GVU Trojaner (XP, x86)

schaedling · 26.07.2012, 19:03

Guten Tag,

so wie es aussieht habe ich mir den "GVU Trojaner" eingefangen. Jedenfalls habe ich den Titel hier öfter gelesen und die Symptome treffen bei mir zu, d.h. ich habe im Autostart einen Eintrag "ctfmon" dessen Befehl auf ",FQ10" endet.

OTL logfile created on: 26.07.2012 19:54:45 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Dokumente und Einstellungen\Micha\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 77,64% Memory free
3,72 Gb Paging File | 3,47 Gb Available in Paging File | 93,10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 175,78 Gb Total Space | 76,31 Gb Free Space | 43,41% Space Free | Partition Type: NTFS

Computer Name: TOOL | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.26 19:39:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2011.11.14 00:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2011.11.14 00:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe
PRC - [2011.08.29 23:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.05.07 09:12:42 | 000,265,216 | ---- | M] () -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012.07.21 17:33:05 | 000,190,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Temp\rool0_pk.exe
MOD - [2011.11.14 00:43:16 | 001,229,424 | ---- | M] () -- C:\Programme\VMware\VMware Player\libxml2.dll
MOD - [2010.05.07 09:12:42 | 000,265,216 | ---- | M] () -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.08 17:51:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.11.14 00:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.11.14 00:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.29 23:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.05.07 09:12:42 | 000,039,936 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.08.26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1iv260q)
DRV - [2011.11.14 00:43:26 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2011.11.14 00:42:40 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2011.11.14 00:42:16 | 000,033,776 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2011.11.14 00:42:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2011.11.13 22:33:56 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011.08.29 23:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2011.08.08 15:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010.05.07 09:12:38 | 000,034,336 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.02.07 20:57:40 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.03.17 14:24:08 | 001,964,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.16 13:08:54 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007.12.18 12:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.07.17 02:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.02.14 15:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.02.14 15:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.12.15 15:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.01.07 21:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.08 17:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.30 19:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.12 11:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.01.07 21:49:42 | 000,000,000 | ---D | M]

[2008.11.19 12:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Extensions
[2012.07.25 21:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\i1a8x0sb.default\extensions
[2011.09.10 17:15:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\i1a8x0sb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.13 20:14:21 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\i1a8x0sb.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}
[2012.03.30 19:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\I1A8X0SB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
[2012.03.30 19:26:16 | 000,029,003 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\I1A8X0SB.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.06.08 17:51:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.30 19:00:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [openvpn-gui] C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8903F4-9C14-4844-B1D9-467293F7030A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CA7621-03F2-46E0-BA53-697468DDC5EE}: NameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 13:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e3662f9e-2d85-11de-80f3-0021002a3951}\Shell - "" = AutoRun
O33 - MountPoints2\{e3662f9e-2d85-11de-80f3-0021002a3951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3662f9e-2d85-11de-80f3-0021002a3951}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.26 19:39:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe
[2012.07.25 21:52:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Micha\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.26 19:58:13 | 000,452,214 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.26 19:58:13 | 000,435,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.26 19:58:13 | 000,082,002 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.26 19:58:13 | 000,069,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.26 19:56:51 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kp_0loor.pad
[2012.07.26 19:53:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.26 19:53:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 19:48:23 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2012.07.26 19:39:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe
[2012.07.26 19:36:05 | 000,001,610 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.23 21:23:44 | 000,038,400 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.21 17:41:00 | 000,001,714 | -H-- | M] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Default.rdp
[2012.07.20 17:09:05 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.20 15:17:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.21 17:33:06 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kp_0loor.pad
[2012.07.21 17:33:06 | 000,001,610 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.20 17:14:23 | 000,029,003 | ---- | C] () -- C:\grooveshark_unlocker-1.2-fx.xpi
[2012.04.01 14:11:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.01 18:36:42 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.03.01 18:36:40 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.11.29 13:59:06 | 000,000,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\uebung6.sql
[2011.11.06 21:44:48 | 000,003,325 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\.ganttproject
[2011.10.26 11:39:03 | 000,010,194 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\_viminfo
[2011.09.12 19:10:50 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.09.12 19:10:50 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.11.12 18:25:37 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.06.17 10:59:10 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2010.01.18 20:58:23 | 000,038,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.09 15:10:58 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Ÿ9Ÿ9

========== LOP Check ==========

[2010.01.04 23:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.11.12 18:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2010.11.12 18:13:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.11.12 18:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\AnvSoft
[2010.10.14 21:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Canneverbe Limited
[2012.01.11 10:58:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\DB-Main
[2012.07.26 19:53:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Dropbox
[2010.06.17 12:08:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\FileZilla
[2011.11.09 13:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Foxit Software
[2010.01.04 23:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\InfraRecorder
[2010.09.23 22:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mumble
[2008.11.18 22:26:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Notepad++
[2011.11.06 23:14:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\OpenOffice.org
[2008.11.26 15:01:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Ordner HP Share-to-Web
[2011.11.29 13:18:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\SQL Developer
[2011.11.22 13:19:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Subversion
[2008.11.19 12:32:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Thunderbird

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 26.07.2012 19:54:45 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Dokumente und Einstellungen\Micha\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 77,64% Memory free
3,72 Gb Paging File | 3,47 Gb Available in Paging File | 93,10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 175,78 Gb Total Space | 76,31 Gb Free Space | 43,41% Space Free | Partition Type: NTFS

Computer Name: TOOL | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\eclipse\eclipse.exe" = C:\Programme\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Spiele\blobby-alpha-8\blobby.exe" = C:\Spiele\blobby-alpha-8\blobby.exe:*:Enabled:blobby -- ()
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled

ropbox -- (Dropbox, Inc.)
"C:\Programme\VMware\VMware Player\vmware-authd.exe" = C:\Programme\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd Service -- (VMware, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{11A7769F-6706-3191-9A9A-6B4AB0F56419}" = Catalyst Control Center Localization Norwegian
"{169F0A86-B4E2-E0D0-9623-4982A9C48C93}" = CCC Help Chinese Traditional
"{177775EF-DF8B-D947-0B51-D14ED1F836C5}" = Catalyst Control Center Localization Czech
"{183C2621-49ED-C3F3-6FFF-4807079E1AC0}" = CCC Help Thai
"{189DC77B-7B5B-0547-276B-C026EF0C757C}" = ccc-core-preinstall
"{1D8135C3-46FA-77E4-E645-405BD62DDAB9}" = Catalyst Control Center Localization Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209DC8F3-20D6-56D1-3EDA-04792A59589D}" = CCC Help Greek
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2A0AF7BE-CB9C-D902-676E-B3DAEECB6B2D}" = Catalyst Control Center Localization Korean
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2B9A8E7E-CDE6-D723-3521-B6D4784FFBEA}" = Catalyst Control Center Localization Japanese
"{2D0A84FC-2178-131A-7563-705200BDFF20}" = CCC Help Polish
"{2EE6086A-2926-66A7-2B60-42FB259D95B7}" = Catalyst Control Center Localization Russian
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{33B75044-54B4-5AB4-7A19-7B9D77BF2285}" = Catalyst Control Center Localization Greek
"{33E58EE4-0E59-0017-78D0-D56FD3594770}" = CCC Help Korean
"{342BE86B-31F5-6E7E-A1CB-87BA5272BC2C}" = Catalyst Control Center Localization Hungarian
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36807E1C-C7F5-CCF7-3617-F41837DECAF7}" = CCC Help Danish
"{3A8B8170-7321-E5FC-0047-74F9F5D21B25}" = Catalyst Control Center Localization Thai
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B26E060-5BC9-4B45-BD20-882E94CADFCF}" = VmciSockets
"{4D1E0AA2-3B34-6940-3663-0E255EFBBF63}" = CCC Help Portuguese
"{517459C1-A2C2-7641-AA71-4E7E98B5E8A9}" = CCC Help Spanish
"{53B35D1A-B93A-C389-409B-EEBC68D82861}" = Catalyst Control Center Core Implementation
"{540EA3CE-1229-5702-929D-A67E6331AC39}" = CCC Help Norwegian
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A721E61-FBDE-9422-3C64-17D918C7196B}" = Catalyst Control Center Localization German
"{5F74F1E5-C4DF-7A18-3C11-A47382FFA660}" = CCC Help Swedish
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{611CB353-FEC0-1245-1859-B169344D1454}" = CCC Help Japanese
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{77F38DEB-140F-0B24-52C4-6B385127CB1F}" = Catalyst Control Center Localization Finnish
"{79AAA8E0-B47C-EDAB-826E-C498AA4857CE}" = CCC Help Finnish
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89B65CDA-DC1B-C5B3-73DF-3CFF4A19A588}" = CCC Help German
"{8C74846F-56C1-7CA1-14BF-B7A87F7A0CA7}" = Catalyst Control Center Localization Dutch
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{907E8FCC-ACB6-8F7D-9930-8C95F1DC7D87}" = ccc-utility
"{90A2E630-72EA-3309-6B02-9307C795345C}" = CCC Help Russian
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A00E6A54-A3B5-7FCD-5DBA-4BFAB5B2DBD7}" = Catalyst Control Center Localization Italian
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A21A1F07-8EE5-1DC3-74E5-73AF089B5722}" = Catalyst Control Center Localization Polish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A843E814-9178-6F3F-E821-9094D33128F5}" = Catalyst Control Center Graphics Full New
"{A893EF27-F743-D48F-3971-ABD33A2A0902}" = CCC Help French
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AA3D13A1-2373-6638-8398-FBDA07FAC464}" = CCC Help Turkish
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF0EC284-33B6-9100-E851-B64FDC070429}" = Catalyst Control Center Localization French
"{B1463859-54D3-03C0-2D87-04D15A4B5D06}" = Catalyst Control Center Localization Chinese Traditional
"{B15AC518-1C5D-D41F-37CA-768851B11FAB}" = Catalyst Control Center Localization Swedish
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC1584FD-B945-E401-7C34-929964DE9E24}" = CCC Help Chinese Standard
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C443C2F5-CBEC-1299-3A60-6C3C9965EF5A}" = CCC Help Czech
"{C594294F-E38B-FB39-4C3B-E97EFCE3AC0D}" = Catalyst Control Center Localization Danish
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C97636B2-42D2-C8C0-CDD8-4A323CF6BC5C}" = CCC Help Italian
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F7BFE-61D8-E7B8-6F99-F5E149B89051}" = Catalyst Control Center Localization Portuguese
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D7BE4FF6-24E1-3E12-D6D0-C76F26F31327}" = Catalyst Control Center Graphics Light
"{DFDE44B2-4E88-9B2D-75B6-945635C665DF}" = Catalyst Control Center Localization Spanish
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E634B696-8333-8216-6415-86272864894F}" = ccc-core-static
"{E78A17B7-B3E7-045B-820D-5DCE2541DEBC}" = CCC Help English
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E978DAC8-F978-B81D-0BA1-9A566A79A7A6}" = CCC Help Hungarian
"{E9A82610-AD0E-F189-1F41-95996BC15794}" = Catalyst Control Center Graphics Full Existing
"{EB36FA85-8004-D358-601C-542FE3A2A77C}" = CCC Help Dutch
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6F6B40D-6477-87E2-3899-AF53366D84D2}" = Catalyst Control Center Localization Chinese Standard
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4220_Help
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Astaro SSL VPN Client" = Astaro SSL VPN Client 1.7
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"DB-Main 9.1.4" = DB-Main 9.1.4 (remove only)
"Diablo II" = Diablo II
"DivX Setup" = DivX-Setup
"emu8086 microprocessor emulator_is1" = emu8086 microprocessor emulator
"FileZilla Client" = FileZilla Client 3.2.7.1
"Foxit Reader_is1" = Foxit Reader 5.1
"GanttProject" = GanttProject
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.4.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.8" = MiKTeX 2.8
"mIRC" = mIRC
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"QIP2005" = QIP 2005 Uninstall
"RealVNC_is1" = VNC Free Edition 4.1.3
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Shop for HP Supplies" = Shop for HP Supplies
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Vim 7.3" = Vim 7.3 (self-installing)
"VLC media player" = VLC media player 2.0.0
"VMware_Player" = VMware Player
"Wascana Desktop Developer, MinGW Edition_is1" = Wascana Desktop Developer, MinGW Edition 0.9.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"XMind" = XMind
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid Video Codec 1.3.0" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"QIP 2005" = QIP 2005 8095

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26.07.2012 13:20:51 | Computer Name = TOOL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 26.07.2012 13:23:44 | Computer Name = TOOL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 26.07.2012 13:36:10 | Computer Name = TOOL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

[ System Events ]
Error - 24.05.2012 13:44:44 | Computer Name = TOOL | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 24.05.2012 13:44:44 | Computer Name = TOOL | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 01.06.2012 11:58:54 | Computer Name = TOOL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.242.2.14 für die Netzwerkkarte mit der Netzwerkadresse
00FF098275D1 wurde durch den DHCP-Server 10.242.2.5 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 21.06.2012 06:01:28 | Computer Name = TOOL | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 21.06.2012 06:01:28 | Computer Name = TOOL | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 21.06.2012 06:01:28 | Computer Name = TOOL | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 21.06.2012 06:01:28 | Computer Name = TOOL | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 21.06.2012 06:01:46 | Computer Name = TOOL | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 21.06.2012 06:01:46 | Computer Name = TOOL | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 21.06.2012 06:19:34 | Computer Name = TOOL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.110 für die Netzwerkkarte mit der Netzwerkadresse
001F29997609 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

< End of report >

Vielen Dank und beste Grüße
schaedling

GVU Trojaner (XP, x86)

Log-Analyse und Auswertung: GVU Trojaner (XP, x86)

GVU Trojaner (XP, x86)