GVU Trojaner

pc-blondie · 12.12.2012, 20:48

Hallo zusammen
Vorgestern wurde mein PC vom GVU Trojaner befallen. Habe daraufhin mit Malwarebites einen Scan durchgeführt. Es wurden 3 Objekte gefunden, die ich nach dem Scan gelöscht habe. Das Internet ist nun nicht mehr gesperrt und nach nem erneuten Quick-Scan mit Malwarebites wurde nichts mehr gefunden.

Hier sind die logs von meinem PC. Habe Namen durch *** bzw. +++ ersetzt..

Muss ich nun trotzdem den PC zurücksetzen oder Windows löschen und per Installations-CD neu aufspielen oder kann ich sicher sein, dass alles schadhafte weg ist???
Zum zurücksetzen oder neu aufsetzen bräuchte ich ohnehin eine ganz genaue (!) Anleitung, kenne mich da überhaupt gar nicht aus...

Viiiiielen Dank schon im Voraus!!! Ihr macht ne ganz tolle Arbeit und helft unsereinem wunderbar aus der Patsche!! Danke dafür!!!

ExTRAS.txt:
OTL Extras logfile created on: 12.12.2012 20:20:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,06% Memory free
6,20 Gb Paging File | 4,59 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 249,41 Gb Total Space | 87,73 Gb Free Space | 35,18% Space Free | Partition Type: NTFS
Drive D: | 48,67 Gb Total Space | 38,39 Gb Free Space | 78,87% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0828B450-8C1C-4780-80EE-5B976788136D}" = rport=138 | protocol=17 | dir=out | app=system |
"{14E619F7-8D5F-40D0-A11B-2FC44BE98AA1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{24D988DB-6E98-4FEC-9557-7AFE1027E584}" = lport=445 | protocol=6 | dir=in | app=system |
"{52C2120C-9453-4F96-9B7E-A5913424A217}" = lport=138 | protocol=17 | dir=in | app=system |
"{65129090-3368-4947-AC63-D1C0268DDFEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8ED66D82-2C0B-4F2D-A71E-44F578044363}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D8B0766-5032-432A-83C7-FDB5415A4B06}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2B239D6-A4C6-442F-914C-5A181B1C6FDC}" = lport=137 | protocol=17 | dir=in | app=system |
"{A66DD65B-2236-4D26-A2AF-FC33BA7AE1B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACFC2C6E-9E99-45B5-96B1-66C24438ED40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9A46DA3-DA5E-4056-8EEB-C35ABF6B744C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FF0C505A-0051-4556-8F66-4E680C3767E1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050CAEE-1735-42DA-8246-AD63382D99D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08626C47-1C84-438C-AEC9-9A2ECA989B8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D7E4A5-5FC2-4428-AD64-A50B064337E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3B5CAC7F-FDA8-4AF8-A4FB-DAE6AAD865DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3E8393DA-47B4-4A41-9348-BC3563398E9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BFC0565-0F74-436E-AE75-8C305CC85056}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5EE2849B-6900-4E3D-810A-1A8E13EB3DEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F9632E9-2268-4E37-B42F-F9E30D5682E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{73C5342A-313E-4F25-8F9A-6321F88E75F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{79A7B017-7EA8-46B7-9ADB-6A9A3E7F7CCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{8D5752EC-7C0E-4B4D-A060-1CFB9C54E1D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A477456A-8E50-4ECA-8B19-FA606F921A2C}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{B0FBCA56-AC7A-444E-B3D5-0D1FD57DE4C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B70F497A-BD45-4456-909D-943C9CAA1485}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{C1173358-5B14-4B5F-AF70-F762B84681E6}" = dir=in | app=f:\setup\hpznui01.exe |
"{CA9E51D3-5B7F-44D9-A2DE-5F264FDFD2D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{DE891141-A634-476F-93E8-4338080D6F81}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{FEE6B06C-D00A-49C2-82B3-C9FBB507ACB5}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{1F1D126E-1A63-4B8B-A6E0-C02A4C50875D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{643AC2E8-4CEB-4953-ACFF-C84A7C693E63}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{874DEB16-800F-4FF0-BA51-E80FE015BB05}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{C2C79EC8-813E-467D-A3FA-02C3D957EA6B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{DCA8B74D-B7FC-4285-9063-96E4668590CD}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{3A360AA4-B3DA-418C-87DA-F4BCE3796ABA}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{8051B34E-9623-4B25-818C-A1510913A1A6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{93E6B7AD-BFA2-4E87-8AE6-4D42DCE631C6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CA5FD1C0-57B9-4E84-BF0D-0429DD259B82}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FBA96BE6-82EC-47BF-97EB-0125A2CF24FD}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chilirec_0" = Chilirec 1.02
"conduitEngine" = Conduit Engine
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:55:46 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:55:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:57:26 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 15:08:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel
0x4de07b1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xef4, Anwendungsstartzeit
01cdd6ed02b7adf7.

Error - 10.12.2012 15:12:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 14:55:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 15:01:48 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.12.2012 15:01:49 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 10.12.2012 11:44:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:11:29 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 10.12.2012 15:12:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:53:57 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 12.12.2012 14:55:15 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

OTL.txt:
OTL Extras logfile created on: 12.12.2012 20:20:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,06% Memory free
6,20 Gb Paging File | 4,59 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 249,41 Gb Total Space | 87,73 Gb Free Space | 35,18% Space Free | Partition Type: NTFS
Drive D: | 48,67 Gb Total Space | 38,39 Gb Free Space | 78,87% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0828B450-8C1C-4780-80EE-5B976788136D}" = rport=138 | protocol=17 | dir=out | app=system |
"{14E619F7-8D5F-40D0-A11B-2FC44BE98AA1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{24D988DB-6E98-4FEC-9557-7AFE1027E584}" = lport=445 | protocol=6 | dir=in | app=system |
"{52C2120C-9453-4F96-9B7E-A5913424A217}" = lport=138 | protocol=17 | dir=in | app=system |
"{65129090-3368-4947-AC63-D1C0268DDFEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8ED66D82-2C0B-4F2D-A71E-44F578044363}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D8B0766-5032-432A-83C7-FDB5415A4B06}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2B239D6-A4C6-442F-914C-5A181B1C6FDC}" = lport=137 | protocol=17 | dir=in | app=system |
"{A66DD65B-2236-4D26-A2AF-FC33BA7AE1B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACFC2C6E-9E99-45B5-96B1-66C24438ED40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9A46DA3-DA5E-4056-8EEB-C35ABF6B744C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FF0C505A-0051-4556-8F66-4E680C3767E1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050CAEE-1735-42DA-8246-AD63382D99D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08626C47-1C84-438C-AEC9-9A2ECA989B8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D7E4A5-5FC2-4428-AD64-A50B064337E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3B5CAC7F-FDA8-4AF8-A4FB-DAE6AAD865DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3E8393DA-47B4-4A41-9348-BC3563398E9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BFC0565-0F74-436E-AE75-8C305CC85056}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5EE2849B-6900-4E3D-810A-1A8E13EB3DEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F9632E9-2268-4E37-B42F-F9E30D5682E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{73C5342A-313E-4F25-8F9A-6321F88E75F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{79A7B017-7EA8-46B7-9ADB-6A9A3E7F7CCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{8D5752EC-7C0E-4B4D-A060-1CFB9C54E1D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A477456A-8E50-4ECA-8B19-FA606F921A2C}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{B0FBCA56-AC7A-444E-B3D5-0D1FD57DE4C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B70F497A-BD45-4456-909D-943C9CAA1485}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{C1173358-5B14-4B5F-AF70-F762B84681E6}" = dir=in | app=f:\setup\hpznui01.exe |
"{CA9E51D3-5B7F-44D9-A2DE-5F264FDFD2D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{DE891141-A634-476F-93E8-4338080D6F81}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{FEE6B06C-D00A-49C2-82B3-C9FBB507ACB5}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{1F1D126E-1A63-4B8B-A6E0-C02A4C50875D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{643AC2E8-4CEB-4953-ACFF-C84A7C693E63}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{874DEB16-800F-4FF0-BA51-E80FE015BB05}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{C2C79EC8-813E-467D-A3FA-02C3D957EA6B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{DCA8B74D-B7FC-4285-9063-96E4668590CD}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{3A360AA4-B3DA-418C-87DA-F4BCE3796ABA}C:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\qqbp5ke2.d3p\z0loada0.cvx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{8051B34E-9623-4B25-818C-A1510913A1A6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{93E6B7AD-BFA2-4E87-8AE6-4D42DCE631C6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CA5FD1C0-57B9-4E84-BF0D-0429DD259B82}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FBA96BE6-82EC-47BF-97EB-0125A2CF24FD}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chilirec_0" = Chilirec 1.02
"conduitEngine" = Conduit Engine
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-440411581-3926474679-3681921900-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:54:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10.12.2012 11:55:46 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:55:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 11:57:26 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.12.2012 15:08:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel
0x4de07b1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xef4, Anwendungsstartzeit
01cdd6ed02b7adf7.

Error - 10.12.2012 15:12:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 14:55:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 15:01:48 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.12.2012 15:01:49 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 10.12.2012 11:44:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:11:29 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 10.12.2012 15:12:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10.12.2012 15:13:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:53:57 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 12.12.2012 14:55:15 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12.12.2012 14:55:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

GVU Trojaner

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

GVU Trojaner