Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx

XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx


Plagegeister aller Art und deren Bekämpfung: XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.05.2010, 17:05   #1
wladlen
 
XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx - Standard

XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx


Hallo,

es geht um folgende Meldung durch Avira:

"In der Datei 'C:\Users\Artur\AppData\Local\Temp\XX--XX--XX.txt'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.598016' [trojan] gefunden."

Ich habe jetzt schon alles mögliche zu dem Thema gelesen, hab in Google auch einige Posts dazu gefunden, jedoch nichts was mir weiterhelfen kann.
Hier im Forum haben auch ein paar Leute das Problem angesprochen.

Bsp:
http://www.trojaner-board.de/83549-x...rzeichnis.html

jedoch wurde dieser Thread geschlossen, da der User illegale Software benutzte.

hier kam man auch zu keinem Ergebnis:
http://www.trojaner-board.de/80552-t...app-admin.html

Habe auch das hier gefunden:

".xxx files are created as a normal part of the client's operation. they mark that sheep as downloaded and deleted from the client, but not yet from the server."
kann aber damit auch nichts anfangen.

virustotal hat auch nichts ausgespuckt.

Ich hoffe nun, dass mir jemand helfen kann.
Wie beschrieben, befinden sich in meinem Temp Verzeichnis folgende Dateien:

XxX.xXx
UuU.uUu

Beim Versuch sie zu löschen, erstellen sie sich neu. Wenn ich diese mit dem Editor öffne steht nur die aktuelle Uhrzeit drin.

Ich habe jetzt laut Beschreibung CCleaner, Malwarebytes und RSIT ausgeführt.
hier mein Report von Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4068

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.05.2010 15:37:08
mbam-log-2010-05-05 (15-37-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 271189
Laufzeit: 43 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Artur\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Artur\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Artur\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\iexplorer\iexplorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

und die log file von RSIT:

Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by Artur at 2010-05-06 16:49:08
Microsoft Windows 7 Home Premium  
System drive C: has 185 GB (63%) free of 292 GB
Total RAM: 3957 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:10, on 06.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Artur\Desktop\rsit.exe
C:\Program Files (x86)\trend micro\Artur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Audio HD Driver] C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe
O4 - HKCU\..\Run: [HKCU] C:\Windows\iexplorer\iexplorer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA39063-1F7A-4443-BBCB-AEFF48625602}: NameServer = 192.168.178.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12570 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2010-04-16 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"EgisTecLiveUpdate"=C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04 199464]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-10 98304]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-11-02 1094736]
"ArcadeDeluxeAgent"=C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-10-29 419112]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-03-05 1135912]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"AVMWlanClient"=C:\Program Files (x86)\avmwlanstick\wlangui.exe [2009-03-20 1904640]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe [2008-09-24 2254120]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Audio HD Driver"=C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe [2010-05-01 34816]
"HKCU"=C:\Windows\iexplorer\iexplorer.exe [2005-05-24 917504]

C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1c75bc-41ac-11df-a8ab-c417fe688e04}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c919803-40a1-11df-b21a-c417fe688e04}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c919814-40a1-11df-b21a-c417fe688e04}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2114b6cd-431a-11df-b50b-00262d90eb2d}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{383495da-41aa-11df-a984-c417fe688e04}]
shell\AutoRun\command - G:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ed83ed-44f0-11df-a40f-00262d90eb2d}]
shell\AutoRun\command - E:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7edb403c-4e22-11df-83f7-001c4af707fb}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd46bf71-3db7-11df-a304-00262d90eb2d}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-06 16:43:00 ----D---- C:\rsit
2010-05-06 16:43:00 ----D---- C:\Program Files (x86)\trend micro
2010-05-06 15:54:54 ----A---- C:\lopR.txt
2010-05-05 18:27:12 ----D---- C:\Program Files (x86)\CCleaner
2010-05-05 14:46:26 ----D---- C:\Users\Artur\AppData\Roaming\Malwarebytes
2010-05-05 14:46:16 ----D---- C:\ProgramData\Malwarebytes
2010-05-05 14:46:16 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-05-03 16:55:00 ----D---- C:\Program Files (x86)\PokerStars.NET
2010-05-02 21:44:09 ----D---- C:\ProgramData\TrackMania
2010-05-02 21:41:06 ----D---- C:\Program Files (x86)\TmNationsForever
2010-05-02 17:45:37 ----D---- C:\Users\Artur\AppData\Roaming\NetSpeedMonitor
2010-05-02 15:39:33 ----D---- C:\Program Files (x86)\speed-dreams
2010-05-01 18:24:36 ----D---- C:\ProgramData\FarmFrenzy2
2010-04-30 22:28:46 ----D---- C:\Users\Artur\AppData\Roaming\ViquaSoft
2010-04-30 21:28:10 ----D---- C:\Users\Artur\AppData\Roaming\PlayFirst
2010-04-30 21:28:10 ----D---- C:\ProgramData\PlayFirst
2010-04-28 22:49:56 ----D---- C:\Users\Artur\AppData\Roaming\CanuckSoftware
2010-04-28 14:06:43 ----D---- C:\ProgramData\NtiDvdCopy
2010-04-28 13:27:28 ----D---- C:\Users\Artur\AppData\Roaming\eSobi
2010-04-28 11:51:06 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-04-28 11:51:05 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-04-28 11:51:05 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-04-23 12:28:57 ----D---- C:\Users\Artur\AppData\Roaming\Zylom
2010-04-23 12:27:59 ----D---- C:\Users\Artur\AppData\Roaming\install
2010-04-23 09:55:22 ----D---- C:\Users\Artur\AppData\Roaming\SpinTop
2010-04-23 09:45:04 ----D---- C:\Windows\Sun
2010-04-22 14:30:14 ----D---- C:\Users\Artur\AppData\Roaming\InstallShield
2010-04-22 14:19:08 ----D---- C:\Users\Artur\AppData\Roaming\SoftDMA
2010-04-22 14:18:54 ----D---- C:\Users\Artur\AppData\Roaming\CyberLink
2010-04-22 14:18:51 ----D---- C:\Users\Artur\AppData\Roaming\PowerCinema
2010-04-22 12:15:13 ----D---- C:\Users\Artur\AppData\Roaming\Avira
2010-04-21 23:06:39 ----D---- C:\Users\Artur\AppData\Roaming\gtk-2.0
2010-04-21 23:02:23 ----D---- C:\Program Files (x86)\GIMP-2.0
2010-04-21 20:17:00 ----D---- C:\Downloads
2010-04-21 20:16:46 ----D---- C:\Users\Artur\AppData\Roaming\Orbit
2010-04-21 20:16:46 ----D---- C:\Program Files (x86)\Orbitdownloader
2010-04-21 18:20:23 ----D---- C:\Program Files (x86)\hus Struktogrammer
2010-04-21 17:28:25 ----D---- C:\Program Files (x86)\SopCast
2010-04-21 16:36:45 ----D---- C:\Users\Artur\AppData\Roaming\Template
2010-04-20 16:19:51 ----D---- C:\Program Files (x86)\appleJuice
2010-04-20 16:19:51 ----A---- C:\Windows\SysWOW64\TrayIcon12.dll
2010-04-20 16:19:51 ----A---- C:\Windows\SysWOW64\ajnetmask.dll
2010-04-14 20:12:31 ----D---- C:\Users\Artur\AppData\Roaming\Canon
2010-04-14 17:40:33 ----D---- C:\Program Files (x86)\Canon
2010-04-14 17:37:54 ----HD---- C:\ProgramData\CanonBJ
2010-04-14 11:50:24 ----D---- C:\Windows\SQLTools9_KB970892_ENU
2010-04-14 11:49:11 ----D---- C:\Windows\SQL9_KB970892_ENU
2010-04-14 11:40:07 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-04-14 11:40:06 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-04-14 11:40:01 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-04-14 11:40:01 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-04-14 11:39:56 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-04-13 02:02:07 ----A---- C:\Windows\ODBC.INI
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\js
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\images
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\html
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\css
2010-04-13 02:01:49 ----D---- C:\Program Files (x86)\Business Objects
2010-04-13 02:00:49 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2010-04-13 01:57:49 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2010-04-13 01:57:33 ----D---- C:\Program Files (x86)\Microsoft Device Emulator
2010-04-13 01:56:55 ----D---- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
2010-04-13 01:56:30 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-04-13 01:51:09 ----D---- C:\ProgramData\PreEmptive Solutions
2010-04-13 01:48:01 ----D---- C:\Windows\symbols
2010-04-13 01:47:33 ----D---- C:\Windows\SysWOW64\1031
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Microsoft SDKs
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\HTML Help Workshop
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Common Files\Merge Modules
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\CE Remote Tools
2010-04-13 01:44:44 ----D---- C:\Program Files (x86)\Microsoft Web Designer Tools
2010-04-12 22:54:09 ----D---- C:\Users\Artur\AppData\Roaming\Ubisoft
2010-04-12 22:49:05 ----D---- C:\ProgramData\Tages
2010-04-12 22:44:12 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-04-12 22:44:12 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-04-12 22:44:11 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-04-12 22:44:07 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-04-12 22:44:06 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-04-12 22:44:06 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-04-12 22:44:06 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-04-12 22:44:04 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-04-12 22:44:04 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-04-12 22:44:04 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-04-12 22:44:03 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-04-12 22:44:03 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-04-12 22:44:03 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-04-12 22:44:02 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-04-12 22:44:02 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-04-12 22:44:02 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-04-12 22:44:00 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-04-12 22:43:58 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-04-12 22:43:58 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-04-12 22:43:57 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-04-12 22:43:56 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-04-12 22:43:56 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-04-12 22:43:56 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-04-12 22:43:55 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-04-12 22:43:53 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-04-12 22:43:53 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-04-12 22:43:53 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-04-12 22:43:52 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-04-12 22:43:52 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-04-12 22:43:51 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-04-12 22:43:51 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-04-12 22:43:49 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-04-12 22:43:49 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-04-12 22:43:49 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-04-12 22:43:46 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-04-12 22:43:37 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-04-12 22:43:36 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-04-12 22:43:36 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-04-12 22:43:35 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-04-12 22:43:35 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-04-12 22:43:34 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-04-12 22:43:34 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-04-12 22:43:33 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-04-12 22:43:33 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-04-12 22:39:58 ----D---- C:\Program Files (x86)\Ubisoft
2010-04-12 17:18:01 ----D---- C:\Users\Artur\AppData\Roaming\dvdcss
2010-04-11 01:13:32 ----D---- C:\Temp
2010-04-10 23:00:59 ----D---- C:\Program Files (x86)\QS
2010-04-10 23:00:57 ----D---- C:\Users\Artur\AppData\Roaming\TeamViewer
2010-04-09 20:29:55 ----A---- C:\Windows\Podcasts.INI
2010-04-08 22:12:11 ----D---- C:\Program Files (x86)\PixiePack Codec Pack
2010-04-08 22:09:25 ----D---- C:\ProgramData\RapidSolution
2010-04-08 22:09:25 ----D---- C:\Program Files (x86)\RapidSolution
2010-04-08 21:18:59 ----D---- C:\Users\Artur\AppData\Roaming\Nero
2010-04-08 21:08:10 ----D---- C:\Program Files (x86)\Nero
2010-04-08 21:08:04 ----D---- C:\ProgramData\Nero
2010-04-08 21:08:04 ----D---- C:\Program Files (x86)\Common Files\Nero
2010-04-08 18:22:49 ----D---- C:\Program Files (x86)\JDownloader
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\javaws.exe
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\javaw.exe
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\java.exe
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\deploytk.dll
2010-04-08 18:22:22 ----D---- C:\Program Files (x86)\Java
2010-04-08 13:33:49 ----D---- C:\Program Files (x86)\DVDVideoSoft
2010-04-08 13:33:49 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-04-08 00:50:53 ----D---- C:\DockZone 1001 Icon
2010-04-07 21:25:57 ----D---- C:\Program Files (x86)\Stardock
2010-04-07 21:25:57 ----D---- C:\Program Files (x86)\Common Files\Stardock
2010-04-07 17:39:59 ----D---- C:\Program Files (x86)\OpenVPN
2010-04-07 17:10:12 ----D---- C:\Users\Artur\AppData\Roaming\Leadertech
2010-04-07 17:10:12 ----D---- C:\Program Files (x86)\Common Files\LogiShrd
2010-04-07 17:09:16 ----D---- C:\ProgramData\Logishrd
2010-04-07 17:08:42 ----D---- C:\Users\Artur\AppData\Roaming\Logitech
2010-04-07 17:08:42 ----D---- C:\Users\Artur\AppData\Roaming\Logishrd
2010-04-07 16:36:03 ----D---- C:\Users\Artur\AppData\Roaming\GameConsole
2010-04-07 16:35:54 ----SHD---- C:\Users\Artur\AppData\Roaming\.#
2010-04-07 12:52:25 ----D---- C:\ProgramData\Avira
2010-04-07 12:52:25 ----D---- C:\Program Files (x86)\Avira
2010-04-07 12:47:54 ----D---- C:\Users\Artur\AppData\Roaming\vlc
2010-04-07 12:41:32 ----D---- C:\Program Files (x86)\VideoLAN
2010-04-07 12:10:28 ----D---- C:\Program Files (x86)\uTorrent
2010-04-07 12:09:28 ----D---- C:\Users\Artur\AppData\Roaming\uTorrent

======List of files/folders modified in the last 1 months======

2010-05-06 16:43:00 ----RD---- C:\Program Files (x86)
2010-05-06 16:35:58 ----SHD---- C:\System Volume Information
2010-05-06 16:18:55 ----D---- C:\Windows\Temp
2010-05-06 15:31:11 ----AD---- C:\Windows
2010-05-06 15:21:26 ----A---- C:\Windows\SysWOW64\log.txt
2010-05-05 19:56:12 ----RD---- C:\Program Files
2010-05-05 19:56:11 ----D---- C:\Windows\AppCompat
2010-05-05 19:56:10 ----SHD---- C:\Windows\Installer
2010-05-05 19:56:10 ----D---- C:\Windows\Tasks
2010-05-05 19:56:10 ----D---- C:\Windows\SysWOW64\drivers
2010-05-05 19:56:10 ----D---- C:\Windows\SysWOW64
2010-05-05 19:56:10 ----D---- C:\Windows\System32
2010-05-05 19:56:10 ----D---- C:\Windows\registration
2010-05-05 19:56:10 ----D---- C:\Windows\inf
2010-05-05 18:45:43 ----D---- C:\Schwarzer
2010-05-05 18:28:55 ----D---- C:\Windows\debug
2010-05-05 14:46:16 ----HD---- C:\ProgramData
2010-05-04 12:54:49 ----D---- C:\Windows\Prefetch
2010-05-02 21:43:28 ----RSD---- C:\Windows\assembly
2010-05-01 19:24:36 ----AD---- C:\ProgramData\Temp
2010-04-28 14:05:42 ----D---- C:\Windows\Logs
2010-04-28 13:36:52 ----SD---- C:\Users\Artur\AppData\Roaming\Microsoft
2010-04-28 13:28:27 ----D---- C:\ProgramData\eSobi
2010-04-28 12:53:27 ----D---- C:\Windows\winsxs
2010-04-23 12:29:02 ----D---- C:\Users\Artur\AppData\Roaming\Identities
2010-04-23 09:55:28 ----D---- C:\Windows\Downloaded Program Files
2010-04-22 18:45:30 ----D---- C:\Windows\ModemLogs
2010-04-22 14:18:55 ----D---- C:\ProgramData\CyberLink
2010-04-22 14:14:37 ----A---- C:\Windows\PidList.ini
2010-04-22 14:06:44 ----D---- C:\Users\Artur\AppData\Roaming\Skype
2010-04-22 10:55:26 ----D---- C:\Users\Artur\AppData\Roaming\skypePM
2010-04-14 17:39:42 ----RSD---- C:\Windows\Media
2010-04-14 17:37:47 ----D---- C:\Windows\twain_32
2010-04-14 11:53:27 ----D---- C:\ProgramData\Microsoft Help
2010-04-13 18:19:37 ----D---- C:\Windows\Microsoft.NET
2010-04-13 14:20:48 ----D---- C:\ProgramData\Adobe
2010-04-13 14:19:16 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-04-13 01:59:15 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-04-13 01:59:09 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-04-13 01:57:28 ----RSD---- C:\Windows\Fonts
2010-04-13 01:56:30 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-04-13 01:55:06 ----SD---- C:\ProgramData\Microsoft
2010-04-13 01:48:32 ----D---- C:\Program Files (x86)\MSBuild
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Common Files
2010-04-13 00:18:03 ----HD---- C:\MyWinLockerData
2010-04-12 22:39:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-04-12 18:33:23 ----D---- C:\Users\Artur\AppData\Roaming\DivX
2010-04-11 21:57:47 ----D---- C:\Program Files (x86)\avmwlanstick
2010-04-08 11:01:45 ----D---- C:\ProgramData\Partner
2010-04-08 11:01:45 ----D---- C:\Program Files (x86)\Google
2010-04-07 16:24:50 ----D---- C:\ProgramData\Google
2010-04-07 12:27:10 ----RD---- C:\Program Files (x86)\Skype


Ich hoffe ihr könnt mir Helfen

Grüße
Artur

 

Themen zu XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivir guard, avira, bho, bifrose.trace, components, desktop, downloader, excel, firefox, google, gupdate, hijack, hijackthis, home, home premium, iexplorer.exe, installation, lanmanworkstation, launch, local\temp, locker, log file, logfile, malware, malwarebytes' anti-malware, mozilla, mywinlocker, notepad.exe, notification, openvpn, plug-in, policyagent, problem, programdata, programm, registry, security, software, start menu, studio, system, syswow64, trustedinstaller, virus, visual studio, windows 7 home, windows 7 home premium, wlansvc, wrapper, wscript.exe


« Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart | MBR löschen? Windows nicht installierbar! »


Ähnliche Themen: XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem
    Log-Analyse und Auswertung - 07.09.2014 (6)
  3. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  4. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  5. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  6. C:\Users\AS8\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  7. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  8. TR/Sirefef.P.308 in C:\Users\*\AppData\Local\Temp\msimg32.dll
    Log-Analyse und Auswertung - 15.06.2012 (12)
  9. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  10. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  11. Malware in C:\Users\***\AppData\Local\Temp\msdump150auro.tmp
    Log-Analyse und Auswertung - 20.10.2011 (3)
  12. Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX)
    Log-Analyse und Auswertung - 06.06.2011 (44)
  13. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. "Problem beim starten von C:\Users\******\AppData\Local\Temp\mtststrA.dll - Malware?
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (8)
  16. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx - Hallo, es geht um folgende Meldung durch Avira: "In der Datei 'C:\Users\Artur\AppData\Local\Temp\XX--XX--XX.txt' wurde ein Virus oder unerwünschtes Programm 'TR/Agent.598016' [trojan] gefunden." Ich habe jetzt schon alles mögliche zu dem Thema - XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx...
Archiv
Du betrachtest: XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131