Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.12.2012, 20:48   #1
pc-blondie
 
GVU Trojaner - Standard

GVU Trojaner



Hallo zusammen
Vorgestern wurde mein PC vom GVU Trojaner befallen. Habe daraufhin mit Malwarebites einen Scan durchgeführt. Es wurden 3 Objekte gefunden, die ich nach dem Scan gelöscht habe. Das Internet ist nun nicht mehr gesperrt und nach nem erneuten Quick-Scan mit Malwarebites wurde nichts mehr gefunden.

Hier sind die logs von meinem PC. Habe Namen durch *** bzw. +++ ersetzt..

Muss ich nun trotzdem den PC zurücksetzen oder Windows löschen und per Installations-CD neu aufspielen oder kann ich sicher sein, dass alles schadhafte weg ist???
Zum zurücksetzen oder neu aufsetzen bräuchte ich ohnehin eine ganz genaue (!) Anleitung, kenne mich da überhaupt gar nicht aus...

Viiiiielen Dank schon im Voraus!!! Ihr macht ne ganz tolle Arbeit und helft unsereinem wunderbar aus der Patsche!! Danke dafür!!!

ExTRAS.txt:
OTL Extras logfile created on: 12.12.2012 20:20:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,06% Memory free
6,20 Gb Paging File | 4,59 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 249,41 Gb Total Space | 87,73 Gb Free Space | 35,18% Space Free | Partition Type: NTFS
Drive D: | 48,67 Gb Total Space | 38,39 Gb Free Space | 78,87% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0828B450-8C1C-4780-80EE-5B976788136D}" = rport=138 | protocol=17 | dir=out | app=system |
"{14E619F7-8D5F-40D0-A11B-2FC44BE98AA1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{24D988DB-6E98-4FEC-9557-7AFE1027E584}" = lport=445 | protocol=6 | dir=in | app=system |
"{52C2120C-9453-4F96-9B7E-A5913424A217}" = lport=138 | protocol=17 | dir=in | app=system |
"{65129090-3368-4947-AC63-D1C0268DDFEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8ED66D82-2C0B-4F2D-A71E-44F578044363}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D8B0766-5032-432A-83C7-FDB5415A4B06}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2B239D6-A4C6-442F-914C-5A181B1C6FDC}" = lport=137 | protocol=17 | dir=in | app=system |
"{A66DD65B-2236-4D26-A2AF-FC33BA7AE1B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACFC2C6E-9E99-45B5-96B1-66C24438ED40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9A46DA3-DA5E-4056-8EEB-C35ABF6B744C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FF0C505A-0051-4556-8F66-4E680C3767E1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050CAEE-1735-42DA-8246-AD63382D99D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08626C47-1C84-438C-AEC9-9A2ECA989B8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D7E4A5-5FC2-4428-AD64-A50B064337E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3B5CAC7F-FDA8-4AF8-A4FB-DAE6AAD865DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3E8393DA-47B4-4A41-9348-BC3563398E9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BFC0565-0F74-436E-AE75-8C305CC85056}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5EE2849B-6900-4E3D-810A-1A8E13EB3DEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F9632E9-2268-4E37-B42F-F9E30D5682E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{73C5342A-313E-4F25-8F9A-6321F88E75F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{79A7B017-7EA8-46B7-9ADB-6A9A3E7F7CCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{8D5752EC-7C0E-4B4D-A060-1CFB9C54E1D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A477456A-8E50-4ECA-8B19-FA606F921A2C}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{B0FBCA56-AC7A-444E-B3D5-0D1FD57DE4C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B70F497A-BD45-4456-909D-943C9CAA1485}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{C1173358-5B14-4B5F-AF70-F762B84681E6}" = dir=in | app=f:\setup\hpznui01.exe |
"{CA9E51D3-5B7F-44D9-A2DE-5F264FDFD2D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{DE891141-A634-476F-93E8-4338080D6F81}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{FEE6B06C-D00A-49C2-82B3-C9FBB507ACB5}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{1F1D126E-1A63-4B8B-A6E0-C02A4C50875D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{643AC2E8-4CEB-4953-ACFF-C84A7C693E63}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{874DEB16-800F-4FF0-BA51-E80FE015BB05}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{C2C79EC8-813E-467D-A3FA-02C3D957EA6B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{DCA8B74D-B7FC-4285-9063-96E4668590CD}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{3A360AA4-B3DA-418C-87DA-F4BCE3796ABA}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{8051B34E-9623-4B25-818C-A1510913A1A6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{93E6B7AD-BFA2-4E87-8AE6-4D42DCE631C6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CA5FD1C0-57B9-4E84-BF0D-0429DD259B82}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FBA96BE6-82EC-47BF-97EB-0125A2CF24FD}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chilirec_0" = Chilirec 1.02
"conduitEngine" = Conduit Engine
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:55:46 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:55:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:57:26 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 15:08:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel
0x4de07b1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xef4, Anwendungsstartzeit
01cdd6ed02b7adf7.

Error - 10.12.2012 15:12:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 14:55:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 15:01:48 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.12.2012 15:01:49 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 10.12.2012 11:44:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:11:29 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 10.12.2012 15:12:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:53:57 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 12.12.2012 14:55:15 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


OTL.txt:
OTL Extras logfile created on: 12.12.2012 20:20:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,06% Memory free
6,20 Gb Paging File | 4,59 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 249,41 Gb Total Space | 87,73 Gb Free Space | 35,18% Space Free | Partition Type: NTFS
Drive D: | 48,67 Gb Total Space | 38,39 Gb Free Space | 78,87% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0828B450-8C1C-4780-80EE-5B976788136D}" = rport=138 | protocol=17 | dir=out | app=system |
"{14E619F7-8D5F-40D0-A11B-2FC44BE98AA1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{24D988DB-6E98-4FEC-9557-7AFE1027E584}" = lport=445 | protocol=6 | dir=in | app=system |
"{52C2120C-9453-4F96-9B7E-A5913424A217}" = lport=138 | protocol=17 | dir=in | app=system |
"{65129090-3368-4947-AC63-D1C0268DDFEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8ED66D82-2C0B-4F2D-A71E-44F578044363}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D8B0766-5032-432A-83C7-FDB5415A4B06}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2B239D6-A4C6-442F-914C-5A181B1C6FDC}" = lport=137 | protocol=17 | dir=in | app=system |
"{A66DD65B-2236-4D26-A2AF-FC33BA7AE1B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACFC2C6E-9E99-45B5-96B1-66C24438ED40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9A46DA3-DA5E-4056-8EEB-C35ABF6B744C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FF0C505A-0051-4556-8F66-4E680C3767E1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050CAEE-1735-42DA-8246-AD63382D99D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08626C47-1C84-438C-AEC9-9A2ECA989B8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D7E4A5-5FC2-4428-AD64-A50B064337E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3B5CAC7F-FDA8-4AF8-A4FB-DAE6AAD865DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3E8393DA-47B4-4A41-9348-BC3563398E9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BFC0565-0F74-436E-AE75-8C305CC85056}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5EE2849B-6900-4E3D-810A-1A8E13EB3DEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F9632E9-2268-4E37-B42F-F9E30D5682E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{73C5342A-313E-4F25-8F9A-6321F88E75F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{79A7B017-7EA8-46B7-9ADB-6A9A3E7F7CCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{8D5752EC-7C0E-4B4D-A060-1CFB9C54E1D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A477456A-8E50-4ECA-8B19-FA606F921A2C}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{B0FBCA56-AC7A-444E-B3D5-0D1FD57DE4C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B70F497A-BD45-4456-909D-943C9CAA1485}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{C1173358-5B14-4B5F-AF70-F762B84681E6}" = dir=in | app=f:\setup\hpznui01.exe |
"{CA9E51D3-5B7F-44D9-A2DE-5F264FDFD2D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{DE891141-A634-476F-93E8-4338080D6F81}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{FEE6B06C-D00A-49C2-82B3-C9FBB507ACB5}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{1F1D126E-1A63-4B8B-A6E0-C02A4C50875D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{643AC2E8-4CEB-4953-ACFF-C84A7C693E63}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{874DEB16-800F-4FF0-BA51-E80FE015BB05}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{C2C79EC8-813E-467D-A3FA-02C3D957EA6B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{DCA8B74D-B7FC-4285-9063-96E4668590CD}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{3A360AA4-B3DA-418C-87DA-F4BCE3796ABA}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{8051B34E-9623-4B25-818C-A1510913A1A6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{93E6B7AD-BFA2-4E87-8AE6-4D42DCE631C6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CA5FD1C0-57B9-4E84-BF0D-0429DD259B82}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FBA96BE6-82EC-47BF-97EB-0125A2CF24FD}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chilirec_0" = Chilirec 1.02
"conduitEngine" = Conduit Engine
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:55:46 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:55:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:57:26 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 15:08:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel
0x4de07b1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xef4, Anwendungsstartzeit
01cdd6ed02b7adf7.

Error - 10.12.2012 15:12:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 14:55:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 15:01:48 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.12.2012 15:01:49 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 10.12.2012 11:44:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:11:29 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 10.12.2012 15:12:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:53:57 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 12.12.2012 14:55:15 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Alt 13.12.2012, 13:53   #2
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Hi
und wie sollen wir das beantworten, wenn du nur die Hälfte der Logs postest?
OTL.txt fehlt. malwarebytes log fehlt ebenso...
Wie du das MBAM log findest, steht hier:
http://www.trojaner-board.de/125889-...en-posten.html
__________________

__________________

Alt 15.12.2012, 06:56   #3
pc-blondie
 
GVU Trojaner - Standard

GVU Trojaner



Hallo nochmal

Hier ist der MALEWAREBYTES LOG N A C H Entfernung der zwei Tage vorher gefundenen Trojaner.
Leider habe ich halt mit Malewarebytes alles gefundene gelöscht und bin DANN erst auf Euch aufmerksam geworden... Die Quarantäne habe ich auch gelöscht, bevor ich mich hier angemeldet habe...

Der Avira-Log ist ganz unten gepostet. Allerdings hatte mich am 10.12.2012 der GVU-Trojaner befallen und die Dateien von Avira sind vom November - sie haben also mit dem GVU-Trojaner nichts zu tun.

Ich habe hier gelesen, dass manche Bereinigungsprogramme nur die Spuren verwischen und schadhafte Dinge trotzdem noch da sein können...

Mir als Laie ist aufgefallen, dass viele "Key errors" in den Logs (extra.log / otl.log) enthalten sind... Keine Ahnung, ob das relevant ist...



Benutzernamen sind in den Logdateien durch *** bzw. +++ ersetzt...



Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.12.10

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
*** :: ***-PC [Administrator]

Schutz: Aktiviert

12.12.2012 20:01:30
mbam-log-2012-12-12 (20-01-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220914
Laufzeit: 11 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)





MALEWAREBYTES PROTECTION LOG:
2012/12/10 16:57:27 +0100 ***-PC +++ MESSAGE Starting protection
2012/12/10 16:57:27 +0100 ***-PC +++ MESSAGE Protection started successfully
2012/12/10 16:57:27 +0100 ***-PC +++ MESSAGE Starting IP protection
2012/12/10 16:57:38 +0100 ***-PC +++ MESSAGE IP Protection started successfully
2012/12/10 16:57:48 +0100 ***-PC +++ MESSAGE Starting database refresh
2012/12/10 16:57:48 +0100 ***-PC +++ MESSAGE Stopping IP protection
2012/12/10 16:57:48 +0100 ***-PC +++ MESSAGE IP Protection stopped successfully
2012/12/10 16:57:56 +0100 ***-PC +++ MESSAGE Database refreshed successfully
2012/12/10 16:57:56 +0100 ***-PC +++ MESSAGE Starting IP protection
2012/12/10 16:58:02 +0100 ***-PC +++ MESSAGE IP Protection started successfully
2012/12/10 17:11:44 +0100 ***-PC +++ MESSAGE Executing scheduled update: Daily
2012/12/10 17:12:04 +0100 ***-PC +++ MESSAGE Starting database refresh
2012/12/10 17:12:04 +0100 ***-PC +++ MESSAGE Stopping IP protection
2012/12/10 17:12:04 +0100 ***-PC +++ MESSAGE Scheduled update executed successfully: database updated from version v2012.12.10.05 to version v2012.12.10.06
2012/12/10 17:12:04 +0100 ***-PC +++ MESSAGE IP Protection stopped successfully
2012/12/10 17:12:11 +0100 ***-PC +++ MESSAGE Database refreshed successfully
2012/12/10 17:12:11 +0100 ***-PC +++ MESSAGE Starting IP protection
2012/12/10 17:12:18 +0100 ***-PC +++ MESSAGE IP Protection started successfully
2012/12/10 17:17:33 +0100 ***-PC +++ IP-BLOCK 31.44.184.134 (Type: outgoing, Port: 49877, Process: iexplore.exe)
2012/12/10 20:11:53 +0100 ***-PC *** MESSAGE Starting protection
2012/12/10 20:11:53 +0100 ***-PC *** MESSAGE Protection started successfully
2012/12/10 20:11:53 +0100 ***-PC *** MESSAGE Starting IP protection
2012/12/10 20:11:58 +0100 ***-PC *** MESSAGE IP Protection started successfully



EREIGNIS-Datei von AVIRA:
Exportierte Ereignisse:

16.11.2012 22:02 [System Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\Local\Temp\plugtmp-4\plugin-calculations_encounters_art
icle-line.php'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Pdfjsc.aeb' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5743066b.qua'
verschoben!

16.11.2012 22:01 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\Users\***\AppData\Local\Temp\plugtmp-4\plugin-calculations_encounters_art
icle-line.php'
wurde ein Virus oder unerwünschtes Programm 'EXP/Pdfjsc.aeb' [exploit] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

16.11.2012 22:00 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\Users\***\AppData\Local\Temp\plugtmp-4\plugin-calculations_encounters_art
icle-line.php'
wurde ein Virus oder unerwünschtes Programm 'EXP/Pdfjsc.aeb' [exploit] gefunden.
Ausgeführte Aktion: Zugriff verweigern



Vielen Dank!!!!!
__________________

Alt 15.12.2012, 15:52   #4
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Waren das alle Malwarebytes logs mit Funden?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 15:28   #5
pc-blondie
 
GVU Trojaner - Standard

GVU Trojaner



Hallo

wie ich bereits geschrieben habe. Nachdem Malewarebytes 3 Funde (GVU-Trojaner) gemeldet hatte, habe ich diese mit Malewarebytes entfernt, die Quarantäne gelöscht.
ERST dann bin ich auf Eure Seite aufmerksam geworden... Und hab festgestellt, dass ich die Logdateien und die Quarantäne evtl. besser aufgehoben hätte.

Habe dann einen Quickscan gemacht und danach die Log- und Extras-Dateien hier gepostet.... Es wurde auch mit Avira nichts mehr gefunden, mit Malewarebytes auch nicht, aber ich bin mir halt nicht sicher, ob der Rechner wirklich sauber ist...

Viele Grüße


Alt 16.12.2012, 17:04   #6
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Die Logs bleiben trotzdem gespeichert, falls du die nicht auch gelöscht hast, was ja eig keinen Sinn macht .:-)
auch solltest du Quarantäne Objekte nicht löschen, bis sie, bzw die Berichte analysiert wurden, könnten ja auch Fehlerkennungen sein.
Also prüfe bitte, unter Malwarebytes, Logdateien, ob noch weitere dort sind.
Danach:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> GVU Trojaner

Antwort

Themen zu GVU Trojaner
32 bit, adobe, avira, converter, error, explorer, flash player, format, gesperrt, google, gvu trojaner - internetsperrung bereits behoben - weitere hilfe benötigt, home, iexplore.exe, install.exe, internet, launch, logfile, mozilla, neu aufsetzen, officejet, realtek, registry, rundll, scan, security, software, svchost.exe, trojaner, udp, usb 2.0, vista, windows




Zum Thema GVU Trojaner - Hallo zusammen Vorgestern wurde mein PC vom GVU Trojaner befallen. Habe daraufhin mit Malwarebites einen Scan durchgeführt. Es wurden 3 Objekte gefunden, die ich nach dem Scan gelöscht habe. Das - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.