avira findet TR/Crypt.ULPM.Gen [trojan] während java download in jre-7u13-windows-i586-iftw.exe.part
Hallo liebes Trojaner-board Team,
ich habe gestern meine Plugins bei firefox mittels des pluginchecks auf ihre Aktualität hin geprüft. Daraufhin wurde mir angezeit, dass beide java Plugins nicht auf dem aktuellsten Stand sind. (Anm.: Ich aktiviere die java Plugins nur nach Bedarf)
Es handelte sich dabei um das Java deployment toolkit 7.0.110.21 10.11.2.21
Da ich java inzwischen deinstalliert habe, kann ich leider nicht den genauen Namen des anderen Plugins nennen, es wird sich aber somit um ein Standard Plugin handeln.
Ich wurde von der firefox/plugincheck Seite auf die offizielle java Seite weitergeleitet, um das Recommended Version 7 Update 13 runterzuladen. Als der java Download startete, meldete avira den besagten Fund: Avira Fundmeldung
Die Datei 'C:\Users\***\Application Data\XMind\configuration-cathy\Downloads\jre-7u13-windows-i586-iftw.exe.part'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' [trojan]
Leider kann ich den Report nicht mehr finden.
Ich habe anschließend einen malwarebytes scan gemacht, der nichts fand, als auch spybot durchlaufen lassen, das ebenso nichts fand.
Diese Problembeschreibung deutet beim ersten Anblick auf einen Fehlalarm hin. Da ich jedoch am selben Tag auch zwei Demo-Spiele runtergeladen habe, möchte ich nochmal auf Nummer sichergehen und poste folgende gesammelte Daten: vorher noch eine kurze Anmerkung, da diese eventuell für die Auswertung relevant ist: ich habe die besagte .exe Datei inzwischen gelöscht. Außerdem habe ich den Ordner Application Data\XMind\configuration-cathy\Downloads bevor ich defogger, OTL und Gmer durchlaufen hab lassen, verschoben nach C:\Users\***\downloads
Außerdem habe ich CCleaner einmal durchlaufen lassen, allerdings ohne die Registry zu reinigen. defogger gibt keine Fehlermeldungen aus. OTL
OTL Logfile: Code:
OTL logfile created on: 06.02.2013 10:03:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\users\***\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,70% Memory free
6,08 Gb Paging File | 4,96 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,15 Gb Total Space | 153,57 Gb Free Space | 63,68% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 224,48 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.06 09:21:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\users\***\downloads\OTL.exe
PRC - [2012.08.09 09:16:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012.07.02 16:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Veoh_Giraffic.exe
PRC - [2012.05.08 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:00:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:00:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.10 13:34:38 | 000,100,120 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2011.01.27 15:26:28 | 000,931,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OFFICE14\osaui.exe
PRC - [2011.01.27 15:26:26 | 000,492,424 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OFFICE14\osa.exe
PRC - [2010.08.16 19:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.11.19 03:23:12 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.27 17:50:32 | 000,144,744 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\PSUtility\TrayManager.exe
PRC - [2009.07.27 17:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.09 22:40:10 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\8e00a00d61ada6010319cf3063fd8d95\log4net.ni.dll
MOD - [2013.01.09 22:40:09 | 000,115,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\f4be3d6c9622aa1289008d073183cf6d\DeskUpdateNotifier.ni.exe
MOD - [2013.01.09 11:58:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.09 11:58:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.09 11:57:47 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.09 11:57:38 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.09 11:56:42 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.09 11:56:34 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.02.28 21:42:14 | 000,652,800 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.02.06 09:12:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012.05.08 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:00:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.27 15:26:26 | 000,492,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\OFFICE14\osa.exe -- (osubsvc)
SRV - [2010.08.16 19:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.19 03:23:12 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.07.27 17:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 15:00:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 15:00:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.16 19:02:49 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.27 04:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.01 16:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.10.31 06:24:48 | 001,192,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.10.26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2004.01.18 03:15:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bd49a148e-817e-4025-bee3-5d541376de3b%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6
FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.8.5
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20121209
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.07 10:17:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 09:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 09:12:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 13:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 09:12:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 09:12:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 13:32:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2013.01.03 19:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.02.06 09:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions
[2013.02.04 22:07:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.04 22:04:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions\firefox@ghostery.com
[2013.02.06 09:07:20 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6suxtcj.default-1360004705099\extensions\printPages2Pdf@reinhold.ripper
[2013.02.04 22:07:51 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\adblockpopups@jessehakanen.net.xpi
[2013.02.05 11:11:32 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\client@anonymox.net.xpi
[2013.02.05 11:08:21 | 002,319,618 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\nasanightlaunch@example.com.xpi
[2013.02.04 22:06:20 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.04 22:04:52 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.04 22:07:51 | 000,008,883 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6suxtcj.default-1360004705099\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi
[2013.02.06 09:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.06 09:12:56 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011.07.08 20:08:24 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2013.01.20 01:01:25 | 000,445,336 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15297 more lines...
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{871F645A-509E-45C8-90AA-A2F2D01475A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.06 09:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.05 19:15:25 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\mbam-setup-1.70.0.1100.exe
[2013.02.05 14:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013.02.04 20:05:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Alte Firefox-Daten
[2013.02.01 20:50:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Noten
[2013.02.01 20:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Obtiv
[2013.02.01 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Obtiv
[2013.02.01 20:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Explorer 1.0
[2013.01.30 17:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrabble3D
[2013.01.30 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Scrabble3D
[2013.01.30 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\MAKEMSI Package Documentation
[2013.01.30 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Scrabble3D
[2013.01.30 13:23:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\recent
[2013.01.24 19:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013.01.22 22:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\Mama
[2013.01.22 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FileMaker
[2013.01.22 18:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileMaker
[2013.01.15 23:57:38 | 000,000,000 | ---D | C] -- C:\Users\***\CCEnhancer
[2013.01.15 11:53:32 | 000,000,000 | ---D | C] -- C:\Users\***\spssr-1.04
[2013.01.09 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.09 00:09:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
[2013.01.09 00:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2
[2013.01.09 00:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\SecureW2
[2013.01.09 00:09:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TempDIR
[2013.01.08 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Praktika
[2013.01.07 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.01.07 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.06 10:00:00 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.06 09:36:25 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.06 09:36:25 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.06 09:36:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.06 09:36:24 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.06 09:30:22 | 000,374,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.06 09:30:01 | 000,005,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 09:30:00 | 000,005,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 09:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.06 09:29:43 | 3142,115,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.06 09:11:00 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.06 03:14:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.05 19:15:58 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\mbam-setup-1.70.0.1100.exe
[2013.02.01 20:50:16 | 000,001,961 | ---- | M] () -- C:\Users\***\Desktop\Octava SD4.lnk
[2013.01.30 10:18:39 | 000,074,111 | ---- | M] () -- C:\Users\***\Desktop\eisenhowerme.pdf
[2013.01.29 21:55:03 | 000,327,054 | ---- | M] () -- C:\Users\***\Desktop\Job.pdf
[2013.01.29 11:39:42 | 000,173,823 | ---- | M] () -- C:\Users\***\Desktop\!praktikum!.pdf
[2013.01.28 09:39:49 | 000,019,968 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.22 18:02:34 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\FileMaker Pro.lnk
[2013.01.20 01:01:25 | 000,445,336 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130206-091708.backup
[2013.01.20 01:01:25 | 000,445,336 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.08 09:48:58 | 000,510,802 | ---- | M] () -- C:\Users\***\Documents\Enquete zu Wachstum, Wohlstand, Lebensqualität.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.06 10:00:00 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.06 09:29:44 | 000,374,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.01 20:50:16 | 000,001,961 | ---- | C] () -- C:\Users\***\Desktop\Octava SD4.lnk
[2013.01.30 10:18:38 | 000,074,111 | ---- | C] () -- C:\Users\***\Desktop\eisenhowerme.pdf
[2013.01.29 21:55:03 | 000,327,054 | ---- | C] () -- C:\Users\***\Desktop\Job.pdf
[2013.01.29 11:39:42 | 000,173,823 | ---- | C] () -- C:\Users\***\Desktop\!praktikum!.pdf
[2013.01.22 18:02:34 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\FileMaker Pro.lnk
[2013.01.22 18:02:32 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMaker Pro.lnk
[2013.01.08 09:48:58 | 000,510,802 | ---- | C] () -- C:\Users\***\Documents\Enquete zu Wachstum, Wohlstand, Lebensqualität.pdf
[2012.02.07 17:32:00 | 000,023,524 | ---- | C] () -- C:\Users\***\PB_Chiptankarten_Aktivierung_Entsperrung_07-02-2012.pdf
[2012.01.06 14:55:08 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2011.11.01 21:53:04 | 000,007,677 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.3
[2011.09.03 15:54:13 | 000,019,968 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 08:37:23 | 000,000,466 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.09.01 08:37:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.08.23 15:30:29 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.08.23 14:19:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.08.23 14:18:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.08.23 14:18:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.08.22 11:11:20 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.08.22 11:04:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.12.01 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv
[2011.09.18 23:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.07.12 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.09.18 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CreeperWorld2
[2011.09.18 15:20:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CreeperWorld2Demo.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011.08.29 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DL
[2012.12.29 13:58:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.01.07 10:17:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.08.28 13:10:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.04 09:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.01.06 14:55:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2012.03.05 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
========== Purity Check ==========
< End of report >
--- --- --- Extras
OTL Logfile: Code:
OTL Extras logfile created on: 06.02.2013 10:03:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\users\***\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,70% Memory free
6,08 Gb Paging File | 4,96 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,15 Gb Total Space | 153,57 Gb Free Space | 63,68% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 224,48 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B35C539-82A6-49CC-A6C1-B6B1A39B83DA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1627C79C-67FF-47D0-B57E-200DCDA4193A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{560C9C18-7FB5-4D58-9693-40E6A0F7FC4E}" = dir=in | app=c:\program files\microsoft lync\communicator.exe |
"{58E19838-0D24-47DC-8960-DD76E6FF5679}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5A39AD27-B734-4B94-91BB-81B9B7DE6D4F}" = dir=in | app=c:\program files\microsoft lync\ucmapi.exe |
"{5F82FB62-DF71-402A-BDD3-B29C746FBE66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6A931C9B-8C51-4CCE-B5C9-B249FBB39327}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{8BCC22C3-C891-45AE-B1D5-E0326329A88A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5C7292B-4CEC-4227-93AE-96D0294EA304}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{C3BD79C9-E9BB-4912-8FEC-5DF451527D92}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D25824BA-2A19-4FE3-B3A3-BD930CCE7275}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D94D6386-808E-41C5-87AE-F137923B7172}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{F242C861-3EA4-4BD1-834C-DD1277DCCDFB}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F5A78F5D-05D0-457B-AEEF-AD1A33E7F9C5}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"TCP Query User{D98FCB84-06BE-40A6-805B-3BE9B581B26E}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"UDP Query User{FA6B42D5-7B9D-41A5-B157-5C7586C22BD8}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8680171A-9311-4453-86CA-E39EB5B6C2A3}" = FileMaker Pro 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSSUB_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSSUB_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSSUB_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Office Subscription (German) 2010
"{91140000-011D-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus Subscription 2010
"{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E11BBF69-C686-45B3-9267-CE44603B47AE}" = Scrabble3D
"{E680BB35-F552-4B28-BE4F-8E7CE515636F}" = Octava SD4
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5730-6571-9917-5170" = NetLogo 5.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DeskUpdate_is1" = DeskUpdate 4.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Giraffic" = Veoh Giraffic Video Accelerator
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSSUB" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:03:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.02.2013 11:06:16 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c,
fehlerhaftes Modul cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c, Ausnahmecode
0xc0000005, Fehleroffset 0x00615d89, Prozess-ID 0xf7c, Anwendungsstartzeit 01ce03b2585f8df8.
Error - 05.02.2013 11:06:32 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c,
fehlerhaftes Modul cap2.exe, Version 0.0.0.0, Zeitstempel 0x431e675c, Ausnahmecode
0xc0000005, Fehleroffset 0x00615d89, Prozess-ID 0xdb0, Anwendungsstartzeit 01ce03b261968098.
[ Cisco AnyConnect VPN Client Events ]
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 06.02.2013 04:32:40 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 06.02.2013 04:32:48 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
[ System Events ]
Error - 05.02.2013 21:51:12 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 06.02.2013 04:01:23 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.02.2013 04:29:55 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.02.2013 um 09:28:05 unerwartet heruntergefahren.
Error - 06.02.2013 04:30:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.02.2013 04:30:23 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 06.02.2013 04:30:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 06.02.2013 04:30:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 06.02.2013 04:30:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 06.02.2013 04:30:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 06.02.2013 04:30:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
--- --- --- gmer
GMER Logfile: Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-06 10:23:38
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\HANNES~1\AppData\Local\Temp\pfryqaow.sys
---- System - GMER 2.0 ----
SSDT 8C8C6A6E ZwCreateSection
SSDT 8C8C6A78 ZwRequestWaitReplyPort
SSDT 8C8C6A73 ZwSetContextThread
SSDT 8C8C6A7D ZwSetSecurityObject
SSDT 8C8C6A82 ZwSystemDebugControl
SSDT 8C8C6A0F ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820BE8D8 4 Bytes [6E, 6A, 8C, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 820BEBFC 4 Bytes [78, 6A, 8C, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 820BEC30 4 Bytes [73, 6A, 8C, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820BEC94 4 Bytes [7D, 6A, 8C, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 820BECDC 4 Bytes [82, 6A, 8C, 8C] {SUB BYTE [EDX-0x74], 0x8c}
.text ...
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e0ca9413451d
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\e0ca9413451d (not active ControlSet)
---- EOF - GMER 2.0 ----
--- --- ---
Ich hoffe, dass die Angaben ausreichend sind, sowie das mein post angebracht ist.
Für etwaige Mühen und Umstände vorab: Vielen Dank! |
