| BigDaddy2000 | 13.09.2012 02:39 |
GVU Trojaner Version 2.07
Hallo,
habe den PC meiner Nichte/Neffen hier und dieser soll den GVU Trojaner V2.07 haben.
Hab ihn selber nicht gesehen, doch die Abbildung von Botfrei.de stimmt überein.
DeFogger, OTL und Gmer ausgeführt.
Danke im Voraus ;)
OTL: Code:
OTL logfile created on: 13.09.2012 00:59:07 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = I:\logs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 79,06% Memory free
4,26 Gb Paging File | 3,99 Gb Available in Paging File | 93,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,13 Gb Total Space | 192,54 Gb Free Space | 42,77% Space Free | Partition Type: NTFS
Drive I: | 7,48 Gb Total Space | 7,09 Gb Free Space | 94,76% Space Free | Partition Type: FAT32
Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.04 16:08:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- I:\logs\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.09.10 17:12:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.27 13:03:54 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 15:15:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 15:15:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 15:15:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 15:15:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.08 01:40:24 | 000,363,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.10.19 23:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.09 19:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.04.10 16:06:04 | 000,043,040 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV - [2009.07.20 11:26:40 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2007.08.09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9F 17 B6 14 CF CC 01 [binary data]
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - No CLSID value found
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=02b710240000000000008c89a56afd2c
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{272D2C71-7161-4A73-9312-902A2DD14953}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{A1D3A06C-F946-43F0-9353-7C1C09479F7C}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{C73F1D26-6C38-41bd-A6BA-ED6A9D2BE0FD}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=MMBROWSV
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{D82EBF55-2617-48F1-84B1-5E06FB1D3CB9}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{E91E515D-5D0F-42FE-AE9F-1270DB92040E}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{EF93004E-86C7-4693-A61C-25F45338F722}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7256076927&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7256076927&q={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 17:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 17:12:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.05.15 15:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\mozilla\Extensions
[2012.05.31 16:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\mjcyjv3h.default\extensions
[2012.09.10 17:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 17:12:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.25 15:00:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 20:17:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 15:00:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 15:00:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 15:00:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 15:00:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll File not found
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Laura\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\Toolbar\WebBrowser: (no name) - {1CE76C93-A797-4CA2-AB3C-F4A6CFBA3440} - No CLSID value found.
O3 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe (Micro-Star International)
O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (MSI)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532484C5-9B71-4899-9628-2314DC0BD332}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F37A6D62-AA2B-4223-8351-40EED5CD870B}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{507a8d46-3919-11e1-9c00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{507a8d46-3919-11e1-9c00-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.11 19:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Schroedel
[2012.09.11 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mathe 5
[2012.09.10 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.27 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\Nico GHS Schule
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.13 00:57:30 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable
[2012.09.13 00:56:18 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.13 00:56:18 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.13 00:56:18 | 000,125,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.13 00:56:18 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.13 00:55:36 | 000,001,356 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
[2012.09.13 00:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.13 00:31:28 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 00:31:27 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 00:15:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.13 00:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.12 22:16:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.12 22:15:17 | 000,001,730 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.12 15:13:30 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 19:10:13 | 000,152,156 | ---- | M] () -- C:\Windows\denkstark Jahrgangsstufe 5 Uninstaller.exe
[2012.09.11 19:10:12 | 000,001,903 | ---- | M] () -- C:\Users\Laura\Desktop\denkstark Jg. 5.lnk
[2012.09.11 16:06:35 | 000,002,605 | ---- | M] () -- C:\Users\Laura\Desktop\Microsoft Word.lnk
[2012.09.11 10:49:51 | 004,701,908 | ---- | M] () -- C:\Users\Laura\Documents\Mama Arbeitsvertrag.pdf
[2012.09.09 15:42:00 | 000,002,641 | ---- | M] () -- C:\Users\Laura\Desktop\Microsoft Excel.lnk
[2012.09.08 11:35:11 | 009,403,015 | ---- | M] () -- C:\Users\Laura\Documents\AutoSave_Unbenannt.skp
[2012.09.02 10:59:50 | 000,247,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.30 17:10:19 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
[2012.08.29 16:14:45 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
[2012.08.21 22:07:37 | 2181,694,383 | ---- | M] () -- C:\Users\Laura\Desktop\BusCableCarSimulation-Demo.rar
[2012.08.20 18:57:20 | 000,018,432 | ---- | M] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.13 00:57:30 | 000,000,000 | ---- | C] () -- C:\Users\Laura\defogger_reenable
[2012.09.12 22:09:15 | 000,001,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012.09.12 22:09:15 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2012.09.12 13:25:01 | 000,001,730 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.12 13:25:00 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 19:10:12 | 000,152,156 | ---- | C] () -- C:\Windows\denkstark Jahrgangsstufe 5 Uninstaller.exe
[2012.09.11 19:10:12 | 000,001,903 | ---- | C] () -- C:\Users\Laura\Desktop\denkstark Jg. 5.lnk
[2012.09.11 10:49:46 | 004,701,908 | ---- | C] () -- C:\Users\Laura\Documents\Mama Arbeitsvertrag.pdf
[2012.09.08 11:29:53 | 009,403,015 | ---- | C] () -- C:\Users\Laura\Documents\AutoSave_Unbenannt.skp
[2012.08.30 17:10:19 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
[2012.08.29 16:14:45 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.18 17:53:11 | 000,018,432 | ---- | C] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.11 12:17:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ZCompress.EXE
[2012.02.11 12:17:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\WinSFX.bin
[2012.02.11 12:17:28 | 000,062,716 | ---- | C] () -- C:\Windows\System32\Uninstall985F.DAT
[2012.02.11 12:17:27 | 000,516,096 | ---- | C] () -- C:\Windows\System32\BldSetup.EXE
[2012.02.11 12:17:27 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Setup.EXE
[2012.02.11 12:17:27 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2012.02.11 12:17:27 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Dspan.bin
[2012.02.11 12:17:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\BldDat.EXE
[2012.02.11 12:17:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\BldOpt.EXE
[2012.01.09 21:31:33 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.09 19:02:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.01.09 17:41:57 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.09 17:30:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.01.09 17:30:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.01.08 11:52:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.01.08 11:34:27 | 000,003,475 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.01.07 12:47:12 | 000,001,356 | ---- | C] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
========== LOP Check ==========
[2012.05.24 15:32:57 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\1&1 Mail & Media GmbH
[2012.03.12 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Babylon
[2012.06.05 18:30:20 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Die Feuerwache
[2012.02.04 23:19:17 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\flightgear.org
[2012.06.30 15:29:43 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\FRITZ!
[2012.04.14 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\loadtbs
[2012.02.17 23:29:20 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Origin
[2012.01.09 17:56:22 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Phase6
[2012.03.11 11:55:08 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\ProtectDISC
[2012.01.08 12:11:53 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Splashtop
[2012.09.13 00:31:22 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extras: Code:
OTL Extras logfile created on: 13.09.2012 00:59:07 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = I:\logs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 79,06% Memory free
4,26 Gb Paging File | 3,99 Gb Available in Paging File | 93,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,13 Gb Total Space | 192,54 Gb Free Space | 42,77% Space Free | Partition Type: NTFS
Drive I: | 7,48 Gb Total Space | 7,09 Gb Free Space | 94,76% Space Free | Partition Type: FAT32
Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{127FB950-B227-4CEE-BDD9-5CFF05D5D58B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{20100FC0-5784-4CB6-9B10-1A16D75A65A2}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{31F26AA1-F950-41EC-B579-A094E7294C46}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe |
"{4B5D6AB8-611B-4431-9BF1-8FE138C5AAA3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{5888D5A3-5D60-40EA-8B3F-FDE743B2F581}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe |
"{616564A8-0020-4104-96F8-C8124E2CE4C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6B7724FB-79BD-4071-8C15-3B92B5483271}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8307DED7-3D9F-4D7E-9661-8C7E754787D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{840C82CC-29B5-4129-8064-64B18039372E}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{8A81B79E-F76C-4373-A8DD-64572EDC53A1}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{8CADB693-BEB5-4C7B-ABBA-6F615BB8C4A2}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe |
"{9F16D0FE-60A2-4ECC-8D9A-A16CC41142A3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\game.exe |
"{A0B39DDD-7F59-451D-8B09-E3D5E31F21DD}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\game.exe |
"{B022B8E1-8FC7-401B-B1FE-953D1FA8EA1E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{B1F58D45-19C9-4388-B3A5-395B0EDAB547}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{BBB911C2-B5ED-49EE-9F89-CD119726FEC3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe |
"{D80ADE07-0BA2-45AE-A867-0A0AA846368C}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe |
"{E1B5DB7A-B331-45D5-A975-B9D3C2F4C02E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{E378BF8C-9233-4BE7-917D-5B53571C2B96}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe |
"{E4EF8752-DEAB-4E76-9AED-0D5FCFDFF1AC}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{F29508BA-077E-4726-9B1C-FB294677DECA}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{FCDBD4A6-2350-4E64-B444-7DAAFB792437}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD74AE8-6BF3-4B28-A0DD-A9503C39B5BE}_is1" = Construction-Simulator 2012 - Demo version 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}" = Löwenzahn 1
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D339202-76E6-4815-89D0-B59A8654B812}" = Loewenzahn 2
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43D2A1DD-69C9-4E86-8F51-4890A6263863}" = Kidizoom™ PC Anwendungen
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5F7ED0CD-E04E-4441-9E03-10AFDB654E96}_is1" = Werksfeuerwehr-Simulator Version 1.0
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{76403D13-738A-40CD-AEB9-79C182AFFC15}_is1" = Kransimulator 2009 Demo
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7CFC17CE-0A66-46B0-BA57-BF8AB674BF5C}" = Loewenzahn 6
"{80AA446A-3269-4843-8418-D26240DD9071}_is1" = Baumaschinen-Simulator 2012 Version 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CCF5C3-4E30-42E6-992F-3D257B01E292}" = Loewenzahn 3
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE9E39ED-A41A-40D4-B4CD-858A6E41D881}" = Loewenzahn 4
"{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1" = TeamingGenie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DE470016-1C64-11D5-982A-0050DA602C65}" = Löwenzahn 5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1" = Flughafen-Feuerwehr-Simulator Version 1.0
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agrar Simulator 2011 Demo" = Agrar Simulator 2011 Demo
"Avira AntiVir Desktop" = Avira Free Antivirus
"Courier Service Simulator" = Courier Service Simulator (remove only)
"DealPly" = DealPly
"DemolitionCompanyDemoDE_is1" = Demolition Company Demo
"denkstark Jahrgangsstufe 5" = denkstark Jahrgangsstufe 5
"Emergency 2012 Demo" = Emergency 2012 Demo
"FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo
"FFsim" = Feuerwehr-Simulator 2010
"FlightGear_is1" = FlightGear v1.0.0
"Gabelstapler Simulator 2009" = Gabelstapler Simulator 2009 (entfernen)
"I Want This" = I Want This
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"loadtbs-2.1" = loadtbs-2.1
"Loksim3D" = Loksim3D
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müllabfuhr-Simulator 2008 DEMO_is1" = Müllabfuhr-Simulator 2008 DEMO
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"phase-6" = phase-6 2.1.2d
"Ports Of Call - 2008 deluxe DEMO 1.31" = Ports Of Call - 2008 deluxe DEMO 1.31
"Schwertransport Simulator Demo" = Schwertransport Simulator Demo (entfernen)
"Segelflug Simulator Demoversion_is1" = SotS Gold 6.08 Demo
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"Spreng- und Abriss-Simulator (Demo)" = Spreng- und Abriss-Simulator (Demo)
"THW-Simulator Demo" = THW Simulator 2012 Demo
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.09.2012 16:03:34 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
0x4fecf1b7, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47967, Ausnahmecode 0xc0000005, Fehleroffset 0x000bfea5, Prozess-ID 0xe30,
Anwendungsstartzeit 01cd911fe530cf79.
Error - 12.09.2012 16:05:30 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0xbd4, Anwendungsstartzeit
01cd9121f4c3f39c.
Error - 12.09.2012 16:06:35 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
0x4fecf1b7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0x00000000, Fehleroffset 0x00000000, Prozess-ID 0xc64, Anwendungsstartzeit
01cd9121e213f47c.
Error - 12.09.2012 16:06:38 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
0x4fecf1b7, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47967, Ausnahmecode 0xc0000005, Fehleroffset 0x000bfea5, Prozess-ID 0xc64,
Anwendungsstartzeit 01cd9121e213f47c.
Error - 12.09.2012 16:11:08 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x8a4, Anwendungsstartzeit
01cd9122be836164.
Error - 12.09.2012 16:15:18 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
0x4fecf1b7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xd9c, Anwendungsstartzeit
01cd9122ad92e4c4.
Error - 12.09.2012 16:17:21 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x2a0, Anwendungsstartzeit
01cd91239d4c7df8.
Error - 12.09.2012 18:18:07 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x700, Anwendungsstartzeit
01cd91347bf8b908.
Error - 12.09.2012 18:18:17 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0xc34, Anwendungsstartzeit
01cd913482789a28.
Error - 12.09.2012 18:32:53 | Computer Name = Laura-PC | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Gmer: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-13 03:30:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000004f ST350032 rev.SD04
Running: 873enf6h.exe; Driver: C:\Users\Laura\AppData\Local\Temp\ugloapob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Windows.old\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Laura\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X789AQWK\www8.agame.com\games\shockwave\b\boarder_xl\spielen_com\boarder_xl_spielen_com.dcr\boa_xl.sol 869 bytes
---- EOF - GMER 1.0.15 ----
|
