ich habe meinen Rechner mittels der Systemwiederherstellung nache einer Infektion mit dem GUV-Trojaner unter Windows XP nun endlich wieder starten können. Gerne möchte ich dennoch meinen OTL-Log veröffentlichen und um Bewertung bitten.
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 08.11.2013 12:38:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\uwe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1021,48 Mb Total Physical Memory | 524,71 Mb Available Physical Memory | 51,37% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,95 Gb Total Space | 0,21 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive D: | 27,95 Gb Total Space | 3,06 Gb Free Space | 10,96% Space Free | Partition Type: NTFS
Drive F: | 3,76 Gb Total Space | 0,21 Gb Free Space | 5,48% Space Free | Partition Type: FAT32
Computer Name: SONY-VAIO | User Name: uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\uwe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Programme\NewSoft\Presto! PVR\URemote.exe (NewSoft)
PRC - C:\Programme\NewSoft\Presto! PVR\Monitor.exe (NewSoft)
PRC - C:\Programme\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
PRC - C:\Programme\Sharp\Sharpdesk\Indexer.exe (SHARP CORPORATION)
PRC - C:\Programme\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Sharp\Button Manager I\btnman.exe (SHARP CORPORATION)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Programme\Trend Micro\Internet Security\tmproxy.exe (Trend Micro Incorporated.)
PRC - C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe (Trend Micro Incorporated.)
PRC - C:\Programme\Trend Micro\Internet Security\PCCPFW.exe (Trend Micro Incorporated.)
PRC - C:\Programme\Trend Micro\Internet Security\pccguide.exe (Trend Micro Incorporated.)
PRC - C:\Programme\Trend Micro\Internet Security\PCClient.exe (Trend Micro Incorporated.)
PRC - C:\Programme\Trend Micro\Internet Security\TMOAgent.exe (Trend Micro Incorporated.)
PRC - C:\Programme\powerpanel\Program\PcfMgr.exe (Phoenix Technologies Ltd.)
PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
PRC - C:\Programme\sony\HotKey Utility\HKWnd.exe (Sony Corporation)
PRC - C:\Programme\sony\HotKey Utility\HKServ.exe (Sony Corporation)
PRC - C:\Programme\sony\photo server\appsrv\PhotoAppSrv.exe (Sony Corporation)
PRC - C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe ()
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\PL15Co2K.exe (Prolific Technology Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\stacmon.exe ()
PRC - C:\Programme\sony\vaio media music server\SSSvr.exe (Sony Corporation)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Programme\Borland\InterBase\bin\ibguard.exe (Inprise Corporation)
PRC - C:\Programme\Borland\InterBase\bin\ibserver.exe (Inprise Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()
MOD - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\TrackUtils.dll ()
MOD - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\CoreDll.dll ()
MOD - C:\Programme\Logitech\SetPoint\gamehook.dll ()
MOD - C:\Programme\Trend Micro\Internet Security\TmpeUrlF.dll ()
MOD - C:\Programme\Trend Micro\Internet Security\TmpeAspm.dll ()
MOD - C:\Programme\Trend Micro\Internet Security\tmdbg.dll ()
MOD - C:\Programme\drag'n drop cd+dvd\BinFiles\DDCDRES.dll ()
MOD - C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe ()
MOD - C:\Programme\sony\vaio media music server\SSSvrRes.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\SigmaTel\C-Major Audio\stacmon.exe ()
MOD - C:\Programme\powerpanel\Program\bsntsbs.dll ()
MOD - C:\Programme\powerpanel\Program\Bsacpicm.dll ()
MOD - C:\Programme\powerpanel\Program\PMOptionMsg.dll ()
MOD - C:\Programme\drag'n drop cd+dvd\BinFiles\ezID3.dll ()
MOD - C:\Programme\drag'n drop cd+dvd\BinFiles\ezLICEN1.dll ()
========== Services (SafeList) ==========
SRV - (VAIOMediaPlatform-PhotoServer-UPnP) -- C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe File not found
SRV - (VAIOMediaPlatform-PhotoServer-HTTP) -- C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot=Software\Sony Corporation\VAIO Media Platform\2.0 /RegExt=\Applications\PhotoServer\HTTP File not found
SRV - (VAIOMediaPlatform-MusicServer-UPnP) -- C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe File not found
SRV - (VAIOMediaPlatform-MusicServer-HTTP) -- C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot=Software\Sony Corporation\VAIO Media Platform\2.0 /RegExt=Applications\MusicServer\HTTP File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (TSMService) -- C:\Programme\TSMSvc.exe (T-Systems Nova, Berkom)
SRV - (tmproxy) -- C:\Programme\Trend Micro\Internet Security\tmproxy.exe (Trend Micro Incorporated.)
SRV - (Tmntsrv) -- C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe (Trend Micro Incorporated.)
SRV - (PccPfw) -- C:\Programme\Trend Micro\Internet Security\PCCPFW.exe (Trend Micro Incorporated.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Programme\sony\photo server\appsrv\PhotoAppSrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Programme\sony\vaio media music server\SSSvr.exe (Sony Corporation)
SRV - (InterBaseGuardian) -- C:\Programme\Borland\InterBase\bin\ibguard.exe (Inprise Corporation)
SRV - (InterBaseServer) -- C:\Programme\Borland\InterBase\bin\ibserver.exe (Inprise Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (SYMIDSCO) -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS File not found
DRV - (RTLWUSB) -- System32\DRIVERS\wg111v2.sys File not found
DRV - (PONDIS5) -- C:\WINDOWS\System32\PONDIS5.SYS File not found
DRV - (PfModNT) -- C:\WINDOWS\System32\PfModNT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCMCIAFVNETR) -- System32\DRIVERS\fvnetr.sys File not found
DRV - (PCIDump) -- File not found
DRV - (M9207) -- System32\DRIVERS\M9207BDA.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (BOVOLUME) -- C:\PROGRA~1\T-DSLB~1\BOVOLUME.SYS File not found
DRV - (BOProtocol) -- File not found
DRV - (BCM43XX) -- System32\DRIVERS\bcmwl5.sys File not found
DRV - (Atndav6dpetr) -- File not found
DRV - (ATMEL FVNETusb (AR) -- System32\DRIVERS\vnetusbr.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\ar5416.sys (Atheros Communications, Inc.)
DRV - (TDDIWAN) -- C:\WINDOWS\system32\drivers\WTDDI.sys (T-Systems Nova GmbH)
DRV - (CBPSp50) -- C:\WINDOWS\system32\drivers\CBPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (tm_cfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LUsbKbd) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (Vsapint) -- C:\WINDOWS\system32\drivers\VSAPINT.SYS (Trend Micro Inc.)
DRV - (Tmfilter) -- C:\WINDOWS\system32\drivers\TmXPFlt.sys (Trend Micro Inc.)
DRV - (Tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (BOAdapter) -- C:\WINDOWS\system32\drivers\BOPPPoE.sys (T-Systems Nova GmbH, Berkom Berlin)
DRV - (TNPacket) -- C:\Programme\TNPACKET.SYS (T-Systems Nova GmbH)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (PFMPR5) -- C:\WINDOWS\system32\PFMPR5.sys (Perfigo, Inc.)
DRV - (PFNDIS5) -- C:\WINDOWS\system32\PFNDIS5.sys (Perfigo, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWSIS) -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys (Conexant Systems, Inc.)
DRV - (LEX_AS_NIC_SERVICE_YNOS) -- C:\WINDOWS\system32\drivers\ExpasAG.sys (Atheros Communications, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (PCANDIS5) -- C:\Programme\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (OlCamudp) -- C:\WINDOWS\system32\drivers\olcamudp.sys (OLYMPUS Optical Co.,Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Programme\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Programme\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Programme\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
[2013.02.04 17:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\uwe\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\uwe\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.04 17:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
O1 HOSTS File: ([2002.08.29 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {28783B66-DBC1-4900-8492-C809ABAEE7AA} - C:\WINDOWS\System32\lhgl.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe File not found
O4 - HKLM..\Run: [ChangeFilterMerit] C:\Programme\NewSoft\Presto! PVR\ChangeFilterMerit.exe ()
O4 - HKLM..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe ()
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HI-SPEED USB DEVICE Coinstaller] C:\WINDOWS\System32\PL15Co2K.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [HKSERV.EXE] C:\Programme\sony\HotKey Utility\HKServ.exe (Sony Corporation)
O4 - HKLM..\Run: [Indexer] C:\Programme\Sharp\Sharpdesk\Indexer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray] C:\Programme\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pccguide.exe] C:\Programme\Trend Micro\Internet Security\pccguide.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [PCClient.exe] C:\Programme\Trend Micro\Internet Security\PCClient.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [Presto! PVR Monitor] C:\Programme\NewSoft\Presto! PVR\Monitor.exe (NewSoft)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe File not found
O4 - HKLM..\Run: [SharpTray] C:\Programme\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\C-Major Audio\stacmon.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TM Outbreak Agent] C:\Programme\Trend Micro\Internet Security\TMOAgent.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME\TomTomHOME.exe" -s File not found
O4 - HKLM..\Run: [TypeRegChecker] C:\Programme\Sharp\Sharpdesk\TypeRegChecker.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [URemote] C:\Programme\NewSoft\Presto! PVR\URemote.exe (NewSoft)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Button Manager I.lnk = C:\Programme\Sharp\Button Manager I\btnman.exe (SHARP CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PowerPanel.lnk = C:\Programme\powerpanel\Program\PcfMgr.exe (Phoenix Technologies Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range19 ([*] in Local intranet)
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} file:///E:/CDVIEWER11/CdViewer.cab (AMI DicomDir TreeView Control 1.1)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} Reg Error: Value error. (dnlplayer Class)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0653EB37-7D15-4DF6-A1A4-A6A63512F3BA}: NameServer = 195.185.185.195,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71E0B8C6-7AFD-4E67-ACCE-A9E1573B95ED}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Programme\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Filter\text/html {498A12C9-A9CD-4676-9D2B-0DC9A26CF1BB} - C:\WINDOWS\System32\lhgl.dll File not found
O18 - Protocol\Filter\text/plain {498A12C9-A9CD-4676-9D2B-0DC9A26CF1BB} - C:\WINDOWS\System32\lhgl.dll File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About========== Files/Folders - Created Within 30 Days ==========
[2013.11.08 12:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\uwe\Desktop\OTL.exe
[2013.11.08 12:24:53 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013.11.08 12:24:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.11.08 12:24:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware
[2013.11.08 12:24:24 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.11.08 12:24:24 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.11.08 12:24:24 | 000,000,000 | ---D | C] -- C:\Programme\ Malwarebytes Anti-Malware
[2013.11.08 12:24:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.11.08 11:55:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.06.08 13:24:44 | 049,466,264 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdbeRdr1001_de_DE.exe
[2004.07.19 10:04:14 | 000,139,264 | ---- | C] (T-Systems Nova GmbH) -- C:\Programme\DSLTest3.dll
[2004.07.15 09:50:12 | 000,872,448 | ---- | C] (T-Systems Nova GmbH) -- C:\Programme\TDSLTest.exe
[2004.07.14 15:13:40 | 000,090,112 | ---- | C] (T-Systems Nova GmbH) -- C:\Programme\TSMInst.exe
[2004.07.14 15:01:12 | 000,397,312 | ---- | C] (T-Systems Nova, Berkom) -- C:\Programme\SpeedMgr.exe
[2004.07.14 15:00:44 | 000,147,456 | ---- | C] (T-Systems Nova, Berkom) -- C:\Programme\TSMSvc.exe
[2004.07.14 15:00:28 | 000,364,544 | ---- | C] (T-Systems Nova, Berkom) -- C:\Programme\TSM.dll
[2004.03.11 16:44:26 | 000,009,696 | ---- | C] (T-Systems Nova GmbH) -- C:\Programme\TNPACKET.SYS
[2003.09.25 13:40:34 | 000,241,664 | ---- | C] (T-Systems Nova) -- C:\Programme\TSMDBand.dll
[2001.03.15 18:55:26 | 000,040,960 | ---- | C] (T-Systems, T-Nova Deutsche Telekom Innovationsgesellschaft mbH, Berkom Berlin) -- C:\Programme\DSLTest.dll
[2000.10.15 17:38:54 | 000,016,068 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Programme\PCANDIS5.SYS
[2000.10.15 17:22:30 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Programme\W32N50.DLL
[2000.10.15 14:44:34 | 000,016,048 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Programme\PCANDIS4.SYS
[40 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.07.19 17:50:20 | 143,880,056 | ---- | M] () -- C:\Dokumente und Einstellungen\uwe\Desktop\avira_free_antivirus_de_464.exe
[2014.07.19 17:47:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\uwe\Desktop\OTL.exe
[2014.05.12 07:26:02 | 000,053,208 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014.05.12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.11.08 12:44:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2013.11.08 12:41:22 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.08 12:24:54 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013.11.08 12:24:31 | 000,000,753 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.11.08 12:01:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.08 12:01:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.11.08 12:01:12 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.11.08 11:33:17 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0429835.pad
[2013.11.08 11:04:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[40 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.11.08 12:30:51 | 143,880,056 | ---- | C] () -- C:\Dokumente und Einstellungen\uwe\Desktop\avira_free_antivirus_de_464.exe
[2013.11.08 12:24:31 | 000,000,753 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.15 22:29:51 | 000,002,747 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0429835.js
[2013.02.15 22:29:25 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0429835.pad
[2012.06.21 13:59:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.12 20:58:04 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.09.03 12:28:03 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\uwe\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.07.19 11:25:16 | 000,006,216 | ---- | C] () -- C:\Programme\TDSLSM.INF
[2003.10.09 23:20:27 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\uwe\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.07.08 14:06:40 | 000,005,408 | ---- | C] () -- C:\Programme\ReConfig.dll
[2002.03.13 14:32:08 | 000,000,896 | ---- | C] () -- C:\Programme\TDSLCh16.dll
[2001.01.26 13:43:20 | 000,002,144 | ---- | C] () -- C:\Programme\PCIDUMPR.SYS
========== ZeroAccess Check ==========
[2004.09.03 11:13:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
19.07.2014, 17:25
Baum-Darstellung