| |
| |||||||
Log-Analyse und Auswertung: fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.03.2013, 01:55
| #1 |
| |  fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr Hallo erstmal, und ein dickes dankeschön an alle, die sich die Mühe machen sich durch mein Problem zu forsten. Seit einiger Zeit kommt (manchmal) bei Google statt eines Suchergebnisses ein Captcha, da mein traffic wohl verdächtig ist. Nach Eingabe des Captchas bekomme ich zwar meine Suchergebnisse, aber die vermeintliche Schadsoftware dürfte dann wohl genauso unbehelligt weiter machen wie ich - alle scans, die ich daraufhin durchgeführt habe, waren ohne Befund: MS Essentials, Avira, McAffee Stinger. Genervt von einem erneuten Captcha, brachte ein Blick auf meinen Router gestern (NAT Active Sessions Table) dann so etwas zu Tage (beispielsweise, wechselt ständig): Code:
ATTFilter Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50225 29006 89.1.11.151 443 3 3
oder
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50225 29006 89.1.11.151 443 3 3
192.168.1.50 50371 847 173.194.69.101 80 3 6
192.168.1.50 50373 1359 173.194.69.100 80 3 6
192.168.1.50 50375 1871 173.194.69.102 80 3 6
192.168.1.50 50377 2383 173.194.69.139 80 3 6
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50641 4428 173.194.69.113 80 3 6
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50225 29006 89.1.11.151 443 3 3
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50759 34636 173.194.69.155 80 3 6
192.168.1.50 50771 37708 173.194.69.102 80 3 6
192.168.1.50 50781 40268 85.13.130.30 80 3 6
192.168.1.50 50783 40780 85.13.130.30 80 3 6
192.168.1.50 50225 29006 89.1.11.151 443 3 3
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50953 18765 173.194.69.103 443 3 6
192.168.1.50 50959 20301 173.194.69.94 443 3 6
192.168.1.50 50961 20813 173.194.69.94 443 3 6
192.168.1.50 50962 21069 173.194.69.120 443 3 6
192.168.1.50 50225 29006 89.1.11.151 443 3 3
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50225 29006 89.1.11.151 443 3 3
192.168.1.50 51394 591 173.194.69.113 80 3 6
192.168.1.50 51402 2639 173.194.69.113 80 3 3
192.168.1.50 51438 11855 85.13.130.30 80 3 3
192.168.1.50 51448 14415 173.194.69.156 80 3 6
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50225 29006 89.1.11.151 443 3 3
192.168.1.50 51605 54607 173.194.69.99 443 3 6
192.168.1.50 51607 55119 173.194.69.94 443 3 6
192.168.1.50 51608 55375 173.194.69.120 443 3 6
192.168.1.50 51624 59471 173.194.69.94 80 3 6
192.168.1.50 51632 61519 23.43.116.211 80 3 6
192.168.1.50 51640 63567 23.43.118.41 80 3 6
192.168.1.50 51642 64079 23.43.118.41 80 3 6
192.168.1.50 51644 64591 23.43.118.41 80 3 6
192.168.1.50 51646 65103 23.43.118.41 80 3 6
192.168.1.50 51648 84 23.43.118.41 80 3 6
192.168.1.50 51650 596 23.43.118.41 80 3 6
192.168.1.50 51652 1108 23.43.118.41 80 3 6
192.168.1.50 51654 1620 23.43.118.41 80 3 6
192.168.1.50 51656 2132 23.43.118.41 80 3 6
192.168.1.50 51658 2644 23.43.118.41 80 3 6
192.168.1.50 51660 3156 23.43.118.41 80 3 6
192.168.1.50 51662 3668 23.43.118.41 80 3 6
192.168.1.50 51664 4180 23.43.118.41 80 3 6
192.168.1.50 51666 4692 23.43.118.41 80 3 6
192.168.1.50 51668 5204 23.43.118.41 80 3 6
192.168.1.50 51670 5716 23.43.118.41 80 3 6
192.168.1.50 51676 7252 23.43.118.41 80 3 6
192.168.1.50 51678 7764 23.43.118.41 80 3 6
192.168.1.50 51680 8276 23.43.118.41 80 3 6
192.168.1.50 51682 8788 23.43.118.41 80 3 6
192.168.1.50 51684 9300 23.43.118.41 80 3 6
192.168.1.50 51686 9812 85.13.130.30 80 3 2
192.168.1.50 51688 10324 173.194.69.95 80 3 6
192.168.1.50 51690 10836 173.194.69.95 80 3 6
192.168.1.50 51692 11348 85.13.130.30 80 3 2
192.168.1.50 51694 11860 85.13.130.30 80 3 6
192.168.1.50 51696 12372 173.194.69.156 80 3 6
192.168.1.50 51698 12884 85.13.130.30 80 3 6
192.168.1.50 51700 13396 85.13.130.30 80 3 6
192.168.1.50 51702 13908 85.13.130.30 80 3 6
192.168.1.50 51708 15444 50.19.254.195 80 3 4
Außerdem hängt sich mein Router (nur nachts!) regelmäßig einmalig auf und erkennt keinerlei Signale mehr, soll heißen die ADSL Spectrum Analyse (ein Menüpunkt im Vigor) zeigt statt grüner Balken nur noch schwarz - interpretieren kann ich die Anzeige (BIN-bits/Gain/SNR) nicht. Ohne Kaltstart des Routers kommt aber kein internet mehr an. Da ich den traffic äußerst suspekt fand, wollte ich generell alle ssh-Verbindungen über die Firewall-Einstellungen des Routers blocken, um mich um den Rechner zu kümmern, ohne dass mir irgendwer/was dazwischen funkt. Nachdem ich meinte erfolgreich die Regeln eingepflegt zu haben (sie wurden angezeigt und ich war gerade dabei zu überprüfen, dass ich mein externes Email-Postfach nicht mehr erreichen kann), wurden die Default-Call-Filter gelöscht! Die Data-Filter, die ich gerade aufgesetzt hatte, waren deaktiviert! Kurz entschlossen (eher panisch) habe ich meinen Rechner mit der recovery-partition neu installiert (dem Router hatte ich bereits ohne bestehende Internet-Verbindung ein neues Kennwort verpasst) - aber ich hatte sofort wieder aktive sessions. Eine IP die eindeutig barclaycards zuzuordnen ist taucht seitdem nicht mehr auf. Auch ist die Liste der Verbindungen deutlich kleiner geworden. Non-TCP Verbindungen habe ich seitdem auch nicht mehr beobachtet. Weder die Windows Essentials noch Avira haben jemals Alarm geschlagen und waren immer hoch-aktuell, genauso wie Firefox, Adobes Flash, deren Reader und Oracles Java, womit ich dachte die gröbsten Einfallstore dicht zu haben. Der Task-Manager zeigt Prozesse ohne User/Beschreibung und teilweise doppelt an:
Malwarebytes hatte Rogue.ControlCenter erkannt (den ich sehr wahrscheinlich ursprünglich über den PDF-Creator von chip-online reingewürgt bekam). Auch nach dem recovery gerade, pures Windows im Auslieferungszustand ohne jede weitere Installation, war Rogue sofort wieder drauf. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.02.12 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Hildebrandt :: Acon [Administrator] Schutz: Aktiviert 02.03.2013 22:19:24 MBAM-log-2013-03-02 (22-27-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195339 Laufzeit: 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Public\Desktop\Control Center.lnk (Rogue.ControlCenter) -> Keine Aktion durchgeführt. (Ende) --- Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.02.12 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Hildebrandt :: Acon [Administrator] Schutz: Aktiviert 02.03.2013 22:19:24 mbam-log-2013-03-02 (22-19-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195339 Laufzeit: 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Public\Desktop\Control Center.lnk (Rogue.ControlCenter) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OldTimer laufen lassen: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2013 22:45:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hildebrandt\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,14% Memory free 5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 880,99 Gb Free Space | 97,84% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe PRC - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2013.03.02 22:17:05 | 000,304,464 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuard.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe PRC - [2009.12.29 18:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.07.01 18:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009.06.18 09:34:14 | 000,099,664 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll MOD - [2009.04.06 11:33:14 | 000,061,952 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll MOD - [2009.04.06 11:33:08 | 000,380,928 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\libxml2.dll ========== Services (SafeList) ========== SRV - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BgLiveSvc) SRV - [2013.03.02 22:17:05 | 000,079,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BgMainSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv) SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.16 13:20:18 | 000,087,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll -- (BsMailProxy) SRV - [2009.04.06 11:32:54 | 000,132,432 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.12.22 13:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.12.16 10:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.03 11:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.13 13:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.07.01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.01.23 14:48:56 | 000,055,504 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy) DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = {AE9E4319-3461-420B-A361-7E84A055E257} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AE9E4319-3461-420B-A361-7E84A055E257}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.01.08 11:06:16 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.02 22:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.02 22:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hildebrandt\AppData\Roaming\mozilla\Extensions [2013.03.02 22:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92769A46-3929-47A2-B76D-CCF55D949C5B}: DhcpNameServer = 10.41.20.10 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 22:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Malwarebytes [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.02 22:17:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.02 22:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.02 22:17:14 | 000,087,376 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Programs [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Mozilla [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Mozilla [2013.03.02 22:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.02 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Macromedia [2013.03.02 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Adobe [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Broadcom [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\Documents\Bluetooth-Exchange-Ordner [2013.03.02 21:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard [2013.03.02 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Power2Go [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Searches [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.02 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Identities [2013.03.02 21:56:48 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Contacts [2013.03.02 21:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.02 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\VirtualStore [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Vorlagen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Verlauf [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Temporary Internet Files [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Startmenü [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\SendTo [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Recent [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Netzwerkumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Lokale Einstellungen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Videos [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Musik [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Eigene Dateien [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Bilder [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Druckumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Cookies [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Anwendungsdaten [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Anwendungsdaten [2013.03.02 21:56:24 | 000,000,000 | --SD | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Videos [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Saved Games [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Pictures [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Music [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Links [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Favorites [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Downloads [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Documents [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Desktop [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.02 21:56:24 | 000,000,000 | -H-D | C] -- C:\Users\Hildebrandt\AppData [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Temp [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Microsoft [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Media Center Programs [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.02 21:56:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:43:00 | 000,000,000 | ---- | M] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:41:34 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 22:41:34 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 22:38:51 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.02 22:38:51 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.02 22:38:51 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.02 22:38:51 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.02 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 22:31:37 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 22:17:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:17:14 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:55:11 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2013.03.02 22:43:00 | 000,000,000 | ---- | C] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:17:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:56:58 | 000,001,417 | ---- | C] () -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.02 21:16:59 | 2414,432,256 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.02 21:57:13 | 000,000,000 | ---D | M] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.03.2013 22:45:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hildebrandt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,14% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 880,99 Gb Free Space | 97,84% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45F5358D-58AD-4E2F-8A9C-A3E2599D82DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{58497DDA-AE32-45D0-BD11-BA8BD7BBF700}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E82D9F-40B5-4D10-BB8C-562A0C754137}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{16B68B53-0307-49A8-8ADE-6A7B014C411E}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{3FAAF35C-AA05-48D9-8079-48A42DCEBBCF}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{41451582-CF6B-4D01-847B-1C40EE851168}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe |
"{4219C811-AF72-4F2D-BCAF-75817A92F588}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe |
"{5E533F78-0E51-4D4A-A69D-0930EBF1B77D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{69801E10-B0C6-4BA5-B187-3FA83EA23831}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe |
"{7230ADDB-FE58-4D7F-B50E-B8DA28F17FAA}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{76CCB166-4C34-4395-81FD-E244C9262695}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{89CADAE9-2679-41F1-8C78-C912481E1BE9}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{9112CBE4-20CF-42B8-875B-F6451B5D4E3D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{ACA53645-D65A-402A-8C62-3AECCC229810}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BDED4097-A2EC-41B9-BC6F-F2935633644C}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{C27AB3D2-CB54-4569-B2FC-F5C817CA6297}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D24DDF98-7CBD-4590-9952-F2B398E89AB4}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe |
"{E6FCF82F-3281-400E-80BF-C04E4303D9A6}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{EA510B3E-6A62-4367-8F70-8FA807D5A5C6}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"BullGuard" = BullGuard 8.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2013 17:07:51 | Computer Name = Acon | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.03.2013 17:32:16 | Computer Name = Acon | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 02.03.2013 16:18:58 | Computer Name = WIN-L8H6EQD96SM | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard File Scan Service" wurde nicht richtig gestartet.
Error - 02.03.2013 16:19:00 | Computer Name = WIN-L8H6EQD96SM | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard Email Monitoring Service" wurde nicht richtig
gestartet.
Error - 02.03.2013 16:56:00 | Computer Name = Acon | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard File Scan Service" wurde nicht richtig gestartet.
Error - 02.03.2013 16:56:02 | Computer Name = Acon | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard Email Monitoring Service" wurde nicht richtig
gestartet.
< End of report >
Gmer Beim Start hatte mich gleich die erste Zeile verwundert: device\harddisk0\DR0 unknown MBR code ... kurz danach kam ein blue screen: irqnotless ... aber das Speicherabbild war schneller erstellt wie ich lesen konnte. Nach dem erzwungenen Neustart GMER nochmal ausgeführt [CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-02 23:07:04
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\HILDEB~1\AppData\Local\Temp\fgldrpog.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83058579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs BdFileSpy.sys (BullGuard File Monitor (x86)/BullGuard Ltd.)
Device \Driver\BTHUSB \Device\00000093 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000093 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000095 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000095 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BsFileScan\Statistics@UiTotalScans 7666
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6003335
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60bb8b2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6003335 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60bb8b2 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Habe dann nochmal OTL laufen lassen, aber scan statt quick-scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2013 23:37:27 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hildebrandt\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,36% Memory free 5,99 Gb Paging File | 4,62 Gb Available in Paging File | 77,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 880,54 Gb Free Space | 97,79% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe PRC - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe PRC - [2009.12.29 18:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.07.01 18:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BgLiveSvc) SRV - [2013.03.02 22:17:05 | 000,079,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BgMainSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv) SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.16 13:20:18 | 000,087,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll -- (BsMailProxy) SRV - [2009.04.06 11:32:54 | 000,132,432 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\HILDEB~1\AppData\Local\Temp\fgldrpog.sys -- (fgldrpog) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.12.22 13:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.12.16 10:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.03 11:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.13 13:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.07.01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.01.23 14:48:56 | 000,055,504 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy) DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = {AE9E4319-3461-420B-A361-7E84A055E257} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AE9E4319-3461-420B-A361-7E84A055E257}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.01.08 11:06:16 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.02 22:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.02 22:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hildebrandt\AppData\Roaming\mozilla\Extensions [2013.03.02 22:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92769A46-3929-47A2-B76D-CCF55D949C5B}: DhcpNameServer = 10.41.20.10 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 23:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.03.02 23:00:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.03.02 22:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Malwarebytes [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.02 22:17:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.02 22:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.02 22:17:14 | 000,087,376 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Programs [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Mozilla [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Mozilla [2013.03.02 22:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.02 22:12:41 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2013.03.02 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Macromedia [2013.03.02 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Adobe [2013.03.02 22:08:39 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2013.03.02 22:08:39 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2013.03.02 22:08:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2013.03.02 22:08:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2013.03.02 22:08:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2013.03.02 22:08:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2013.03.02 22:08:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Broadcom [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\Documents\Bluetooth-Exchange-Ordner [2013.03.02 21:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard [2013.03.02 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Power2Go [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Searches [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.02 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Identities [2013.03.02 21:56:48 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Contacts [2013.03.02 21:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.02 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\VirtualStore [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Vorlagen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Verlauf [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Temporary Internet Files [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Startmenü [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\SendTo [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Recent [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Netzwerkumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Lokale Einstellungen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Videos [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Musik [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Eigene Dateien [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Bilder [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Druckumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Cookies [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Anwendungsdaten [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Anwendungsdaten [2013.03.02 21:56:24 | 000,000,000 | --SD | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Videos [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Saved Games [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Pictures [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Music [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Links [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Favorites [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Downloads [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Documents [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Desktop [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.02 21:56:24 | 000,000,000 | -H-D | C] -- C:\Users\Hildebrandt\AppData [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Temp [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Microsoft [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Media Center Programs [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.02 21:56:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2013.03.02 23:07:37 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 23:07:37 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 23:04:34 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.02 23:04:34 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.02 23:04:34 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.02 23:04:34 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.02 23:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 23:00:12 | 370,732,657 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.02 23:00:07 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 22:55:03 | 000,377,856 | ---- | M] () -- C:\Users\Hildebrandt\Desktop\gmer_2.1.19115.exe [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:43:00 | 000,000,000 | ---- | M] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:17:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:17:14 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:55:11 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2013.03.02 23:00:12 | 370,732,657 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.02 22:55:01 | 000,377,856 | ---- | C] () -- C:\Users\Hildebrandt\Desktop\gmer_2.1.19115.exe [2013.03.02 22:43:00 | 000,000,000 | ---- | C] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:17:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:56:58 | 000,001,417 | ---- | C] () -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.02 21:16:59 | 2414,432,256 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Langer Rede kurzer Sinn, ich kann mir gratulieren  , bin erfolgreich verseucht, habe einen Zombie und kein Scanner findet nix  ! Zumindest nichts konkretes außer, dass mein Startsektor verbogen ist  Aber so ohne jeden Hinweis womit ich es da zutun habe, mag ich nicht wirklich irgendein tool rüber laufen lassen  und vielleicht gibt's ja jemanden, der so etwas interessant findet.Jede Hilfestellung und jeder weitere Hinweis wird dankend angenommen. heiter weiter  Geändert von hinundher (03.03.2013 um 02:24 Uhr) |
| Themen zu fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr |
| applaus, autorun, avira, bho, desktop, error, eset smart security, excel, fehler, firefox, flash player, format, google, helper, home, hängt, install.exe, installation, logfile, office 2007, ohne befund, plug-in, port, problem, prozesse, realtek, registry, rundll, security, svchost.exe, unknown mbr, windows |
Baum-Darstellung