Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 03.03.2013, 01:55   #1
hinundher
 
fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr - Standard

fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr



Hallo erstmal,
und ein dickes dankeschön an alle, die sich die Mühe machen sich durch mein Problem zu forsten.

Seit einiger Zeit kommt (manchmal) bei Google statt eines Suchergebnisses ein Captcha, da mein traffic wohl verdächtig ist. Nach Eingabe des Captchas bekomme ich zwar meine Suchergebnisse, aber die vermeintliche Schadsoftware dürfte dann wohl genauso unbehelligt weiter machen wie ich - alle scans, die ich daraufhin durchgeführt habe, waren ohne Befund: MS Essentials, Avira, McAffee Stinger.

Genervt von einem erneuten Captcha, brachte ein Blick auf meinen Router gestern (NAT Active Sessions Table) dann so etwas zu Tage (beispielsweise, wechselt ständig):
Code:
ATTFilter
     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status   
-------------------------------------------------------------------------------
   192.168.1.50 50225        29006     89.1.11.151   443     3  3   

oder

     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status   
-------------------------------------------------------------------------------
   192.168.1.50 50225        29006     89.1.11.151   443     3  3     
   192.168.1.50 50371          847  173.194.69.101    80     3  6     
   192.168.1.50 50373         1359  173.194.69.100    80     3  6     
   192.168.1.50 50375         1871  173.194.69.102    80     3  6     
   192.168.1.50 50377         2383  173.194.69.139    80     3  6    

     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status   
-------------------------------------------------------------------------------
   192.168.1.50 50641         4428  173.194.69.113    80     3  6     
   192.168.1.50 50646         5708     89.1.11.151   443     3  3     
   192.168.1.50 50225        29006     89.1.11.151   443     3  3   

     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status   
-------------------------------------------------------------------------------
   192.168.1.50 50646         5708     89.1.11.151   443     3  3     
   192.168.1.50 50759        34636  173.194.69.155    80     3  6     
   192.168.1.50 50771        37708  173.194.69.102    80     3  6     
   192.168.1.50 50781        40268    85.13.130.30    80     3  6     
   192.168.1.50 50783        40780    85.13.130.30    80     3  6     
   192.168.1.50 50225        29006     89.1.11.151   443     3  3     

     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status   
-------------------------------------------------------------------------------
   192.168.1.50 50646         5708     89.1.11.151   443     3  3     
   192.168.1.50 50953        18765  173.194.69.103   443     3  6     
   192.168.1.50 50959        20301   173.194.69.94   443     3  6     
   192.168.1.50 50961        20813   173.194.69.94   443     3  6     
   192.168.1.50 50962        21069  173.194.69.120   443     3  6     
   192.168.1.50 50225        29006     89.1.11.151   443     3  3     

     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status   
-------------------------------------------------------------------------------
   192.168.1.50 50646         5708     89.1.11.151   443     3  3     
   192.168.1.50 50225        29006     89.1.11.151   443     3  3     
   192.168.1.50 51394          591  173.194.69.113    80     3  6     
   192.168.1.50 51402         2639  173.194.69.113    80     3  3     
   192.168.1.50 51438        11855    85.13.130.30    80     3  3     
   192.168.1.50 51448        14415  173.194.69.156    80     3  6  

     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status   
-------------------------------------------------------------------------------
   192.168.1.50 50646         5708     89.1.11.151   443     3  3     
   192.168.1.50 50225        29006     89.1.11.151   443     3  3     
   192.168.1.50 51605        54607   173.194.69.99   443     3  6     
   192.168.1.50 51607        55119   173.194.69.94   443     3  6     
   192.168.1.50 51608        55375  173.194.69.120   443     3  6     
   192.168.1.50 51624        59471   173.194.69.94    80     3  6     
   192.168.1.50 51632        61519   23.43.116.211    80     3  6     
   192.168.1.50 51640        63567    23.43.118.41    80     3  6     
   192.168.1.50 51642        64079    23.43.118.41    80     3  6     
   192.168.1.50 51644        64591    23.43.118.41    80     3  6     
   192.168.1.50 51646        65103    23.43.118.41    80     3  6     
   192.168.1.50 51648           84    23.43.118.41    80     3  6     
   192.168.1.50 51650          596    23.43.118.41    80     3  6     
   192.168.1.50 51652         1108    23.43.118.41    80     3  6     
   192.168.1.50 51654         1620    23.43.118.41    80     3  6     
   192.168.1.50 51656         2132    23.43.118.41    80     3  6     
   192.168.1.50 51658         2644    23.43.118.41    80     3  6     
   192.168.1.50 51660         3156    23.43.118.41    80     3  6     
   192.168.1.50 51662         3668    23.43.118.41    80     3  6     
   192.168.1.50 51664         4180    23.43.118.41    80     3  6     
   192.168.1.50 51666         4692    23.43.118.41    80     3  6     
   192.168.1.50 51668         5204    23.43.118.41    80     3  6     
   192.168.1.50 51670         5716    23.43.118.41    80     3  6     
   192.168.1.50 51676         7252    23.43.118.41    80     3  6     
   192.168.1.50 51678         7764    23.43.118.41    80     3  6     
   192.168.1.50 51680         8276    23.43.118.41    80     3  6     
   192.168.1.50 51682         8788    23.43.118.41    80     3  6     
   192.168.1.50 51684         9300    23.43.118.41    80     3  6     
   192.168.1.50 51686         9812    85.13.130.30    80     3  2     
   192.168.1.50 51688        10324   173.194.69.95    80     3  6     
   192.168.1.50 51690        10836   173.194.69.95    80     3  6     
   192.168.1.50 51692        11348    85.13.130.30    80     3  2     
   192.168.1.50 51694        11860    85.13.130.30    80     3  6     
   192.168.1.50 51696        12372  173.194.69.156    80     3  6     
   192.168.1.50 51698        12884    85.13.130.30    80     3  6     
   192.168.1.50 51700        13396    85.13.130.30    80     3  6     
   192.168.1.50 51702        13908    85.13.130.30    80     3  6     
   192.168.1.50 51708        15444   50.19.254.195    80     3  4
         
Obwohl ich (bewusst) keinerlei Software/Internet-Verbindungen laufen habe! Es ist nichts weiter offen als der Firefox zum Router.

Außerdem hängt sich mein Router (nur nachts!) regelmäßig einmalig auf und erkennt keinerlei Signale mehr, soll heißen die ADSL Spectrum Analyse (ein Menüpunkt im Vigor) zeigt statt grüner Balken nur noch schwarz - interpretieren kann ich die Anzeige (BIN-bits/Gain/SNR) nicht. Ohne Kaltstart des Routers kommt aber kein internet mehr an.

Da ich den traffic äußerst suspekt fand, wollte ich generell alle ssh-Verbindungen über die Firewall-Einstellungen des Routers blocken, um mich um den Rechner zu kümmern, ohne dass mir irgendwer/was dazwischen funkt. Nachdem ich meinte erfolgreich die Regeln eingepflegt zu haben (sie wurden angezeigt und ich war gerade dabei zu überprüfen, dass ich mein externes Email-Postfach nicht mehr erreichen kann), wurden die Default-Call-Filter gelöscht! Die Data-Filter, die ich gerade aufgesetzt hatte, waren deaktiviert!

Kurz entschlossen (eher panisch) habe ich meinen Rechner mit der recovery-partition neu installiert (dem Router hatte ich bereits ohne bestehende Internet-Verbindung ein neues Kennwort verpasst) - aber ich hatte sofort wieder aktive sessions. Eine IP die eindeutig barclaycards zuzuordnen ist taucht seitdem nicht mehr auf. Auch ist die Liste der Verbindungen deutlich kleiner geworden. Non-TCP Verbindungen habe ich seitdem auch nicht mehr beobachtet.

Weder die Windows Essentials noch Avira haben jemals Alarm geschlagen und waren immer hoch-aktuell, genauso wie Firefox, Adobes Flash, deren Reader und Oracles Java, womit ich dachte die gröbsten Einfallstore dicht zu haben.

Der Task-Manager zeigt Prozesse ohne User/Beschreibung und teilweise doppelt an:
  • csrss.exe (doppelt)
  • nvvsvc.exe
  • winlogon.exe
  • wisptis.exe (doppelt)
Selbst der Sysinternals Prozessbetrachter von Microsoft erkennt diese nicht ordnungsgemäß.

Malwarebytes hatte Rogue.ControlCenter erkannt (den ich sehr wahrscheinlich ursprünglich über den PDF-Creator von chip-online reingewürgt bekam). Auch nach dem recovery gerade, pures Windows im Auslieferungszustand ohne jede weitere Installation, war Rogue sofort wieder drauf.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.02.12

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Hildebrandt :: Acon [Administrator]

Schutz: Aktiviert

02.03.2013 22:19:24
MBAM-log-2013-03-02 (22-27-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195339
Laufzeit: 4 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Public\Desktop\Control Center.lnk (Rogue.ControlCenter) -> Keine Aktion durchgeführt.

(Ende)

---

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.02.12

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Hildebrandt :: Acon [Administrator]

Schutz: Aktiviert

02.03.2013 22:19:24
mbam-log-2013-03-02 (22-19-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195339
Laufzeit: 4 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Public\Desktop\Control Center.lnk (Rogue.ControlCenter) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Defogger runtergeladen: finished

OldTimer laufen lassen:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.03.2013 22:45:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hildebrandt\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,14% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 880,99 Gb Free Space | 97,84% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
 
Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe
PRC - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2013.03.02 22:17:05 | 000,304,464 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuard.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe
PRC - [2009.12.29 18:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.07.01 18:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.06.18 09:34:14 | 000,099,664 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll
MOD - [2009.04.06 11:33:14 | 000,061,952 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2009.04.06 11:33:08 | 000,380,928 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BgLiveSvc)
SRV - [2013.03.02 22:17:05 | 000,079,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BgMainSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv)
SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.16 13:20:18 | 000,087,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll -- (BsMailProxy)
SRV - [2009.04.06 11:32:54 | 000,132,432 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.12.22 13:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.12.16 10:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.03 11:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.10.13 13:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.07.01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2009.01.23 14:48:56 | 000,055,504 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy)
DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\..\SearchScopes,DefaultScope = {AE9E4319-3461-420B-A361-7E84A055E257}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AE9E4319-3461-420B-A361-7E84A055E257}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.01.08 11:06:16 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.02 22:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.03.02 22:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hildebrandt\AppData\Roaming\mozilla\Extensions
[2013.03.02 22:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92769A46-3929-47A2-B76D-CCF55D949C5B}: DhcpNameServer = 10.41.20.10 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 22:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe
[2013.03.02 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Malwarebytes
[2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.02 22:17:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.02 22:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.02 22:17:14 | 000,087,376 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2013.03.02 22:17:14 | 000,014,160 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll
[2013.03.02 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Programs
[2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Mozilla
[2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Mozilla
[2013.03.02 22:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.02 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Macromedia
[2013.03.02 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Adobe
[2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Broadcom
[2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\Documents\Bluetooth-Exchange-Ordner
[2013.03.02 21:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard
[2013.03.02 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Power2Go
[2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Searches
[2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.02 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Identities
[2013.03.02 21:56:48 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Contacts
[2013.03.02 21:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.02 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\VirtualStore
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Vorlagen
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Verlauf
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Temporary Internet Files
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Startmenü
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\SendTo
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Recent
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Netzwerkumgebung
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Lokale Einstellungen
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Videos
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Musik
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Eigene Dateien
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Bilder
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Druckumgebung
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Cookies
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Anwendungsdaten
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Anwendungsdaten
[2013.03.02 21:56:24 | 000,000,000 | --SD | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Videos
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Saved Games
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Pictures
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Music
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Links
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Favorites
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Downloads
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Documents
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Desktop
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.02 21:56:24 | 000,000,000 | -H-D | C] -- C:\Users\Hildebrandt\AppData
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Temp
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Microsoft
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Media Center Programs
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.02 21:56:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe
[2013.03.02 22:43:00 | 000,000,000 | ---- | M] () -- C:\Users\Hildebrandt\defogger_reenable
[2013.03.02 22:41:34 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 22:41:34 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 22:38:51 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.02 22:38:51 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.02 22:38:51 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.02 22:38:51 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.02 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 22:31:37 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 22:17:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.02 22:17:14 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2013.03.02 22:17:14 | 000,014,160 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll
[2013.03.02 22:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.02 21:55:11 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.03.02 22:43:00 | 000,000,000 | ---- | C] () -- C:\Users\Hildebrandt\defogger_reenable
[2013.03.02 22:17:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.02 22:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.02 21:56:58 | 000,001,417 | ---- | C] () -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.02 21:16:59 | 2414,432,256 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.02 21:57:13 | 000,000,000 | ---D | M] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.03.2013 22:45:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hildebrandt\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,14% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 880,99 Gb Free Space | 97,84% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
 
Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45F5358D-58AD-4E2F-8A9C-A3E2599D82DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{58497DDA-AE32-45D0-BD11-BA8BD7BBF700}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E82D9F-40B5-4D10-BB8C-562A0C754137}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{16B68B53-0307-49A8-8ADE-6A7B014C411E}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | 
"{3FAAF35C-AA05-48D9-8079-48A42DCEBBCF}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe | 
"{41451582-CF6B-4D01-847B-1C40EE851168}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe | 
"{4219C811-AF72-4F2D-BCAF-75817A92F588}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe | 
"{5E533F78-0E51-4D4A-A69D-0930EBF1B77D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{69801E10-B0C6-4BA5-B187-3FA83EA23831}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe | 
"{7230ADDB-FE58-4D7F-B50E-B8DA28F17FAA}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe | 
"{76CCB166-4C34-4395-81FD-E244C9262695}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{89CADAE9-2679-41F1-8C78-C912481E1BE9}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{9112CBE4-20CF-42B8-875B-F6451B5D4E3D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{ACA53645-D65A-402A-8C62-3AECCC229810}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BDED4097-A2EC-41B9-BC6F-F2935633644C}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | 
"{C27AB3D2-CB54-4569-B2FC-F5C817CA6297}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D24DDF98-7CBD-4590-9952-F2B398E89AB4}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe | 
"{E6FCF82F-3281-400E-80BF-C04E4303D9A6}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{EA510B3E-6A62-4367-8F70-8FA807D5A5C6}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"BullGuard" = BullGuard 8.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2013 17:07:51 | Computer Name = Acon | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.03.2013 17:32:16 | Computer Name = Acon | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 02.03.2013 16:18:58 | Computer Name = WIN-L8H6EQD96SM | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard File Scan Service" wurde nicht richtig gestartet.
 
Error - 02.03.2013 16:19:00 | Computer Name = WIN-L8H6EQD96SM | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard Email Monitoring Service" wurde nicht richtig
 gestartet.
 
Error - 02.03.2013 16:56:00 | Computer Name = Acon | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard File Scan Service" wurde nicht richtig gestartet.
 
Error - 02.03.2013 16:56:02 | Computer Name = Acon | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard Email Monitoring Service" wurde nicht richtig
 gestartet.
 
 
< End of report >
         
--- --- ---


Gmer
Beim Start hatte mich gleich die erste Zeile verwundert: device\harddisk0\DR0 unknown MBR code ... kurz danach kam ein blue screen: irqnotless ... aber das Speicherabbild war schneller erstellt wie ich lesen konnte.

Nach dem erzwungenen Neustart GMER nochmal ausgeführt

[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-02 23:07:04
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\HILDEB~1\AppData\Local\Temp\fgldrpog.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                  83058579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           8307CF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           BdFileSpy.sys (BullGuard File Monitor (x86)/BullGuard Ltd.)

Device          \Driver\BTHUSB \Device\00000093                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000093                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000095                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000095                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BsFileScan\Statistics@UiTotalScans                        7666
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6003335                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60bb8b2                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6003335 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60bb8b2 (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---


Habe dann nochmal OTL laufen lassen, aber scan statt quick-scan:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.03.2013 23:37:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hildebrandt\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,36% Memory free
5,99 Gb Paging File | 4,62 Gb Available in Paging File | 77,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 880,54 Gb Free Space | 97,79% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
 
Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe
PRC - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe
PRC - [2009.12.29 18:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.07.01 18:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BgLiveSvc)
SRV - [2013.03.02 22:17:05 | 000,079,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BgMainSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv)
SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.16 13:20:18 | 000,087,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll -- (BsMailProxy)
SRV - [2009.04.06 11:32:54 | 000,132,432 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\HILDEB~1\AppData\Local\Temp\fgldrpog.sys -- (fgldrpog)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.12.22 13:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.12.16 10:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.03 11:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.10.13 13:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.07.01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2009.01.23 14:48:56 | 000,055,504 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy)
DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\..\SearchScopes,DefaultScope = {AE9E4319-3461-420B-A361-7E84A055E257}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AE9E4319-3461-420B-A361-7E84A055E257}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.01.08 11:06:16 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.02 22:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.03.02 22:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hildebrandt\AppData\Roaming\mozilla\Extensions
[2013.03.02 22:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92769A46-3929-47A2-B76D-CCF55D949C5B}: DhcpNameServer = 10.41.20.10 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 23:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.03.02 23:00:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.02 22:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe
[2013.03.02 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Malwarebytes
[2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.02 22:17:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.02 22:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.02 22:17:14 | 000,087,376 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2013.03.02 22:17:14 | 000,014,160 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll
[2013.03.02 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Programs
[2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Mozilla
[2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Mozilla
[2013.03.02 22:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.02 22:12:41 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013.03.02 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Macromedia
[2013.03.02 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Adobe
[2013.03.02 22:08:39 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.03.02 22:08:39 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.03.02 22:08:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.03.02 22:08:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.03.02 22:08:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.03.02 22:08:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.03.02 22:08:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Broadcom
[2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\Documents\Bluetooth-Exchange-Ordner
[2013.03.02 21:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard
[2013.03.02 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Power2Go
[2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Searches
[2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.02 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Identities
[2013.03.02 21:56:48 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Contacts
[2013.03.02 21:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.02 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\VirtualStore
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Vorlagen
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Verlauf
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Temporary Internet Files
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Startmenü
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\SendTo
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Recent
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Netzwerkumgebung
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Lokale Einstellungen
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Videos
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Musik
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Eigene Dateien
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Bilder
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Druckumgebung
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Cookies
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Anwendungsdaten
[2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Anwendungsdaten
[2013.03.02 21:56:24 | 000,000,000 | --SD | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Videos
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Saved Games
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Pictures
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Music
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Links
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Favorites
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Downloads
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Documents
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Desktop
[2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.02 21:56:24 | 000,000,000 | -H-D | C] -- C:\Users\Hildebrandt\AppData
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Temp
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Microsoft
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Media Center Programs
[2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.02 21:56:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 23:07:37 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 23:07:37 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 23:04:34 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.02 23:04:34 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.02 23:04:34 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.02 23:04:34 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.02 23:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 23:00:12 | 370,732,657 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.02 23:00:07 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 22:55:03 | 000,377,856 | ---- | M] () -- C:\Users\Hildebrandt\Desktop\gmer_2.1.19115.exe
[2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe
[2013.03.02 22:43:00 | 000,000,000 | ---- | M] () -- C:\Users\Hildebrandt\defogger_reenable
[2013.03.02 22:17:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.02 22:17:14 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2013.03.02 22:17:14 | 000,014,160 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll
[2013.03.02 22:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.02 21:55:11 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.03.02 23:00:12 | 370,732,657 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.02 22:55:01 | 000,377,856 | ---- | C] () -- C:\Users\Hildebrandt\Desktop\gmer_2.1.19115.exe
[2013.03.02 22:43:00 | 000,000,000 | ---- | C] () -- C:\Users\Hildebrandt\defogger_reenable
[2013.03.02 22:17:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.02 22:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.02 21:56:58 | 000,001,417 | ---- | C] () -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.02 21:16:59 | 2414,432,256 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Abschließend noch ESET Smart Security laufen lassen: kein Befund.

Langer Rede kurzer Sinn, ich kann mir gratulieren , bin erfolgreich verseucht, habe einen Zombie und kein Scanner findet nix !
Zumindest nichts konkretes außer, dass mein Startsektor verbogen ist

Aber so ohne jeden Hinweis womit ich es da zutun habe, mag ich nicht wirklich irgendein tool rüber laufen lassen und vielleicht gibt's ja jemanden, der so etwas interessant findet.

Jede Hilfestellung und jeder weitere Hinweis wird dankend angenommen.
heiter weiter

Geändert von hinundher (03.03.2013 um 02:24 Uhr)

 

Themen zu fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr
applaus, autorun, avira, bho, desktop, error, eset smart security, excel, fehler, firefox, flash player, format, google, helper, home, hängt, install.exe, installation, logfile, office 2007, ohne befund, plug-in, port, problem, prozesse, realtek, registry, rundll, security, svchost.exe, unknown mbr, windows




Ähnliche Themen: fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr


  1. Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (18)
  2. Computer sehr langsam, keine Reaktion, Prozesse müssen oft beendet werden
    Log-Analyse und Auswertung - 12.06.2014 (17)
  3. Avast StartUpScan hat 15 Befunde gemeldet
    Log-Analyse und Auswertung - 08.03.2014 (8)
  4. Teamspeak und andere Prozesse geben aufeinmal keine Rückmeldung
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (13)
  5. windows explorer stürzt ständig ab und nur prozesse werden gestartet aber keine anwendungen
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (1)
  6. Rauschen Telefon Kabeldeutschland bei Netzwerkverkehr
    Netzwerk und Hardware - 02.10.2013 (55)
  7. VirusTotal analysiert Netzwerkverkehr
    Nachrichten - 24.04.2013 (0)
  8. Trojaner FAKE MS / Keine Googlesuche mit FF und IE mehr möglich
    Log-Analyse und Auswertung - 16.10.2011 (26)
  9. Win 7 Recovery Fake - Wieso keine Antwort?
    Log-Analyse und Auswertung - 25.05.2011 (1)
  10. IE 8 kann keine seite mehr herstellen, bis zu 4 IE prozesse gleichzeitug
    Log-Analyse und Auswertung - 26.10.2010 (4)
  11. geheimer Netzwerkverkehr geblitzt mit netstat
    Plagegeister aller Art und deren Bekämpfung - 05.07.2009 (10)
  12. Fake Seiten und keine Updates
    Log-Analyse und Auswertung - 25.01.2009 (2)
  13. ungewohnt hohe Aktivität, für mich keine neuen Prozesse erkennbar
    Log-Analyse und Auswertung - 18.09.2008 (0)
  14. Ev. Backdoor? Keine Sichtbaren Starteinträge oder Prozesse...
    Log-Analyse und Auswertung - 21.05.2008 (6)
  15. keine systemwiederherstellung + komische prozesse
    Log-Analyse und Auswertung - 09.08.2007 (5)
  16. Kann keine Designs mehr außer dem klassichen Windows Design nutzen.
    Log-Analyse und Auswertung - 11.02.2007 (5)
  17. Mein hijackthis beendet keine Prozesse mehr
    Log-Analyse und Auswertung - 18.03.2005 (1)

Zum Thema fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr - Hallo erstmal, und ein dickes dankeschön an alle, die sich die Mühe machen sich durch mein Problem zu forsten. Seit einiger Zeit kommt (manchmal) bei Google statt eines Suchergebnisses ein - fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr...
Archiv
Du betrachtest: fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.