GVU Trojaner Version 2.07

BigDaddy2000 · 13.09.2012, 02:39

Hallo,

habe den PC meiner Nichte/Neffen hier und dieser soll den GVU Trojaner V2.07 haben.
Hab ihn selber nicht gesehen, doch die Abbildung von Botfrei.de stimmt überein.

DeFogger, OTL und GMER ausgeführt.
Danke im Voraus

OTL:

Code:

ATTFilter

OTL logfile created on: 13.09.2012 00:59:07 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = I:\logs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 79,06% Memory free
4,26 Gb Paging File | 3,99 Gb Available in Paging File | 93,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,13 Gb Total Space | 192,54 Gb Free Space | 42,77% Space Free | Partition Type: NTFS
Drive I: | 7,48 Gb Total Space | 7,09 Gb Free Space | 94,76% Space Free | Partition Type: FAT32
 
Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.04 16:08:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- I:\logs\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.09.10 17:12:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.27 13:03:54 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 15:15:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 15:15:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 15:15:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 15:15:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.08 01:40:24 | 000,363,112 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.10.19 23:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.09 19:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.04.10 16:06:04 | 000,043,040 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV - [2009.07.20 11:26:40 | 000,027,648 | ---- | M] (Realtek                                            ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2007.08.09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9F 17 B6 14 CF CC 01  [binary data]
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - No CLSID value found
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=02b710240000000000008c89a56afd2c
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{272D2C71-7161-4A73-9312-902A2DD14953}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{A1D3A06C-F946-43F0-9353-7C1C09479F7C}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{C73F1D26-6C38-41bd-A6BA-ED6A9D2BE0FD}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=MMBROWSV
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{D82EBF55-2617-48F1-84B1-5E06FB1D3CB9}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{E91E515D-5D0F-42FE-AE9F-1270DB92040E}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\SearchScopes\{EF93004E-86C7-4693-A61C-25F45338F722}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7256076927&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7256076927&q={searchTerms}
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 17:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 17:12:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.05.15 15:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\mozilla\Extensions
[2012.05.31 16:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\mjcyjv3h.default\extensions
[2012.09.10 17:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 17:12:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.25 15:00:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 20:17:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 15:00:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 15:00:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 15:00:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 15:00:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll File not found
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Laura\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\Toolbar\WebBrowser: (no name) - {1CE76C93-A797-4CA2-AB3C-F4A6CFBA3440} - No CLSID value found.
O3 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe (Micro-Star International)
O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (MSI)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3634814013-2757599404-733246015-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532484C5-9B71-4899-9628-2314DC0BD332}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F37A6D62-AA2B-4223-8351-40EED5CD870B}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{507a8d46-3919-11e1-9c00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{507a8d46-3919-11e1-9c00-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.11 19:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Schroedel
[2012.09.11 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mathe 5
[2012.09.10 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.27 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\Nico GHS Schule
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.13 00:57:30 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable
[2012.09.13 00:56:18 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.13 00:56:18 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.13 00:56:18 | 000,125,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.13 00:56:18 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.13 00:55:36 | 000,001,356 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
[2012.09.13 00:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.13 00:31:28 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 00:31:27 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 00:15:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.13 00:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.12 22:16:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.12 22:15:17 | 000,001,730 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.12 15:13:30 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 19:10:13 | 000,152,156 | ---- | M] () -- C:\Windows\denkstark Jahrgangsstufe 5 Uninstaller.exe
[2012.09.11 19:10:12 | 000,001,903 | ---- | M] () -- C:\Users\Laura\Desktop\denkstark Jg. 5.lnk
[2012.09.11 16:06:35 | 000,002,605 | ---- | M] () -- C:\Users\Laura\Desktop\Microsoft Word.lnk
[2012.09.11 10:49:51 | 004,701,908 | ---- | M] () -- C:\Users\Laura\Documents\Mama Arbeitsvertrag.pdf
[2012.09.09 15:42:00 | 000,002,641 | ---- | M] () -- C:\Users\Laura\Desktop\Microsoft Excel.lnk
[2012.09.08 11:35:11 | 009,403,015 | ---- | M] () -- C:\Users\Laura\Documents\AutoSave_Unbenannt.skp
[2012.09.02 10:59:50 | 000,247,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.30 17:10:19 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
[2012.08.29 16:14:45 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
[2012.08.21 22:07:37 | 2181,694,383 | ---- | M] () -- C:\Users\Laura\Desktop\BusCableCarSimulation-Demo.rar
[2012.08.20 18:57:20 | 000,018,432 | ---- | M] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.13 00:57:30 | 000,000,000 | ---- | C] () -- C:\Users\Laura\defogger_reenable
[2012.09.12 22:09:15 | 000,001,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012.09.12 22:09:15 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2012.09.12 13:25:01 | 000,001,730 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.12 13:25:00 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 19:10:12 | 000,152,156 | ---- | C] () -- C:\Windows\denkstark Jahrgangsstufe 5 Uninstaller.exe
[2012.09.11 19:10:12 | 000,001,903 | ---- | C] () -- C:\Users\Laura\Desktop\denkstark Jg. 5.lnk
[2012.09.11 10:49:46 | 004,701,908 | ---- | C] () -- C:\Users\Laura\Documents\Mama Arbeitsvertrag.pdf
[2012.09.08 11:29:53 | 009,403,015 | ---- | C] () -- C:\Users\Laura\Documents\AutoSave_Unbenannt.skp
[2012.08.30 17:10:19 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
[2012.08.29 16:14:45 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.18 17:53:11 | 000,018,432 | ---- | C] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.11 12:17:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ZCompress.EXE
[2012.02.11 12:17:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\WinSFX.bin
[2012.02.11 12:17:28 | 000,062,716 | ---- | C] () -- C:\Windows\System32\Uninstall985F.DAT
[2012.02.11 12:17:27 | 000,516,096 | ---- | C] () -- C:\Windows\System32\BldSetup.EXE
[2012.02.11 12:17:27 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Setup.EXE
[2012.02.11 12:17:27 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2012.02.11 12:17:27 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Dspan.bin
[2012.02.11 12:17:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\BldDat.EXE
[2012.02.11 12:17:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\BldOpt.EXE
[2012.01.09 21:31:33 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.09 19:02:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.01.09 17:41:57 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.09 17:30:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.01.09 17:30:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.01.08 11:52:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.01.08 11:34:27 | 000,003,475 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.01.07 12:47:12 | 000,001,356 | ---- | C] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.05.24 15:32:57 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\1&1 Mail & Media GmbH
[2012.03.12 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Babylon
[2012.06.05 18:30:20 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Die Feuerwache
[2012.02.04 23:19:17 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\flightgear.org
[2012.06.30 15:29:43 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\FRITZ!
[2012.04.14 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\loadtbs
[2012.02.17 23:29:20 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Origin
[2012.01.09 17:56:22 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Phase6
[2012.03.11 11:55:08 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\ProtectDISC
[2012.01.08 12:11:53 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Splashtop
[2012.09.13 00:31:22 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 13.09.2012 00:59:07 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = I:\logs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 79,06% Memory free
4,26 Gb Paging File | 3,99 Gb Available in Paging File | 93,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,13 Gb Total Space | 192,54 Gb Free Space | 42,77% Space Free | Partition Type: NTFS
Drive I: | 7,48 Gb Total Space | 7,09 Gb Free Space | 94,76% Space Free | Partition Type: FAT32
 
Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{127FB950-B227-4CEE-BDD9-5CFF05D5D58B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{20100FC0-5784-4CB6-9B10-1A16D75A65A2}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{31F26AA1-F950-41EC-B579-A094E7294C46}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe | 
"{4B5D6AB8-611B-4431-9BF1-8FE138C5AAA3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{5888D5A3-5D60-40EA-8B3F-FDE743B2F581}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe | 
"{616564A8-0020-4104-96F8-C8124E2CE4C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6B7724FB-79BD-4071-8C15-3B92B5483271}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8307DED7-3D9F-4D7E-9661-8C7E754787D8}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{840C82CC-29B5-4129-8064-64B18039372E}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{8A81B79E-F76C-4373-A8DD-64572EDC53A1}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{8CADB693-BEB5-4C7B-ABBA-6F615BB8C4A2}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe | 
"{9F16D0FE-60A2-4ECC-8D9A-A16CC41142A3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\game.exe | 
"{A0B39DDD-7F59-451D-8B09-E3D5E31F21DD}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\game.exe | 
"{B022B8E1-8FC7-401B-B1FE-953D1FA8EA1E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{B1F58D45-19C9-4388-B3A5-395B0EDAB547}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{BBB911C2-B5ED-49EE-9F89-CD119726FEC3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe | 
"{D80ADE07-0BA2-45AE-A867-0A0AA846368C}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe | 
"{E1B5DB7A-B331-45D5-A975-B9D3C2F4C02E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{E378BF8C-9233-4BE7-917D-5B53571C2B96}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe | 
"{E4EF8752-DEAB-4E76-9AED-0D5FCFDFF1AC}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{F29508BA-077E-4726-9B1C-FB294677DECA}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{FCDBD4A6-2350-4E64-B444-7DAAFB792437}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD74AE8-6BF3-4B28-A0DD-A9503C39B5BE}_is1" = Construction-Simulator 2012 - Demo version 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}" = Löwenzahn 1
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D339202-76E6-4815-89D0-B59A8654B812}" = Loewenzahn 2
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43D2A1DD-69C9-4E86-8F51-4890A6263863}" = Kidizoom™ PC Anwendungen
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5F7ED0CD-E04E-4441-9E03-10AFDB654E96}_is1" = Werksfeuerwehr-Simulator Version 1.0
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{76403D13-738A-40CD-AEB9-79C182AFFC15}_is1" = Kransimulator 2009 Demo
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7CFC17CE-0A66-46B0-BA57-BF8AB674BF5C}" = Loewenzahn 6
"{80AA446A-3269-4843-8418-D26240DD9071}_is1" = Baumaschinen-Simulator 2012 Version 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CCF5C3-4E30-42E6-992F-3D257B01E292}" = Loewenzahn 3
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE9E39ED-A41A-40D4-B4CD-858A6E41D881}" = Loewenzahn 4
"{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1" = TeamingGenie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DE470016-1C64-11D5-982A-0050DA602C65}" = Löwenzahn 5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1" = Flughafen-Feuerwehr-Simulator Version 1.0
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agrar Simulator 2011 Demo" = Agrar Simulator 2011 Demo
"Avira AntiVir Desktop" = Avira Free Antivirus
"Courier Service Simulator" = Courier Service Simulator (remove only)
"DealPly" = DealPly
"DemolitionCompanyDemoDE_is1" = Demolition Company Demo
"denkstark Jahrgangsstufe 5" = denkstark Jahrgangsstufe 5
"Emergency 2012 Demo" = Emergency 2012 Demo
"FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo
"FFsim" = Feuerwehr-Simulator 2010
"FlightGear_is1" = FlightGear v1.0.0
"Gabelstapler Simulator 2009" = Gabelstapler Simulator 2009 (entfernen)
"I Want This" = I Want This
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"loadtbs-2.1" = loadtbs-2.1
"Loksim3D" = Loksim3D
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müllabfuhr-Simulator 2008 DEMO_is1" = Müllabfuhr-Simulator 2008 DEMO
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"phase-6" = phase-6 2.1.2d
"Ports Of Call - 2008 deluxe DEMO 1.31" = Ports Of Call - 2008 deluxe DEMO 1.31
"Schwertransport Simulator Demo" = Schwertransport Simulator Demo (entfernen)
"Segelflug Simulator Demoversion_is1" = SotS Gold 6.08 Demo
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"Spreng- und Abriss-Simulator (Demo)" = Spreng- und Abriss-Simulator (Demo)
"THW-Simulator Demo" = THW Simulator 2012 Demo
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3634814013-2757599404-733246015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2012 16:03:34 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
 0x4fecf1b7, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
 0x4da47967, Ausnahmecode 0xc0000005, Fehleroffset 0x000bfea5,  Prozess-ID 0xe30, 
Anwendungsstartzeit 01cd911fe530cf79.
 
Error - 12.09.2012 16:05:30 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0xbd4, Anwendungsstartzeit
 01cd9121f4c3f39c.
 
Error - 12.09.2012 16:06:35 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
 0x4fecf1b7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0x00000000, Fehleroffset 0x00000000,  Prozess-ID 0xc64, Anwendungsstartzeit
 01cd9121e213f47c.
 
Error - 12.09.2012 16:06:38 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
 0x4fecf1b7, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
 0x4da47967, Ausnahmecode 0xc0000005, Fehleroffset 0x000bfea5,  Prozess-ID 0xc64, 
Anwendungsstartzeit 01cd9121e213f47c.
 
Error - 12.09.2012 16:11:08 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x8a4, Anwendungsstartzeit
 01cd9122be836164.
 
Error - 12.09.2012 16:15:18 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
 0x4fecf1b7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xd9c, Anwendungsstartzeit
 01cd9122ad92e4c4.
 
Error - 12.09.2012 16:17:21 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x2a0, Anwendungsstartzeit
 01cd91239d4c7df8.
 
Error - 12.09.2012 18:18:07 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x700, Anwendungsstartzeit
 01cd91347bf8b908.
 
Error - 12.09.2012 18:18:17 | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0xc34, Anwendungsstartzeit
 01cd913482789a28.
 
Error - 12.09.2012 18:32:53 | Computer Name = Laura-PC | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.09.2012 18:34:18 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >

Gmer:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-13 03:30:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000004f ST350032 rev.SD04
Running: 873enf6h.exe; Driver: C:\Users\Laura\AppData\Local\Temp\ugloapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\Windows.old\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Laura\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X789AQWK\www8.agame.com\games\shockwave\b\boarder_xl\spielen_com\boarder_xl_spielen_com.dcr\boa_xl.sol  869 bytes

---- EOF - GMER 1.0.15 ----

cosinus · 14.09.2012, 21:51

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

BigDaddy2000 · 14.09.2012, 22:06

Hallo Cosinus,

ja hab den PC gerade im abgesicherten Modus mit Netzwerktreibern gestartet.
Firefox funktioniert ganz "normal"

Gruß

cosinus · 15.09.2012, 12:42

Gut, dann in diesem Modus erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

14.09.2012, 21:51	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Trojaner Version 2.07 Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung Windows mit F8-Taste beim Start in den abgesicherten Modus bringen. Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: __________________ __________________

GVU Trojaner Version 2.07

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Version 2.07