.01.09 11:58:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.09 11:58:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.09 11:57:47 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.09 11:57:38 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.09 11:56:42 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.09 11:56:34 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.02.28 21:42:14 | 000,652,800 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.02.06 09:12:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012.05.08 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:00:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.27 15:26:26 | 000,492,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\OFFICE14\osa.exe -- (osubsvc)
SRV - [2010.08.16 19:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.19 03:23:12 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.07.27 17:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 15:00:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 15:00:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.16 19:02:49 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.27 04:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.01 16:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.10.31 06:24:48 | 001,192,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.10.26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2004.01.18 03:15:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bd49a148e-817e-4025-bee3-5d541376de3b%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6
FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.8.5
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20121209
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.07 10:17:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 09:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 09:12:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 13:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 09:12:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 09:12:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 13:32:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2013.01.03 19:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.02.06 09:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions
[2013.02.04 22:07:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.04 22:04:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions\firefox@ghostery.com
[2013.02.06 09:07:20 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions\printPages2Pdf@reinhold.ripper
[2013.02.04 22:07:51 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\adblockpopups@jessehakanen.net.xpi
[2013.02.05 11:11:32 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\client@anonymox.net.xpi
[2013.02.05 11:08:21 | 002,319,618 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\nasanightlaunch@example.com.xpi
[2013.02.04 22:06:20 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.04 22:04:52 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.04 22:07:51 | 000,008,883 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi
[2013.02.06 09:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.06 09:12:56 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011.07.08 20:08:24 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2013.01.20 01:01:25 | 000,445,336 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15297 more lines...
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{871F645A-509E-45C8-90AA-A2F2D01475A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.06 09:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.05 19:15:25 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\mbam-setup-1.70.0.1100.exe
[2013.02.05 14:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013.02.04 20:05:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Alte Firefox-Daten
[2013.02.01 20:50:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Noten
[2013.02.01 20:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Obtiv
[2013.02.01 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Obtiv
[2013.02.01 20:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Explorer 1.0
[2013.01.30 17:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrabble3D
[2013.01.30 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Scrabble3D
[2013.01.30 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\MAKEMSI Package Documentation
[2013.01.30 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Scrabble3D
[2013.01.30 13:23:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\recent
[2013.01.24 19:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013.01.22 22:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\Mama
[2013.01.22 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FileMaker
[2013.01.22 18:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileMaker
[2013.01.15 23:57:38 | 000,000,000 | ---D | C] -- C:\Users\***\CCEnhancer
[2013.01.15 11:53:32 | 000,000,000 | ---D | C] -- C:\Users\***\spssr-1.04
[2013.01.09 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.09 00:09:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
[2013.01.09 00:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2
[2013.01.09 00:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\SecureW2
[2013.01.09 00:09:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TempDIR
[2013.01.08 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Praktika
[2013.01.07 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.01.07 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.06 10:00:00 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.06 09:36:25 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.06 09:36:25 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.06 09:36:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.06 09:36:24 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.06 09:30:22 | 000,374,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.06 09:30:01 | 000,005,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 09:30:00 | 000,005,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 09:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.06 09:29:43 | 3142,115,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.06 09:11:00 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.06 03:14:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.05 19:15:58 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\mbam-setup-1.70.0.1100.exe
[2013.02.01 20:50:16 | 000,001,961 | ---- | M] () -- C:\Users\***\Desktop\Octava SD4.lnk
[2013.01.30 10:18:39 | 000,074,111 | ---- | M] () -- C:\Users\***\Desktop\eisenhowerme.pdf
[2013.01.29 21:55:03 | 000,327,054 | ---- | M] () -- C:\Users\***\Desktop\Job.pdf
[2013.01.29 11:39:42 | 000,173,823 | ---- | M] () -- C:\Users\***\Desktop\!praktikum!.pdf
[2013.01.28 09:39:49 | 000,019,968 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.22 18:02:34 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\FileMaker Pro.lnk
[2013.01.20 01:01:25 | 000,445,336 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130206-091708.backup
[2013.01.20 01:01:25 | 000,445,336 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.08 09:48:58 | 000,510,802 | ---- | M] () -- C:\Users\***\Documents\Enquete zu Wachstum, Wohlstand, Lebensqualität.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.06 10:00:00 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.06 09:29:44 | 000,374,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.01 20:50:16 | 000,001,961 | ---- | C] () -- C:\Users\***\Desktop\Octava SD4.lnk
[2013.01.30 10:18:38 | 000,074,111 | ---- | C] () -- C:\Users\***\Desktop\eisenhowerme.pdf
[2013.01.29 21:55:03 | 000,327,054 | ---- | C] () -- C:\Users\***\Desktop\Job.pdf
[2013.01.29 11:39:42 | 000,173,823 | ---- | C] () -- C:\Users\***\Desktop\!praktikum!.pdf
[2013.01.22 18:02:34 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\FileMaker Pro.lnk
[2013.01.22 18:02:32 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMaker Pro.lnk
[2013.01.08 09:48:58 | 000,510,802 | ---- | C] () -- C:\Users\***\Documents\Enquete zu Wachstum, Wohlstand, Lebensqualität.pdf
[2012.02.07 17:32:00 | 000,023,524 | ---- | C] () -- C:\Users\***\PB_Chiptankarten_Aktivierung_Entsperrung_07-02-2012.pdf
[2012.01.06 14:55:08 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2011.11.01 21:53:04 | 000,007,677 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.3
[2011.09.03 15:54:13 | 000,019,968 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 08:37:23 | 000,000,466 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.09.01 08:37:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.08.23 15:30:29 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.08.23 14:19:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.08.23 14:18:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.08.23 14:18:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.08.22 11:11:20 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.08.22 11:04:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.01 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv
[2011.09.18 23:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.07.12 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.09.18 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CreeperWorld2
[2011.09.18 15:20:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CreeperWorld2Demo.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011.08.29 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DL
[2012.12.29 13:58:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.01.07 10:17:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.08.28 13:10:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.04 09:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.01.06 14:55:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2012.03.05 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---



Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.02.2013 10:03:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\users\***\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,70% Memory free
6,08 Gb Paging File | 4,96 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,15 Gb Total Space | 153,57 Gb Free Space | 63,68% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 224,48 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B35C539-82A6-49CC-A6C1-B6B1A39B83DA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1627C79C-67FF-47D0-B57E-200DCDA4193A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{560C9C18-7FB5-4D58-9693-40E6A0F7FC4E}" = dir=in | app=c:\program files\microsoft lync\communicator.exe | 
"{58E19838-0D24-47DC-8960-DD76E6FF5679}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{5A39AD27-B734-4B94-91BB-81B9B7DE6D4F}" = dir=in | app=c:\program files\microsoft lync\ucmapi.exe | 
"{5F82FB62-DF71-402A-BDD3-B29C746FBE66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6A931C9B-8C51-4CCE-B5C9-B249FBB39327}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe | 
"{8BCC22C3-C891-45AE-B1D5-E0326329A88A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5C7292B-4CEC-4227-93AE-96D0294EA304}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe | 
"{C3BD79C9-E9BB-4912-8FEC-5DF451527D92}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{D25824BA-2A19-4FE3-B3A3-BD930CCE7275}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{D94D6386-808E-41C5-87AE-F137923B7172}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe | 
"{F242C861-3EA4-4BD1-834C-DD1277DCCDFB}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{F5A78F5D-05D0-457B-AEEF-AD1A33E7F9C5}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe | 
"TCP Query User{D98FCB84-06BE-40A6-805B-3BE9B581B26E}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"UDP Query User{FA6B42D5-7B9D-41A5-B157-5C7586C22BD8}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8680171A-9311-4453-86CA-E39EB5B6C2A3}" = FileMaker Pro 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSSUB_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSSUB_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Office Subscription (German) 2010
"{91140000-011D-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus Subscription 2010
"{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E11BBF69-C686-45B3-9267-CE44603B47AE}" = Scrabble3D
"{E680BB35-F552-4B28-BE4F-8E7CE515636F}" = Octava SD4
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5730-6571-9917-5170" = NetLogo 5.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DeskUpdate_is1" = DeskUpdate 4.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Giraffic" = Veoh Giraffic Video Accelerator
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSSUB" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 05.02.2013 11:06:16 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c,
 fehlerhaftes Modul cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c, Ausnahmecode
 0xc0000005, Fehleroffset 0x00615d89,  Prozess-ID 0xf7c, Anwendungsstartzeit 01ce03b2585f8df8.
 
Error - 05.02.2013 11:06:32 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c,
 fehlerhaftes Modul cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c, Ausnahmecode
 0xc0000005, Fehleroffset 0x00615d89,  Prozess-ID 0xdb0, Anwendungsstartzeit 01ce03b261968098.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
 344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
[ System Events ]
Error - 05.02.2013 21:51:12 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 06.02.2013 04:01:23 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.02.2013 04:29:55 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.02.2013 um 09:28:05 unerwartet heruntergefahren.
 
Error - 06.02.2013 04:30:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.02.2013 04:30:23 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.02.2013 04:30:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 06.02.2013 04:30:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 06.02.2013 04:30:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 04:30:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 06.02.2013 04:30:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---



gmer

GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-06 10:23:38
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\HANNES~1\AppData\Local\Temp\pfryqaow.sys


---- System - GMER 2.0 ----

SSDT   8C8C6A6E                                                                                         ZwCreateSection
SSDT   8C8C6A78                                                                                         ZwRequestWaitReplyPort
SSDT   8C8C6A73                                                                                         ZwSetContextThread
SSDT   8C8C6A7D                                                                                         ZwSetSecurityObject
SSDT   8C8C6A82                                                                                         ZwSystemDebugControl
SSDT   8C8C6A0F                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                    820BE8D8 4 Bytes  [6E, 6A, 8C, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 539                                                                    820BEBFC 4 Bytes  [78, 6A, 8C, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                    820BEC30 4 Bytes  [73, 6A, 8C, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 5D1                                                                    820BEC94 4 Bytes  [7D, 6A, 8C, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 619                                                                    820BECDC 4 Bytes  [82, 6A, 8C, 8C] {SUB BYTE [EDX-0x74], 0x8c}
.text  ...                                                                                              

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e0ca9413451d                      
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\e0ca9413451d (not active ControlSet)  

---- EOF - GMER 2.0 ----
--- --- ---



Ich hoffe, dass die Angaben ausreichend sind, sowie das mein post angebracht ist.
Für etwaige Mühen und Umstände vorab: Vielen Dank!
Geändert von hanhab (06.02.2013 um 11:52 Uhr)

Alt 06.02.2013, 11:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part - Standard

avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part




Zitat:
Die Datei 'C:\Users\***\Application Data\XMind\configuration-cathy\Downloads\jre-7u13-windows-i586-iftw.exe.part'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' [trojan]
PART-Dateien sind normalerweise unvollständige Firefox-Downloaddateien, also so kenn ich das, wenn du mit Firefox eine Datei runterkädst speichert er diese Datei erstmal mit Dateiname.endund.PART ab und wenn der Download vollständig ist, wird das .PART wirde abgeschnitten.

Nun aber zur Datei selber, das sieht nach einem Java-Setup aus und daher halte ich das für einen Fehlalarm. Aus welcher Quelle hast du diese Datei?
__________________

__________________
Alt 06.02.2013, 12:25   #3
hanhab
 
avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part - Standard

avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part


Vielen Dank für die Rückmeldung!

die quelle ist: hxxp://www.java.com/en/download/manual.jsp
das ist die offizielle java Seite von oracle, weshalb ein Fehlalarm ja sehr nahe liegt.
Allerdings habe ich einige Stunden zuvor zwei Demo-Spiele gedownloadet und zwar von gamerslove.com und games2download.com (wenn ich sonst kleine Spiele downloade dann eigentlich immer von heise oder chip)

Deswegen mache ich mir trotzdem Sorgen.
__________________
Alt 06.02.2013, 12:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part - Standard

avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part


Zitat:
Deswegen mache ich mir trotzdem Sorgen.
Hysterie?
Ich hab dir doch eben erklärt, dass der Fund in der exe.part Datei ein Fehlalarm ist.
Wenn du ein ungutes Gefühl bei dieser anderen Spieleei hast, dann lass einfach die Finger davon.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.02.2013, 12:56   #5
hanhab
 
avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part - Standard

avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part


Alles klar, Meister!


Alt 06.02.2013, 13:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part - Standard

avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part


Mach doch einfach noch nen Kontrollscan mit ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part

Antwort

Themen zu avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part
antivir, application/pdf:, avira, bho, converter, desktop, error, fehlalarm, firefox, flash player, helper, home, homepage, install.exe, installation, java download, java plugins, jre-7u13-windows-i586-iftw.exe.part, karte, launch, logfile, mozilla, mp3, programm, realtek, registry, safer networking, scan, security, senden, tr/crypt.ulpm.gen, tracker, trojan, trojaner-board, virus, vista


« GVU Virus. Windows XP SP3 mit Avira Antivirus Free. OTL und Defogger laufen lassen. | PUM.UserWLoad und Trojan.Agent auch hier »


Ähnliche Themen: avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part


  1. Windows 7: Avira findet TR/Crypt.ZPACK.174803
    Log-Analyse und Auswertung - 31.05.2015 (2)
  2. TR/crypt.ulpm.gm gefunden von AVIRA aber nur in Quarantäne verschoben
    Log-Analyse und Auswertung - 09.01.2015 (11)
  3. Win7 - Malwarebytes findet (Trojan.Downloader) und Avira - JAVA/Lamar.SAP.46
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (7)
  4. Antivir Meldung TR/Crypt.ULPM.Gen' [trojan]
    Log-Analyse und Auswertung - 18.10.2013 (7)
  5. Windows 7: Avira findet Java related Virus, Quatrantäne löst das Problem nicht
    Log-Analyse und Auswertung - 01.10.2013 (9)
  6. Avira Fund: TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (3)
  7. Avira Antivir findet JAVA/Agent.LP, EXP/JAVA.Ternub.Gen und EXP/CVE-2012-0507.AR
    Log-Analyse und Auswertung - 21.01.2013 (1)
  8. Avira findet Trojaner TR/Crypt.XPACK.Gen7 in jdk-7u2-windows-i586.exe
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (14)
  9. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  10. TR/Crypt.ULPM.Gen von Avira gefunden-kann nicht gelöscht werden.
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (16)
  11. Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 24.02.2012 (22)
  12. Avira findet Trojaner TR/Crypt.ULPM.Gen in Webot
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (1)
  13. TR/Crypt.ULPM.Gen Trojan & BDS/Agent.49152.G
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (111)
  14. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  15. Avira AntiVir Personal - Free Antivirus meldet TR/Crypt.ULPM.Gen, möglicherweise Fehlalarm
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (5)
  16. Antivir findet TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2009 (7)
  17. Avira meldet TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 15.03.2009 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part - Hallo liebes Trojaner-board Team, ich habe gestern meine Plugins bei firefox mittels des pluginchecks auf ihre Aktualität hin geprüft. Daraufhin wurde mir angezeit, dass beide java Plugins nicht auf dem - avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part...
Archiv
Du betrachtest: avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131