winupd.exe Virus?

Es19 · 11/10/2010, 17:27

Nein. Benutze zunächst lieber das Kaspersky Virus-Removal-Tool.

Das leistet sehr gute Arbeit. Dann weiter im Text.

~~Tazaki~~ · 11/10/2010, 17:58

Quote:

Originally Posted by Es19

Nein. Benutze zunächst lieber das Kaspersky Virus-Removal-Tool.

Das leistet sehr gute Arbeit. Dann weiter im Text.

Alles nochmal (inklusive OTL mit deinem Text) oder nur Schritt 2 (Statt Combofix, das Kaspersky) + Scan?

Es19 · 11/10/2010, 18:42

Nur Schritt 2 nochmals machen, OTL-Log das du in Schritt 1 gemacht hast posten.

~~Tazaki~~ · 11/10/2010, 18:59

Quote:

Originally Posted by Es19

Nur Schritt 2 nochmals machen, OTL-Log das du in Schritt 1 gemacht hast posten.

Quote:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\Audio HD Driver deleted successfully.
C:\Windows\SysNative\winupd.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Niki
->Temp folder emptied: 914315974 bytes
->Temporary Internet Files folder emptied: 348333122 bytes
->Java cache emptied: 1794929 bytes
->FireFox cache emptied: 101538075 bytes
->Opera cache emptied: 751353 bytes
->Flash cache emptied: 103576 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 880305 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35222831 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50233 bytes
RecycleBin emptied: 24625100677 bytes

Total Files Cleaned = 24.822,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.9.1 log created on 11092010_194047

Files\Folders moved on Reboot...
C:\Users\Niki\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2900.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Das da?

Es19 · 11/10/2010, 20:12

einen quick scan.

~~Tazaki~~ · 11/10/2010, 21:12

Spoiler

Quote:

OTL logfile created on: 10.11.2010 21:07:49 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Niki\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 73,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,07 Gb Total Space | 279,82 Gb Free Space | 47,91% Space Free | Partition Type: NTFS
Drive D: | 529,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIKI-PC
Current User Name: Niki
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.10.02 14:39:32 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.18 10:35:06 | 000,015,320 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
PRC - [2010.09.18 10:35:02 | 000,923,096 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\firefox.exe
PRC - [2010.09.07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.08.11 21:13:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Niki\Downloads\OTL.exe
PRC - [2010.05.20 23:39:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.05.20 23:39:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.05.20 23:39:38 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.05.20 22:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.03.11 14:21:51 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.01 23:56:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.02.25 15:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 15:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 15:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.12 15:15:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.12.24 02:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.12.02 09:02:28 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2009.11.06 02:51:20 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009.10.23 04:35:08 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.10.23 04:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.10.01 13:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- C:\Users\Niki\Desktop\Virus Removal Tool\setup_9.0.0.722_10.11.2010_18-12\setup_9.0.0.722_10.11.2010_18-12.exe
PRC - [2009.09.30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.02.19 03:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.10.16 13:28:42 | 000,801,544 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\LU\LogitechUpdate.e xe
PRC - [2008.10.16 13:28:28 | 000,300,296 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\LU\LuLnchr.exe
PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.04.30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

========== Modules (SafeList) ==========

MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll
MOD - [2010.08.11 21:13:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Niki\Downloads\OTL.exe
MOD - [2009.07.14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr 80.dll
MOD - [2009.02.19 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.04.30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.05.31 21:08:48 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.03.02 17:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.10.02 14:39:32 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.31 21:10:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.20 23:39:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.05.20 23:39:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.05.20 23:39:38 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.05.20 22:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.04.27 15:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.30 10:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.02.25 15:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.12 15:15:24 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.12.02 09:02:28 | 000,305,448 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2009.11.06 02:51:20 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2009.11.06 02:50:50 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2009.09.30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.02.18 23:39:26 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.09.07 15:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.05.20 23:40:18 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.05.20 23:40:12 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.05.20 23:38:28 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.05.20 23:38:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.05.20 22:40:12 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.05.20 20:19:18 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.05.20 20:19:18 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.05.16 15:46:10 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2010.04.19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.02 17:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.02 16:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.11 04:01:12 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.01.28 03:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.19 00:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.15 17:51:20 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.15 17:51:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 17:51:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.05 17:55:04 | 001,580,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.15 01:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\55783052.sys -- (55783052)
DRV:64bit: - [2009.10.09 22:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\5578305.sys -- (setup_9.0.0.722_10.11.2010_18-12drv)
DRV:64bit: - [2009.09.25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\55783051.sys -- (55783051)
DRV:64bit: - [2009.09.17 13:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.27 06:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.07 23:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.12.18 22:47:18 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.12.18 22:47:10 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.02.05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2010.04.27 15:41:34 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010.02.25 17:32:54 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/22 09:11:56] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl -- ({6E090BD5-4EF5-4bf0-A968-74049E88E935})
DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://ecosia.org/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: :20100720
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: :3.6.1
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.16 22:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.16 22:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\components [2010.10.16 22:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\components [2010.10.16 22:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010.11.10 19:27:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins

[2010.05.06 16:04:58 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\mozilla\Extensions
[2010.11.06 10:27:22 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions
[2010.05.19 12:22:07 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010.06.06 12:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.11 23:01:57 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010.07.16 12:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.19 15:30:50 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010.11.03 17:57:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.04 18:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.06.09 12:22:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.29 00:24:22 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\[email protected] e
[2010.05.19 12:14:09 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\
[2010.07.29 00:24:22 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\staged-xpis
[2010.06.29 15:59:02 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Prof iles\jf5otup1.default\extensions\ u.edu
[2010.05.19 15:31:33 | 000,002,354 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\Mozilla\FireFox\Prof iles\jf5otup1.default\searchplugins\ecosia.xml
[2010.11.06 10:37:27 | 000,001,056 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\Mozilla\FireFox\Prof iles\jf5otup1.default\searchplugins\icqplugin.xml
[2010.08.12 18:06:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.11 23:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.12 10:33:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.29 18:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.29 18:47:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.29 18:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.29 18:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.29 18:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.11.09 19:42:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805 .1910\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HWID.exe] C:\Users\Niki\AppData\Roaming\Sysutils_Update\HWID .exe (Application Tool)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - Startup: C:\Users\Niki\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\setup_9.0.0.722_10.11.2010_1 8-12.lnk = C:\Users\Niki\Desktop\Virus Removal Tool\setup_9.0.0.722_10.11.2010_18-12\startup.exe ()
O4 - Startup: C:\Users\Niki\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Niki\AppData\Roaming\DVDVideoSoftIEHelper s\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Niki\AppData\Roaming\DVDVideoSoftIEHelper s\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll (Google Inc.)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Niki\AppData\Roaming\DVDVideoSoftIEHelper s\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Niki\AppData\Roaming\DVDVideoSoftIEHelper s\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.23 12:22:37 | 001,003,520 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.09.14 14:14:39 | 000,000,235 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4143caa8-4dd9-11df-8e56-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4143caa8-4dd9-11df-8e56-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2005.09.23 12:22:37 | 001,003,520 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4143caa8-4dd9-11df-8e56-806e6f6e6963}\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005.05.26 23:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{4143caa8-4dd9-11df-8e56-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe -- [2005.09.26 20:16:28 | 000,253,952 | R--- | M] ()
O33 - MountPoints2\{56733e46-5f6c-11df-ac6f-c80aa955cc36}\Shell - "" = AutoRun
O33 - MountPoints2\{56733e46-5f6c-11df-ac6f-c80aa955cc36}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\{61a28547-6bbd-11df-ac7f-c80aa955cc36}\Shell - "" = AutoRun
O33 - MountPoints2\{61a28547-6bbd-11df-ac7f-c80aa955cc36}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\{8aac21e6-6010-11df-8810-c80aa955cc36}\Shell - "" = AutoRun
O33 - MountPoints2\{8aac21e6-6010-11df-8810-c80aa955cc36}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\{f6b30a94-619e-11df-8984-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f6b30a94-619e-11df-8984-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fc8e4d3d-60cb-11df-a57a-c80aa955cc36}\Shell - "" = AutoRun
O33 - MountPoints2\{fc8e4d3d-60cb-11df-a57a-c80aa955cc36}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2005.09.26 20:16:28 | 000,253,952 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.11.10 20:56:03 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Roaming\Bilder
[2010.11.10 19:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
[2010.11.10 19:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.11.10 19:00:23 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\5578305.sys
[2010.11.10 19:00:23 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\55783051.sys
[2010.11.10 19:00:23 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\55783052.sys
[2010.11.10 19:00:22 | 000,000,000 | ---D | C] -- C:\Users\Niki\Desktop\Virus Removal Tool
[2010.11.09 19:54:32 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010.11.09 19:40:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.11.07 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Roaming\Sysutils_Update
[2010.11.06 12:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.11.04 15:20:14 | 000,000,000 | ---D | C] -- C:\Users\Niki\Desktop\Harbóreo v3
[2010.10.31 10:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eDgMt2
[2010.10.30 21:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CustoPackTools
[2010.10.30 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CustoPackTools
[2010.10.29 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Roaming\mquadr.at
[2010.10.29 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Local\mquadr.at
[2010.10.29 17:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at
[2010.10.29 17:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\m2backup
[2010.10.29 17:22:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE1CDDDC-29FB-4BCF-94A4-B8339595BAB7}
[2010.10.29 17:22:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0B1855D9-8D06-4BE1-B93C-7EFA1D0C3E32}
[2010.10.29 15:46:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{29558F44-C67B-4F2C-99E0-F1CE2AE1F960}
[2010.10.29 15:46:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{392ECEAB-FD15-485B-8C44-C2C591EDECB5}
[2010.10.29 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A1 Telekom Austria
[2010.10.29 15:46:11 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Local\PackageAware
[2010.10.26 12:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minecraft
[2010.10.24 13:02:00 | 000,000,000 | ---D | C] -- C:\Users\Niki\Documents\Stronghold Legends
[2010.10.23 22:10:05 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Roaming\.minecraft
[2010.10.23 20:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasFan Games
[2010.10.23 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Roaming\ScummVM
[2010.10.23 19:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScummVM
[2010.10.16 22:10:27 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.10.16 22:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.10.16 22:10:27 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.10.16 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.10.16 22:07:54 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.10.16 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.10.10 13:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2010.10.09 23:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.10.08 13:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\neo Software Produktions GmbH
[2010.10.05 18:16:13 | 000,000,000 | ---D | C] -- C:\Users\Niki\Documents\UseNeXT
[2010.10.05 18:16:12 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Roaming\UseNeXT
[2010.10.05 18:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT
[2010.10.02 14:59:43 | 000,000,000 | ---D | C] -- C:\Users\Niki\Documents\BFBC2
[2010.10.02 14:59:35 | 000,000,000 | RH-D | C] -- C:\Users\Niki\AppData\Roaming\SecuROM
[2010.10.01 23:03:51 | 000,468,480 | ---- | C] (Oracle) -- C:\Windows\SysNative\deployJava1.dll
[2010.10.01 23:03:51 | 000,183,296 | ---- | C] (Oracle) -- C:\Windows\SysNative\javaws.exe
[2010.10.01 23:03:51 | 000,165,888 | ---- | C] (Oracle) -- C:\Windows\SysNative\javaw.exe
[2010.10.01 23:03:51 | 000,165,888 | ---- | C] (Oracle) -- C:\Windows\SysNative\java.exe
[2010.10.01 23:03:22 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.09.28 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Local\Microsoft Games
[2010.09.24 16:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWicons Lite
[2010.09.23 21:36:39 | 000,000,000 | ---D | C] -- C:\Users\Niki\Documents\Stardock
[2010.09.22 20:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyBrute
[2010.09.21 14:11:31 | 000,506,368 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2010.09.21 14:09:09 | 000,000,000 | ---D | C] -- C:\Users\Niki\Documents\Rainmeter
[2010.09.21 14:09:09 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Roaming\Rainmeter
[2010.09.21 14:07:02 | 000,000,000 | ---D | C] -- C:\Programme\Rainmeter
[2010.09.18 10:52:00 | 000,000,000 | ---D | C] -- C:\Users\Niki\AppData\Local\Electronic_Arts_Inc
[2010.09.18 10:51:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.09.18 10:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.09.18 10:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.09.13 19:01:43 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.09.06 15:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.09.06 15:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.09.06 15:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.09.06 15:10:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010.09.06 14:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech Touch Mouse Server
[2010.09.05 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4

========== Files - Modified Within 90 Days ==========

[2010.11.10 21:10:05 | 004,456,448 | -HS- | M] () -- C:\Users\Niki\NTUSER.DAT
[2010.11.10 21:07:22 | 001,506,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.10 21:07:22 | 000,658,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.10 21:07:22 | 000,619,366 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.10 21:07:22 | 000,131,932 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.10 21:07:22 | 000,108,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.10 21:04:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.10 21:04:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.10 21:00:31 | 000,000,468 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_10.11.2010_18-12drv.spi
[2010.11.10 20:57:28 | 000,000,430 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010.11.10 20:55:38 | 000,000,248 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\Autorun.vbs
[2010.11.10 20:55:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.10 20:55:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.11.10 20:54:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.10 20:54:42 | 2094,395,391 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.10 20:53:45 | 018,425,023 | -H-- | M] () -- C:\Users\Niki\AppData\Local\IconCache.db
[2010.11.10 20:31:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.10 19:27:01 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 7.lnk
[2010.11.10 19:01:12 | 000,002,239 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\setup_9.0.0.722_10.11.2010_1 8-12.lnk
[2010.11.09 19:51:15 | 003,906,966 | ---- | M] () -- C:\Users\Niki\Desktop\ComboFix.exe
[2010.11.09 19:42:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010.10.31 15:47:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.10.31 15:47:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.24 13:10:11 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2010.10.13 18:44:31 | 005,947,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.11 14:43:24 | 000,573,188 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.10 19:03:17 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.10.10 19:03:17 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.10.10 19:03:17 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.10.08 13:12:10 | 000,000,304 | ---- | M] () -- C:\Windows\DieVölker.ini
[2010.10.02 14:39:32 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.10.02 14:39:32 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.01 23:11:09 | 000,003,072 | ---- | M] () -- C:\Windows\SysNative\brute.db
[2010.10.01 23:03:28 | 000,183,296 | ---- | M] (Oracle) -- C:\Windows\SysNative\javaws.exe
[2010.10.01 23:03:28 | 000,165,888 | ---- | M] (Oracle) -- C:\Windows\SysNative\javaw.exe
[2010.10.01 23:03:28 | 000,165,888 | ---- | M] (Oracle) -- C:\Windows\SysNative\java.exe
[2010.10.01 23:03:26 | 000,468,480 | ---- | M] (Oracle) -- C:\Windows\SysNative\deployJava1.dll
[2010.09.22 21:33:56 | 000,002,060 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.09.20 18:30:40 | 000,407,496 | ---- | M] () -- C:\Users\Niki\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.08 16:44:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.09.07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.09.07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.09.07 15:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.09.07 15:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.09.07 15:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.09.07 15:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.09.07 15:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2010.11.10 20:59:31 | 000,000,468 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_10.11.2010_18-12drv.spi
[2010.11.10 19:27:01 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 7.lnk
[2010.11.10 19:01:12 | 000,002,239 | ---- | C] () -- C:\Users\Niki\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\setup_9.0.0.722_10.11.2010_1 8-12.lnk
[2010.11.09 19:49:24 | 003,906,966 | ---- | C] () -- C:\Users\Niki\Desktop\ComboFix.exe
[2010.11.07 16:01:56 | 000,000,248 | ---- | C] () -- C:\Users\Niki\AppData\Roaming\Autorun.vbs
[2010.10.10 13:31:32 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.10.10 13:31:32 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.10.10 13:31:32 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.10.08 13:12:10 | 000,000,304 | ---- | C] () -- C:\Windows\DieVölker.ini
[2010.10.02 14:39:32 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.10.01 23:05:24 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\brute.db
[2010.09.22 21:33:56 | 000,002,060 | ---- | C] () -- C:\Users\Niki\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.08.13 10:56:50 | 000,573,188 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.07.15 21:21:49 | 000,000,336 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010.06.17 16:43:46 | 001,504,288 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.06.17 16:04:10 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.05.31 13:15:41 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010.05.27 16:18:17 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.05.23 21:32:42 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010.04.22 07:55:43 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010.04.22 07:55:43 | 000,000,669 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.04.22 07:55:43 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010.05.06 16:39:27 | 000,000,000 | -HSD | M] -- C:\Users\Niki\AppData\Roaming\.#
[2010.10.27 12:10:45 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\.minecraft
[2010.11.10 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Bilder
[2010.07.16 12:16:38 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\DVDVideoSoftIEHelper s
[2010.05.06 16:39:05 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\GameConsole
[2010.07.01 20:48:33 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Hellogramming
[2010.05.12 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\IcoFX
[2010.11.07 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\ICQ
[2010.07.01 20:41:55 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\JumplistExtender
[2010.05.28 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Leadertech
[2010.10.29 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\mquadr.at
[2010.05.29 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Octoshape
[2010.05.08 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\OpenOffice.org
[2010.06.16 17:25:14 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Opera
[2010.09.21 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Rainmeter
[2010.10.23 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\ScummVM
[2010.11.07 22:06:25 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Sysutils_Update
[2010.09.21 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\TeamViewer
[2010.11.09 19:52:23 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\TeraCopy
[2010.10.17 16:36:50 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\UseNeXT
[2010.07.28 22:23:43 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
< End of report >

Bitte sehr.

Es19 · 11/11/2010, 17:07

Das sieht doch schonmal ein ganzes Stück besser aus, ich kann den Kaspersky Scan nicht erwarten.

~~Tazaki~~ · 11/11/2010, 18:01

Hier bitte sehr.

Es19 · 11/11/2010, 19:41

Das ist ja schön

Als nächstes müssen wir eine Datei genauer analysieren:

Code:

C:\Users\Niki\AppData\Roaming\Sysutils_Update\HWID .exe (Application Tool)

Sende die bitte über

oder direkt an

Außerdem:

Code:

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0

deutet auf eine deaktivierte Benutzerkontensteuerung hin. Hast du dies getan? Wenn ja, warum?

Das System ist generell nicht ganz auf Vordermann. Wenn du möchtest, können wir das von Grund auf mal aufräumen, optimieren, absichern. Interesse?

~~Tazaki~~ · 11/12/2010, 16:31

Quote:
Originally Posted by Es19
Das ist ja schön

Als nächstes müssen wir eine Datei genauer analysieren:
Code:
C:\Users\Niki\AppData\Roaming\Sysutils_Update\HWID .exe (Application Tool)
Sende die bitte über oder direkt an

Außerdem:
Code:
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
deutet auf eine deaktivierte Benutzerkontensteuerung hin. Hast du dies getan? Wenn ja, warum?

Das System ist generell nicht ganz auf Vordermann. Wenn du möchtest, können wir das von Grund auf mal aufräumen, optimieren, absichern. Interesse?

Also, erstmal ein großes Danke, dass du mir so kompetent geholfen hast (und hoffentlich auch helfen wirst). Dann würde ich gerne etwas für eine Toplevel-Domain spenden, in welcher Form bringt es dir etwas?
Datei wurde geschickt.
Ich glaube nicht, dass ich Benutzerkontosteuerung deaktiviert habe, was würde das machen?
Natürlich würde ich mein System gerne updaten und alles

Es19 · 11/12/2010, 17:25

Und auch ich bedanke mich recht herzlich im Namen meines Teams, es ist schön mit jemandem der kooperativ ist zusammenzuarbeiten.

Eine TLD oder allgemein Spenden würden uns eine bessere Suchmaschinenplatzierung bringen, ein Webhoster sogar eigene Downloads und schließlich den Kauf von Software (für Tutorial-Videos, Forensoftware etc.) ermöglichen.

Die Datei wird untersucht.
Benutzerkontensteuerung sorgt für die Nachfrage, die du z.B. beim starten einer EXE bekommst, du weißt schon, wo der Rest des Bildschirms abgedunkelt wird. Das ist eine nützliche Sicherheitsfunktion, die aber oft abgeschaltet wird, da sie etwas störend sein kann.

Ich erarbeite mal einen Bericht zum weiteren Vorgehen.

~~Tazaki~~ · 11/12/2010, 17:49

Quote:

Originally Posted by Es19

Und auch ich bedanke mich recht herzlich im Namen meines Teams, es ist schön mit jemandem der kooperativ ist zusammenzuarbeiten.

Eine TLD oder allgemein Spenden würden uns eine bessere Suchmaschinenplatzierung bringen, ein Webhoster sogar eigene Downloads und schließlich den Kauf von Software (für Tutorial-Videos, Forensoftware etc.) ermöglichen.

Die Datei wird untersucht.
Benutzerkontensteuerung sorgt für die Nachfrage, die du z.B. beim starten einer EXE bekommst, du weißt schon, wo der Rest des Bildschirms abgedunkelt wird. Das ist eine nützliche Sicherheitsfunktion, die aber oft abgeschaltet wird, da sie etwas störend sein kann.

Ich erarbeite mal einen Bericht zum weiteren Vorgehen.

Aber nützt dir eine Paysafecard oder Paypal oder wie brauchst du das Geld?

Ich glaube nicht, dass ich die Benutzerkontosteuerung absichtlich abgeschaltet habe, aber es stört mich nicht wirklich, dass die Fenster nicht mehr kommen. Von mir aus kann man diese Einstellung, sofern sie kein großes Sicherheitsrisiko ist, so verbleiben.

Es19 · 11/12/2010, 18:03

Paypal ist okay, Link ist auf der Website. (Signatur)

~~Tazaki~~ · 11/12/2010, 18:22

Okay, wird aber noch bissl dauern, da ich mir den Account erst machen muss.

Es19 · 11/12/2010, 20:10

Das ist kein Problem