Bundespolizei Virus/wpbt0.dll

Timme92 · 25.10.2011, 05:39

Hallo,
ich weiß, dass das Thema schon oft angesprochen wurde jedoch ähnelt kein Thread meinem Problem.
Unzwar hatte ich auch das Problem mit dem Bundespolizei Virus.
Sofort als das bekannte Bild erschien zog ich das LAN-Kabel und schaltete den PC sofort aus. (Über Netztschalter gedrückt halten)
Danach fuhr ich den PC wieder hoch und alles lief normal.
Jedoch öffnete sich die Mediainfo von wpbt0.dll (Screenshot liegt bei)
Der Security Task Manager zeigt die besagte Datei an jedoch als nicht Aktiviert.
Ich hatte schon einmal ein Problem mit der Datei jedoch nur auf Grund von AntiVir's Warnung.
Damals habe ich leider nicht ordnungsgemäß reagiert wie's scheint.
Da ich mit diesem PC auf Online Banking mache, habe ich jetzt angst vor schlimmen Kosequenzen.
Ich hoffe ich habe das Problem ausreichend gut beschrieben.

Wie schon anfangs erwähnt ist das Bild erst einmal aufgetreten.

Hier die OTL.txt

Zitat:

OTL logfile created on: 25.10.2011 03:14:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,45% Memory free
6,19 Gb Paging File | 4,81 Gb Available in Paging File | 77,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 8,48 Gb Free Space | 5,94% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 43,39 Gb Free Space | 30,41% Space Free | Partition Type: NTFS
Drive E: | 382,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.25 03:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2011.09.29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.09.29 16:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 13:19:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.31 16:22:54 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.05.31 16:21:10 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.04.27 19:04:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.04 23:11:13 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.06.09 20:53:25 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\*****\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.25 05:40:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.04.30 19:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.04.25 03:25:52 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.10 16:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.04.10 16:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.22 17:04:02 | 000,115,137 | ---- | M] () -- C:\Users\*****\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2011.09.29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.09.16 11:55:38 | 000,621,480 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011.09.16 11:55:38 | 000,463,784 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011.09.16 11:55:38 | 000,007,168 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011.09.16 11:55:38 | 000,003,584 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2011.07.27 10:13:52 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2011.07.08 21:08:59 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.07.08 20:59:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.07.08 20:59:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.07.08 20:52:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.08 20:52:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.08 20:52:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.08 20:51:26 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll
MOD - [2011.07.08 20:51:18 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.07.08 20:51:15 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.07.08 20:50:50 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.07.08 20:50:37 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.07.08 20:50:33 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.08 20:50:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010.11.21 16:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.05.07 20:06:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.05.07 20:06:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.05.07 20:06:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.04.30 16:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.04.10 16:30:22 | 000,753,664 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.04.10 16:30:18 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.03.04 23:38:16 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2004.08.12 08:25:36 | 000,167,936 | ---- | M] () -- C:\Programme\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.21 15:55:48 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.06.29 13:19:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.31 16:21:10 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.05.31 16:18:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.04.27 19:04:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.25 17:25:00 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009.09.18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.25 06:43:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.08.25 06:43:54 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.07.18 06:24:42 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011.07.18 06:24:40 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011.07.18 06:24:40 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2011.07.18 06:24:08 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.07.18 06:24:08 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.07.18 06:24:08 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011.07.18 06:24:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.07.18 06:24:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.06.29 13:19:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 13:19:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.20 17:50:43 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.10.16 20:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.02.24 15:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.05 14:04:30 | 000,489,408 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.06.30 18:46:22 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.28 16:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.18 15:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.12 03:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0610&m=aspire_5930

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?ref=hp"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.20 01:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.20 01:33:05 | 000,000,000 | ---D | M]

[2010.06.09 21:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.10.23 01:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions
[2010.09.18 18:44:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.28 17:19:52 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.08.19 13:05:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.10.11 18:31:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.03.31 23:07:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions\engine@conduit.com
[2010.06.14 15:14:40 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions\sparweltgutscheinewl@sparwelt.de
[2011.10.23 18:37:01 | 000,000,000 | ---D | M] (MyPlayCity Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\obhiaoc3.default\extensions\toolbar@ask.com
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\obhiaoc3.default\searchplugins\conduit.xml
[2011.10.15 23:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.16 19:22:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.17 19:09:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.10.15 23:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OBHIAOC3.DEFAULT\EXTENSIONS\{3E9A3920-1B27-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OBHIAOC3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.09.30 14:37:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.15 23:17:10 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.24 21:58:41 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.09.30 14:37:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 14:37:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.30 14:37:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 14:37:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 14:37:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 14:37:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\*****\AppData\Local\Temp\wpbt0.dll ()
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B45D07-560D-4F05-85B8-2E507EF37CEE}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B42AC52-B7A9-4965-8BFE-33DD80FAABA5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECBB55A3-05B4-4644-B221-A7036F82BFA2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.02.02 17:02:42 | 000,155,648 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001.02.02 17:02:44 | 000,000,050 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{106fda1a-7bd9-11e0-ac9d-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{106fda1a-7bd9-11e0-ac9d-00a0c6000000}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{67c6a448-73f1-11df-8551-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67c6a448-73f1-11df-8551-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2001.02.02 17:02:42 | 000,155,648 | R--- | M] ()
O33 - MountPoints2\{abfbfa40-82f9-11e0-a6d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{abfbfa40-82f9-11e0-a6d8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\MafiaLauncher.EXE
O33 - MountPoints2\{b0db6785-2c96-11e0-8cdb-001d72c9c9dd}\Shell - "" = AutoRun
O33 - MountPoints2\{b0db6785-2c96-11e0-8cdb-001d72c9c9dd}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b0db678b-2c96-11e0-8cdb-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{b0db678b-2c96-11e0-8cdb-001e101f2b52}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fa59b440-03bd-11e0-9681-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa59b440-03bd-11e0-9681-806e6f6e6963}\Shell\AutoRun\command - "" = F:\MafiaLauncher.EXE
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.10.25 03:12:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.10.25 03:11:58 | 000,000,000 | ---D | C] -- C:\Users\*****\TrojanerBoard
[2011.10.25 02:41:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2011.10.25 02:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.25 02:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.25 02:41:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.25 02:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.25 02:40:15 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*****\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.25 02:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.10.25 02:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.10.25 02:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011.10.24 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PunkBuster
[2011.10.24 20:23:57 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Call of Duty 4 - Modern Warfare
[2011.10.24 03:21:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Feuerwehr
[2011.10.24 01:45:02 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Apple Computer
[2011.10.24 01:45:02 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apple Computer
[2011.10.24 01:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2011.10.24 01:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 3
[2011.10.24 01:20:40 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\com_reports2.10final
[2011.10.23 01:21:15 | 185,837,088 | ---- | C] (INTENIUM GmbH) -- C:\Users\*****\Desktop\GeheimeFaelleVermisstInRomSpezial.exe
[2011.10.23 01:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Meridian93
[2011.10.23 01:19:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Meridian93
[2011.10.23 01:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.10.23 01:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com
[2011.10.23 01:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\MyPlayCity.com
[2011.10.23 01:14:22 | 143,601,528 | ---- | C] (MyPlayCity, Inc. ) -- C:\Users\*****\Desktop\unicorncastle_setup.exe
[2011.10.20 17:30:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Reifen
[2011.10.20 02:56:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\JollyBear
[2011.10.20 02:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear
[2011.10.20 01:54:29 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Playrix Entertainment
[2011.10.20 01:44:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Colibri Games
[2011.10.20 01:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games
[2011.10.20 01:36:10 | 000,000,000 | ---D | C] -- C:\Zylom Games
[2011.10.20 01:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
[2011.10.20 01:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2011.10.20 01:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zylom Games
[2011.10.20 01:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2011.10.19 02:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2011.10.19 02:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive
[2011.10.19 01:11:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\casanova
[2011.10.19 00:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2011.10.19 00:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2011.10.19 00:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2011.10.16 18:42:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Stadt-Sonnberg-Modifikation-1.0
[2011.10.16 18:26:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\bs251
[2011.10.16 14:45:11 | 000,000,000 | ---D | C] -- C:\Users\*****\.thumbnails
[2011.10.16 00:20:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Apps
[2011.10.15 23:29:53 | 000,000,000 | ---D | C] -- C:\Users\*****\.android
[2011.10.15 23:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Android
[2011.10.15 23:21:24 | 000,000,000 | ---D | C] -- C:\Users\*****\workspace
[2011.10.15 23:19:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\eclipse-SDK-3.7.1-win32
[2011.10.15 23:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.10.15 22:32:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\updatetool
[2011.10.15 22:28:35 | 000,000,000 | ---D | C] -- C:\Users\*****\Application Data
[2011.10.15 22:25:27 | 000,000,000 | ---D | C] -- C:\glassfish3
[2011.10.15 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\*****\.appinventor
[2011.10.14 19:57:17 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Unreal Tournament
[2011.10.05 05:10:00 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Samsung-USB-Drivers
[2011.10.05 04:51:47 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2011.10.05 04:51:47 | 000,077,624 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2011.10.05 04:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.10.05 04:49:25 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.10.05 04:49:25 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2011.10.01 15:12:01 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Flight Simulator X-Dateien
[2011.10.01 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games
[2011.10.01 01:25:06 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Google-Dateien
[2011.09.30 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die-Toten-Hosen--Weisses-Rauschen-Unplugged
[2010.06.10 06:03:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011.10.25 03:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.10.25 03:08:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.10.25 03:08:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 03:08:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 03:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.25 03:08:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.25 03:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.25 03:06:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.10.25 03:05:23 | 000,000,176 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2011.10.25 03:04:04 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2011.10.25 02:41:13 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.25 02:40:28 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*****\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.25 02:13:49 | 002,086,240 | ---- | M] () -- C:\Users\*****\Desktop\SecurityTaskManager_Setup.exe
[2011.10.24 23:04:30 | 000,056,320 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.24 22:59:44 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.24 22:59:43 | 000,628,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.24 22:59:43 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.24 22:59:43 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.24 20:36:32 | 001,341,610 | ---- | M] () -- C:\Users\*****\Desktop\iw3mp 1.7 PATCHED.rar
[2011.10.24 20:34:49 | 001,218,337 | ---- | M] () -- C:\Users\*****\Desktop\Call_of_Duty_Modern_Warfare_1.7.NoDVD.tPORt.rar
[2011.10.24 16:57:52 | 000,037,843 | ---- | M] () -- C:\Users\*****\Desktop\Einsatze2010.htm
[2011.10.24 15:39:29 | 000,029,355 | ---- | M] () -- C:\Users\*****\Desktop\Dienstplan 2011.pdf
[2011.10.24 03:28:19 | 000,471,395 | ---- | M] () -- C:\Users\*****\Desktop\Feuerwehr.zip
[2011.10.24 01:40:31 | 000,000,922 | ---- | M] () -- C:\Users\*****\Desktop\Artisteer 3.lnk
[2011.10.24 01:38:01 | 105,414,620 | ---- | M] () -- C:\Users\*****\Desktop\Artisteer.3.0.0.41778.exe
[2011.10.24 01:20:23 | 001,027,613 | ---- | M] () -- C:\Users\*****\Desktop\com_reports2.10final.zip
[2011.10.23 01:53:49 | 000,326,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.23 01:24:26 | 185,837,088 | ---- | M] (INTENIUM GmbH) -- C:\Users\*****\Desktop\GeheimeFaelleVermisstInRomSpezial.exe
[2011.10.23 01:16:21 | 143,601,528 | ---- | M] (MyPlayCity, Inc. ) -- C:\Users\*****\Desktop\unicorncastle_setup.exe
[2011.10.20 23:53:28 | 000,023,897 | ---- | M] () -- C:\Users\*****\Desktop\Zylom.Games.Universal.Patcher.v2.0.rar
[2011.10.19 17:13:23 | 000,006,691 | ---- | M] () -- C:\Users\*****\.recently-used.xbel
[2011.10.16 18:41:29 | 059,296,457 | ---- | M] () -- C:\Users\*****\Desktop\Stadt-Sonnberg-Modifikation-1.0.rar
[2011.10.16 18:25:39 | 099,174,960 | ---- | M] () -- C:\Users\*****\Desktop\bs251.zip
[2011.10.15 23:18:24 | 183,117,809 | ---- | M] () -- C:\Users\*****\Desktop\eclipse-SDK-3.7.1-win32.zip
[2011.10.15 23:13:55 | 083,345,288 | ---- | M] () -- C:\Users\*****\Desktop\jdk-7-windows-i586.exe
[2011.10.15 22:33:26 | 000,000,096 | ---- | M] () -- C:\Users\*****\.asadminpass
[2011.10.15 20:16:42 | 000,008,592 | ---- | M] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2011.10.13 18:14:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011.10.12 18:41:08 | 002,093,949 | ---- | M] () -- C:\Users\*****\Desktop\1280743109_Reventon_The_Speed_Enforcer.rar
[2011.10.05 22:50:31 | 342,846,417 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.05 04:52:30 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.10.05 03:29:34 | 000,001,226 | ---- | M] () -- C:\Users\*****\Filme.lnk
[2011.10.01 01:25:07 | 000,056,649 | ---- | M] () -- C:\Users\*****\Desktop\Google.htm
[2011.09.30 19:32:26 | 005,190,287 | ---- | M] () -- C:\Users\*****\Desktop\Die-Toten-Hosen--Weisses-Rauschen-Unplugged.zip

========== Files Created - No Company Name ==========

[2011.10.25 03:05:01 | 000,000,176 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2011.10.25 03:04:03 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2011.10.25 02:41:13 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.25 02:13:42 | 002,086,240 | ---- | C] () -- C:\Users\*****\Desktop\SecurityTaskManager_Setup.exe
[2011.10.24 20:36:31 | 001,341,610 | ---- | C] () -- C:\Users\*****\Desktop\iw3mp 1.7 PATCHED.rar
[2011.10.24 20:34:46 | 001,218,337 | ---- | C] () -- C:\Users\*****\Desktop\Call_of_Duty_Modern_Warfare_1.7.NoDVD.tPORt.rar
[2011.10.24 16:57:52 | 000,037,843 | ---- | C] () -- C:\Users\*****\Desktop\Einsatze2010.htm
[2011.10.24 15:39:29 | 000,029,355 | ---- | C] () -- C:\Users\*****\Desktop\Dienstplan 2011.pdf
[2011.10.24 03:21:35 | 000,471,395 | ---- | C] () -- C:\Users\*****\Desktop\Feuerwehr.zip
[2011.10.24 01:40:31 | 000,000,922 | ---- | C] () -- C:\Users\*****\Desktop\Artisteer 3.lnk
[2011.10.24 01:35:26 | 105,414,620 | ---- | C] () -- C:\Users\*****\Desktop\Artisteer.3.0.0.41778.exe
[2011.10.24 01:20:20 | 001,027,613 | ---- | C] () -- C:\Users\*****\Desktop\com_reports2.10final.zip
[2011.10.20 23:53:24 | 000,023,897 | ---- | C] () -- C:\Users\*****\Desktop\Zylom.Games.Universal.Patcher.v2.0.rar
[2011.10.19 17:13:23 | 000,006,691 | ---- | C] () -- C:\Users\*****\.recently-used.xbel
[2011.10.16 18:40:47 | 059,296,457 | ---- | C] () -- C:\Users\*****\Desktop\Stadt-Sonnberg-Modifikation-1.0.rar
[2011.10.16 18:23:37 | 099,174,960 | ---- | C] () -- C:\Users\*****\Desktop\bs251.zip
[2011.10.15 23:15:32 | 183,117,809 | ---- | C] () -- C:\Users\*****\Desktop\eclipse-SDK-3.7.1-win32.zip
[2011.10.15 23:13:13 | 083,345,288 | ---- | C] () -- C:\Users\*****\Desktop\jdk-7-windows-i586.exe
[2011.10.15 22:33:26 | 000,000,096 | ---- | C] () -- C:\Users\*****\.asadminpass
[2011.10.13 18:14:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011.10.12 18:41:06 | 002,093,949 | ---- | C] () -- C:\Users\*****\Desktop\1280743109_Reventon_The_Speed_Enforcer.rar
[2011.10.05 04:52:30 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.10.05 03:35:31 | 000,001,226 | ---- | C] () -- C:\Users\*****\Filme.lnk
[2011.10.01 01:25:05 | 000,056,649 | ---- | C] () -- C:\Users\*****\Desktop\Google.htm
[2011.09.30 19:32:24 | 005,190,287 | ---- | C] () -- C:\Users\*****\Desktop\Die-Toten-Hosen--Weisses-Rauschen-Unplugged.zip
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.27 10:13:52 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.07.25 14:53:19 | 000,000,091 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2011.03.12 21:13:09 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.03.12 21:13:09 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.09.21 21:05:44 | 000,000,014 | ---- | C] () -- C:\Windows\System32\hrxmsys.drv
[2010.08.29 23:50:54 | 000,001,255 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.29 23:50:25 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2010.08.27 23:39:20 | 000,000,993 | ---- | C] () -- C:\Windows\eReg.dat
[2010.07.16 19:57:58 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.07.08 18:56:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.07.08 18:56:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.07.08 18:56:17 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2010.06.22 16:28:14 | 000,008,592 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2010.06.18 20:57:36 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.06.18 20:57:34 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.06.18 20:57:26 | 003,315,712 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010.06.18 20:57:25 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.18 20:57:24 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.06.18 20:57:22 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.11 17:21:18 | 000,088,349 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.11 17:20:52 | 000,088,349 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.06.11 15:40:02 | 000,056,320 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.09 20:37:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2010.06.09 20:33:48 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.09 20:33:48 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.06.09 20:33:48 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.06.09 20:33:48 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.09 20:30:05 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010.06.09 20:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.06.09 20:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.06.09 20:30:05 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.08 05:32:19 | 000,628,898 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.08 05:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.08 05:32:19 | 000,127,606 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.08 05:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,326,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,946 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,105,276 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2004.01.26 18:15:28 | 000,233,472 | R--- | C] () -- C:\Users\*****\AppData\Roaming\MafiaSetup.exe
[2004.01.26 18:15:22 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2002.01.03 02:09:18 | 000,000,356 | ---- | C] () -- C:\Windows\System32\AF15IrTbl.bin
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010.06.09 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Acer
[2008.05.07 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Acer GameZone Console
[2010.12.01 18:18:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ahans
[2011.10.24 01:45:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Artisteer
[2011.07.27 10:14:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Atari
[2011.01.30 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bytemobile
[2011.10.19 01:11:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\casanova
[2011.02.28 18:48:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Charles
[2011.10.20 01:44:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Colibri Games
[2010.08.30 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CorsixTH
[2010.06.11 15:55:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2010.12.09 20:02:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Pro
[2011.10.25 03:10:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox
[2011.09.14 00:41:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2011.10.24 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2011.02.13 19:46:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FTSoftware_FlorianThurnwald_ERSBerlinUpdater
[2010.12.26 01:07:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo
[2011.10.19 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2011.07.27 10:13:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2011.10.23 01:19:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Meridian93
[2010.08.11 20:55:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2010.12.18 23:02:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PeerNetworking
[2011.01.22 01:10:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlayFirst
[2011.10.20 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Playrix Entertainment
[2011.09.21 15:27:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDISC
[2011.10.05 04:47:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung
[2011.02.13 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Subversion
[2011.04.25 14:56:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\temp
[2011.05.10 18:54:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TerraTec
[2011.10.21 00:49:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Tropico 3
[2010.11.27 01:02:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2011.10.15 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\updatetool
[2010.12.01 13:26:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Urroo
[2011.05.06 00:32:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Usyl
[2011.01.30 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vodafone
[2011.05.30 18:30:42 | 000,000,000 | -HSD | M] -- C:\Users\*****\AppData\Roaming\wyUpdate AU
[2010.12.26 17:13:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zylom
[2011.10.25 03:06:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010.06.09 20:22:17 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.09 20:50:02 | 000,000,000 | ---D | M] -- C:\Acer
[2010.06.10 05:49:51 | 000,000,000 | ---D | M] -- C:\Book
[2008.02.06 01:25:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2010.06.09 20:29:48 | 000,000,000 | ---D | M] -- C:\CLSetup
[2011.10.24 01:41:55 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.09 20:16:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.09 20:57:34 | 000,000,000 | ---D | M] -- C:\Elements
[2011.10.15 22:28:35 | 000,000,000 | ---D | M] -- C:\glassfish3
[2008.04.30 09:21:30 | 000,000,000 | ---D | M] -- C:\Intel
[2008.05.07 19:46:17 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.12.27 23:43:11 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.25 02:41:03 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.25 02:41:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.09 20:16:29 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.25 03:17:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.02 23:45:43 | 000,000,000 | ---D | M] -- C:\Temp
[2010.06.09 20:19:58 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.05 22:50:31 | 000,000,000 | ---D | M] -- C:\Windows
[2011.10.20 23:56:16 | 000,000,000 | ---D | M] -- C:\Zylom Games

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-23 02:32:05

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60

< End of report >

Die Extra.txt, Gmer.txt und der bereits erwähnte Screenshot, sind im Anhang.

Ich hoffe ich habe nichts vergessen.
Ich sitze jetzt seit 02:00 Uhr vor dem PC um alle Logfiles zu erstellen

.

Danke

Timme

markusg · 25.10.2011, 11:43

hiho
wieso fehlt bei deinem windows das servicepack 2?
schaun wir uns die dll gleich mal an.

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [vasja] C:\Users\*****\AppData\Local\Temp\wpbt0.dll ()
:Files
C:\Users\*****\AppData\Local\Temp\wpbt0.dll
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

Timme92 · 25.10.2011, 17:34

Hallo,

ich hab jetzt folgendes Problem.
Ich habe meinen Laptop nun Hochgefahren und jetzt zeigt Malwarebytes an das der bösartige Prozess unterbunden wurde.
Jetzt werde ich gefragt ob ich ihn in Quarantäne verschieben möchte.
Habe jetzt noch nichts weiter unternommen, also auch nicht den Schritt von markusg und das Fenster von Malwarebytes ist auch noch offen was soll ich tun? (Screenshot im Anhang)

Danke

Timme92

markusg · 25.10.2011, 17:35

in quarantäne, dann weiter mit script und upload

Timme92 · 25.10.2011, 17:38

Soll ich auch die Antivieren/Antimalware Programme schließen oder einfach nur die Programme wie Firefox etc.?

markusg · 25.10.2011, 17:39

alle programme

Timme92 · 25.10.2011, 17:47

Nun Folgendes

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
File C:\Users\*****\AppData\Local\Temp\wpbt0.dll not found.
========== FILES ==========
File\Folder C:\Users\*****\AppData\Local\Temp\wpbt0.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 75 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: *****
->Flash cache emptied: 125478 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: *****
->Temp folder emptied: 218750885 bytes
->Temporary Internet Files folder emptied: 82948144 bytes
->Java cache emptied: 17732243 bytes
->FireFox cache emptied: 70536182 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 635309 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 373,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 10252011_184231

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg · 25.10.2011, 18:00

kannst du mir die Malwarebytes meldung mal als text posten, nicht als bild.

Timme92 · 25.10.2011, 18:06

Ja klar mache ich:

Zitat:

Malwarebytes' Anti-Malware hat den Ausführungsversuch eines bösartigem Prozess festgestellt und dessenAusführung unterbunden. Bitte wählen Sie eine der folgenden Optionen aus.

C:\USERS\*****\APPDATA\LOCAL\TEMP\WPBT0.DLL
(EXPLOID.DROP)

markusg · 25.10.2011, 18:07

ok, danke.
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Timme92 · 25.10.2011, 18:45

So Combofix log sieht wie folgt aus:

Code:

ATTFilter

ComboFix 11-10-25.03 - ***** 25.10.2011  19:22:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1981 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\*****\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\users\*****\AppData\Roaming\Usyl
c:\users\*****\AppData\Roaming\Usyl\myot.myp
c:\users\*****\AppData\Roaming\Usyl\myot.tmp
c:\users\*****\AUTORUN.INF
c:\windows\system32\muzapp.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-25 bis 2011-10-25  ))))))))))))))))))))))))))))))
.
.
2011-10-25 17:33 . 2011-10-25 17:33	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF32403-40C3-4A45-81E9-91598921B450}\offreg.dll
2011-10-25 17:32 . 2011-10-25 17:34	--------	d-----w-	c:\users\*****\AppData\Local\temp
2011-10-25 17:32 . 2011-10-25 17:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-25 16:42 . 2011-10-25 16:42	--------	d-----w-	C:\_OTL
2011-10-25 16:32 . 2011-10-25 16:32	--------	d-----w-	c:\users\*****\MalwarebytesScreen
2011-10-25 01:11 . 2011-10-25 04:10	--------	d-----w-	c:\users\*****\Logs+bild
2011-10-25 00:41 . 2011-10-25 00:41	--------	d-----w-	c:\users\*****\AppData\Roaming\Malwarebytes
2011-10-25 00:41 . 2011-10-25 00:41	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-25 00:41 . 2011-10-25 00:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-25 00:41 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-25 00:14 . 2011-10-25 04:12	--------	d-----w-	c:\programdata\SecTaskMan
2011-10-25 00:14 . 2011-10-25 00:14	--------	d-----w-	c:\program files\Security Task Manager
2011-10-24 18:30 . 2011-10-24 18:30	--------	d-----w-	c:\users\*****\AppData\Local\PunkBuster
2011-10-23 23:45 . 2011-10-23 23:45	--------	d-----w-	c:\users\*****\AppData\Roaming\Apple Computer
2011-10-23 23:45 . 2011-10-23 23:45	--------	d-----w-	c:\users\*****\AppData\Local\Apple Computer
2011-10-23 23:38 . 2011-10-23 23:38	--------	d-----w-	c:\program files\Artisteer 3
2011-10-23 02:29 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF32403-40C3-4A45-81E9-91598921B450}\mpengine.dll
2011-10-22 23:19 . 2011-10-22 23:19	--------	d-----w-	c:\programdata\Meridian93
2011-10-22 23:19 . 2011-10-22 23:19	--------	d-----w-	c:\users\*****\AppData\Roaming\Meridian93
2011-10-22 23:18 . 2011-10-22 23:19	--------	d-----w-	c:\program files\Ask.com
2011-10-22 23:17 . 2011-10-22 23:17	--------	d-----w-	c:\program files\MyPlayCity.com
2011-10-20 00:56 . 2011-10-20 00:56	--------	d-----w-	c:\users\*****\AppData\Local\JollyBear
2011-10-20 00:56 . 2011-10-20 00:56	--------	d-----w-	c:\programdata\JollyBear
2011-10-19 23:54 . 2011-10-19 23:54	--------	d-----w-	c:\users\*****\AppData\Roaming\Playrix Entertainment
2011-10-19 23:44 . 2011-10-19 23:44	--------	d-----w-	c:\users\*****\AppData\Roaming\Colibri Games
2011-10-19 23:44 . 2011-10-19 23:44	--------	d-----w-	c:\programdata\Colibri Games
2011-10-19 23:36 . 2011-10-20 21:56	--------	d-----w-	C:\Zylom Games
2011-10-19 23:35 . 2011-10-20 21:56	--------	d-----w-	c:\program files\RealArcade
2011-10-19 23:33 . 2011-10-19 23:33	--------	d-----w-	c:\programdata\Zylom
2011-10-19 23:33 . 2011-10-19 23:33	--------	d-----w-	c:\program files\Zylom Games
2011-10-19 23:33 . 2009-10-23 13:01	102400	----a-w-	c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
2011-10-19 23:30 . 2011-10-19 23:30	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-19 00:10 . 2011-10-19 00:10	--------	d-----w-	c:\program files\Eidos Interactive
2011-10-18 23:11 . 2011-10-18 23:11	--------	d-----w-	c:\users\*****\AppData\Roaming\casanova
2011-10-18 22:11 . 2011-10-20 00:55	--------	d-----w-	c:\program files\DEUTSCHLAND SPIELT
2011-10-18 22:10 . 2011-10-18 22:10	--------	d-----w-	c:\program files\OXXOGames
2011-10-16 12:45 . 2011-10-16 12:45	--------	d-----w-	c:\users\*****\.thumbnails
2011-10-15 22:20 . 2011-10-15 22:20	--------	d-----w-	c:\users\*****\Apps
2011-10-15 21:29 . 2011-10-15 22:24	--------	d-----w-	c:\users\*****\.android
2011-10-15 21:29 . 2011-10-16 03:23	--------	d-----w-	c:\program files\Android
2011-10-15 21:21 . 2011-10-15 22:39	--------	d-----w-	c:\users\*****\workspace
2011-10-15 21:18 . 2011-10-15 21:18	--------	d-----w-	c:\program files\Common Files\Java
2011-10-15 20:32 . 2011-10-15 20:32	--------	d-----w-	c:\users\*****\AppData\Roaming\updatetool
2011-10-15 20:25 . 2011-10-15 20:28	--------	d-----w-	C:\glassfish3
2011-10-15 18:01 . 2011-10-15 18:01	--------	d-----w-	c:\users\*****\.appinventor
2011-10-05 02:51 . 2011-08-25 04:43	77624	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2011-10-05 02:51 . 2011-08-25 04:43	181432	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2011-10-05 02:49 . 2011-09-16 09:54	821824	----a-w-	c:\windows\system32\dgderapi.dll
2011-10-05 02:49 . 2011-09-16 09:54	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2011-10-05 02:49 . 2011-09-16 09:54	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2011-10-01 13:08 . 2011-10-01 13:08	--------	d-----w-	c:\program files\Common Files\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 21:17 . 2010-06-16 17:22	544656	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-16 09:55 . 2011-09-02 21:07	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-09-16 09:54 . 2011-09-16 09:54	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-09-16 09:54 . 2011-09-16 09:54	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-09-16 09:54 . 2011-09-16 09:54	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-09-30 12:37 . 2011-03-27 15:07	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-06-09 18:55	157168	----a-w-	c:\programdata\Partner\partner.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29	1490312	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-09 68856]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" silent loginmode=4
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"MobileConnect"=%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"PLFSetI"=c:\windows\PLFSetI.exe
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-18 30312]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-08-25 77624]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-06-30 9216]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-18 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-18 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-18 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-07-18 114280]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-08-25 181432]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-08-18 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-08-18 105088]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-05-31 1052480]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 19:26]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 19:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0610&m=aspire_5930
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\obhiaoc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Hospital - c:\windows\unin0407.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(868)
c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-25  19:40:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-25 17:40
.
Vor Suchlauf: 6.656.610.304 Bytes frei
Nach Suchlauf: 6.775.123.968 Bytes frei
.
- - End Of File - - FBD5F1818325144F90C071E54436A28C

markusg · 25.10.2011, 19:01

nutzt du den pc für banking, einkäufe oder ähnliches? sensible daten etc.

Timme92 · 25.10.2011, 19:03

Ja leider. Habe seit dem vorfall aber nichts mehr abgewickelt.

markusg · 25.10.2011, 19:07

hi, auf dem pc ist ein zbot trojaner, der hat es auf solche daten abgesehen.
da man nie sicher sagen kann das ne bereinigung klappt, solltest du daten, wie fotos, musik texte und vidios sichern, auf nen externen datenträger, und dann formatieren, falls anleitung benötigt, bekommst du diese.
dann erkläre ich dir, wie du das system absicherst, auch etwas zu sicherem onlinebanking.
du musst danach, nach dem neu aufsetzen, alle passwörter endern.

Timme92 · 25.10.2011, 19:12

Ja okay. Ich esse jetzt kurz zu Abend.
Wenn ich die Daten sichere kann es passieren das der sich dort dran hängt?
Ich habe beim Kauf des Laptops keine Win-Cd mitgeliefert bekommen. Habe jetzt nur das Recoverie Tool von Acer.

25.10.2011, 17:35	#4
markusg /// Malware-holic	Bundespolizei Virus/wpbt0.dll in quarantäne, dann weiter mit script und upload __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

25.10.2011, 17:39	#6
markusg /// Malware-holic	Bundespolizei Virus/wpbt0.dll alle programme __________________ --> Bundespolizei Virus/wpbt0.dll

25.10.2011, 18:00	#8
markusg /// Malware-holic	Bundespolizei Virus/wpbt0.dll kannst du mir die Malwarebytes meldung mal als text posten, nicht als bild. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

25.10.2011, 19:01	#12
markusg /// Malware-holic	Bundespolizei Virus/wpbt0.dll nutzt du den pc für banking, einkäufe oder ähnliches? sensible daten etc. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Bundespolizei Virus/wpbt0.dll

Log-Analyse und Auswertung: Bundespolizei Virus/wpbt0.dll