Hallo,

es geht um folgende Meldung durch Avira:

"In der Datei 'C:\Users\Artur\AppData\Local\Temp\XX--XX--XX.txt'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.598016' [trojan] gefunden."

Ich habe jetzt schon alles mögliche zu dem Thema gelesen, hab in Google auch einige Posts dazu gefunden, jedoch nichts was mir weiterhelfen kann.
Hier im Forum haben auch ein paar Leute das Problem angesprochen.

Bsp:
http://www.trojaner-board.de/83549-x...rzeichnis.html

jedoch wurde dieser Thread geschlossen, da der User illegale Software benutzte.

hier kam man auch zu keinem Ergebnis:
http://www.trojaner-board.de/80552-t...app-admin.html

Habe auch das hier gefunden:

".xxx files are created as a normal part of the client's operation. they mark that sheep as downloaded and deleted from the client, but not yet from the server."
kann aber damit auch nichts anfangen.

virustotal hat auch nichts ausgespuckt.

Ich hoffe nun, dass mir jemand helfen kann.
Wie beschrieben, befinden sich in meinem Temp Verzeichnis folgende Dateien:

XxX.xXx
UuU.uUu

Beim Versuch sie zu löschen, erstellen sie sich neu. Wenn ich diese mit dem Editor öffne steht nur die aktuelle Uhrzeit drin.

Ich habe jetzt laut Beschreibung CCleaner, Malwarebytes und RSIT ausgeführt.
hier mein Report von Malwarebytes:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4068

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.05.2010 15:37:08
mbam-log-2010-05-05 (15-37-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 271189
Laufzeit: 43 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Artur\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Artur\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Artur\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\iexplorer\iexplorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
         

und die log file von RSIT:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of random's system information tool 1.07 (written by random/random)
Run by Artur at 2010-05-06 16:49:08
Microsoft Windows 7 Home Premium  
System drive C: has 185 GB (63%) free of 292 GB
Total RAM: 3957 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:10, on 06.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Artur\Desktop\rsit.exe
C:\Program Files (x86)\trend micro\Artur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Audio HD Driver] C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe
O4 - HKCU\..\Run: [HKCU] C:\Windows\iexplorer\iexplorer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA39063-1F7A-4443-BBCB-AEFF48625602}: NameServer = 192.168.178.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12570 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2010-04-16 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"EgisTecLiveUpdate"=C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04 199464]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-10 98304]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-11-02 1094736]
"ArcadeDeluxeAgent"=C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-10-29 419112]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-03-05 1135912]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"AVMWlanClient"=C:\Program Files (x86)\avmwlanstick\wlangui.exe [2009-03-20 1904640]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe [2008-09-24 2254120]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Audio HD Driver"=C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe [2010-05-01 34816]
"HKCU"=C:\Windows\iexplorer\iexplorer.exe [2005-05-24 917504]

C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1c75bc-41ac-11df-a8ab-c417fe688e04}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c919803-40a1-11df-b21a-c417fe688e04}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c919814-40a1-11df-b21a-c417fe688e04}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2114b6cd-431a-11df-b50b-00262d90eb2d}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{383495da-41aa-11df-a984-c417fe688e04}]
shell\AutoRun\command - G:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ed83ed-44f0-11df-a40f-00262d90eb2d}]
shell\AutoRun\command - E:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7edb403c-4e22-11df-83f7-001c4af707fb}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd46bf71-3db7-11df-a304-00262d90eb2d}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-06 16:43:00 ----D---- C:\rsit
2010-05-06 16:43:00 ----D---- C:\Program Files (x86)\trend micro
2010-05-06 15:54:54 ----A---- C:\lopR.txt
2010-05-05 18:27:12 ----D---- C:\Program Files (x86)\CCleaner
2010-05-05 14:46:26 ----D---- C:\Users\Artur\AppData\Roaming\Malwarebytes
2010-05-05 14:46:16 ----D---- C:\ProgramData\Malwarebytes
2010-05-05 14:46:16 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-05-03 16:55:00 ----D---- C:\Program Files (x86)\PokerStars.NET
2010-05-02 21:44:09 ----D---- C:\ProgramData\TrackMania
2010-05-02 21:41:06 ----D---- C:\Program Files (x86)\TmNationsForever
2010-05-02 17:45:37 ----D---- C:\Users\Artur\AppData\Roaming\NetSpeedMonitor
2010-05-02 15:39:33 ----D---- C:\Program Files (x86)\speed-dreams
2010-05-01 18:24:36 ----D---- C:\ProgramData\FarmFrenzy2
2010-04-30 22:28:46 ----D---- C:\Users\Artur\AppData\Roaming\ViquaSoft
2010-04-30 21:28:10 ----D---- C:\Users\Artur\AppData\Roaming\PlayFirst
2010-04-30 21:28:10 ----D---- C:\ProgramData\PlayFirst
2010-04-28 22:49:56 ----D---- C:\Users\Artur\AppData\Roaming\CanuckSoftware
2010-04-28 14:06:43 ----D---- C:\ProgramData\NtiDvdCopy
2010-04-28 13:27:28 ----D---- C:\Users\Artur\AppData\Roaming\eSobi
2010-04-28 11:51:06 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-04-28 11:51:05 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-04-28 11:51:05 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-04-23 12:28:57 ----D---- C:\Users\Artur\AppData\Roaming\Zylom
2010-04-23 12:27:59 ----D---- C:\Users\Artur\AppData\Roaming\install
2010-04-23 09:55:22 ----D---- C:\Users\Artur\AppData\Roaming\SpinTop
2010-04-23 09:45:04 ----D---- C:\Windows\Sun
2010-04-22 14:30:14 ----D---- C:\Users\Artur\AppData\Roaming\InstallShield
2010-04-22 14:19:08 ----D---- C:\Users\Artur\AppData\Roaming\SoftDMA
2010-04-22 14:18:54 ----D---- C:\Users\Artur\AppData\Roaming\CyberLink
2010-04-22 14:18:51 ----D---- C:\Users\Artur\AppData\Roaming\PowerCinema
2010-04-22 12:15:13 ----D---- C:\Users\Artur\AppData\Roaming\Avira
2010-04-21 23:06:39 ----D---- C:\Users\Artur\AppData\Roaming\gtk-2.0
2010-04-21 23:02:23 ----D---- C:\Program Files (x86)\GIMP-2.0
2010-04-21 20:17:00 ----D---- C:\Downloads
2010-04-21 20:16:46 ----D---- C:\Users\Artur\AppData\Roaming\Orbit
2010-04-21 20:16:46 ----D---- C:\Program Files (x86)\Orbitdownloader
2010-04-21 18:20:23 ----D---- C:\Program Files (x86)\hus Struktogrammer
2010-04-21 17:28:25 ----D---- C:\Program Files (x86)\SopCast
2010-04-21 16:36:45 ----D---- C:\Users\Artur\AppData\Roaming\Template
2010-04-20 16:19:51 ----D---- C:\Program Files (x86)\appleJuice
2010-04-20 16:19:51 ----A---- C:\Windows\SysWOW64\TrayIcon12.dll
2010-04-20 16:19:51 ----A---- C:\Windows\SysWOW64\ajnetmask.dll
2010-04-14 20:12:31 ----D---- C:\Users\Artur\AppData\Roaming\Canon
2010-04-14 17:40:33 ----D---- C:\Program Files (x86)\Canon
2010-04-14 17:37:54 ----HD---- C:\ProgramData\CanonBJ
2010-04-14 11:50:24 ----D---- C:\Windows\SQLTools9_KB970892_ENU
2010-04-14 11:49:11 ----D---- C:\Windows\SQL9_KB970892_ENU
2010-04-14 11:40:07 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-04-14 11:40:06 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-04-14 11:40:01 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-04-14 11:40:01 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-04-14 11:39:56 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-04-13 02:02:07 ----A---- C:\Windows\ODBC.INI
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\js
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\images
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\html
2010-04-13 02:01:49 ----D---- C:\Windows\SysWOW64\css
2010-04-13 02:01:49 ----D---- C:\Program Files (x86)\Business Objects
2010-04-13 02:00:49 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2010-04-13 01:57:49 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2010-04-13 01:57:33 ----D---- C:\Program Files (x86)\Microsoft Device Emulator
2010-04-13 01:56:55 ----D---- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
2010-04-13 01:56:30 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-04-13 01:51:09 ----D---- C:\ProgramData\PreEmptive Solutions
2010-04-13 01:48:01 ----D---- C:\Windows\symbols
2010-04-13 01:47:33 ----D---- C:\Windows\SysWOW64\1031
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Microsoft SDKs
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\HTML Help Workshop
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Common Files\Merge Modules
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\CE Remote Tools
2010-04-13 01:44:44 ----D---- C:\Program Files (x86)\Microsoft Web Designer Tools
2010-04-12 22:54:09 ----D---- C:\Users\Artur\AppData\Roaming\Ubisoft
2010-04-12 22:49:05 ----D---- C:\ProgramData\Tages
2010-04-12 22:44:12 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-04-12 22:44:12 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-04-12 22:44:11 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-04-12 22:44:10 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-04-12 22:44:09 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-04-12 22:44:08 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-04-12 22:44:07 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-04-12 22:44:06 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-04-12 22:44:06 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-04-12 22:44:06 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-04-12 22:44:05 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-04-12 22:44:04 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-04-12 22:44:04 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-04-12 22:44:04 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-04-12 22:44:03 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-04-12 22:44:03 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-04-12 22:44:03 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-04-12 22:44:02 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-04-12 22:44:02 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-04-12 22:44:02 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-04-12 22:44:00 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-04-12 22:43:58 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-04-12 22:43:58 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-04-12 22:43:57 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-04-12 22:43:56 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-04-12 22:43:56 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-04-12 22:43:56 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-04-12 22:43:55 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-04-12 22:43:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-04-12 22:43:53 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-04-12 22:43:53 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-04-12 22:43:53 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-04-12 22:43:52 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-04-12 22:43:52 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-04-12 22:43:51 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-04-12 22:43:51 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-04-12 22:43:49 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-04-12 22:43:49 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-04-12 22:43:49 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-04-12 22:43:48 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-04-12 22:43:46 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-04-12 22:43:37 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-04-12 22:43:36 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-04-12 22:43:36 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-04-12 22:43:35 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-04-12 22:43:35 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-04-12 22:43:34 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-04-12 22:43:34 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-04-12 22:43:33 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-04-12 22:43:33 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-04-12 22:39:58 ----D---- C:\Program Files (x86)\Ubisoft
2010-04-12 17:18:01 ----D---- C:\Users\Artur\AppData\Roaming\dvdcss
2010-04-11 01:13:32 ----D---- C:\Temp
2010-04-10 23:00:59 ----D---- C:\Program Files (x86)\QS
2010-04-10 23:00:57 ----D---- C:\Users\Artur\AppData\Roaming\TeamViewer
2010-04-09 20:29:55 ----A---- C:\Windows\Podcasts.INI
2010-04-08 22:12:11 ----D---- C:\Program Files (x86)\PixiePack Codec Pack
2010-04-08 22:09:25 ----D---- C:\ProgramData\RapidSolution
2010-04-08 22:09:25 ----D---- C:\Program Files (x86)\RapidSolution
2010-04-08 21:18:59 ----D---- C:\Users\Artur\AppData\Roaming\Nero
2010-04-08 21:08:10 ----D---- C:\Program Files (x86)\Nero
2010-04-08 21:08:04 ----D---- C:\ProgramData\Nero
2010-04-08 21:08:04 ----D---- C:\Program Files (x86)\Common Files\Nero
2010-04-08 18:22:49 ----D---- C:\Program Files (x86)\JDownloader
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\javaws.exe
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\javaw.exe
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\java.exe
2010-04-08 18:22:39 ----N---- C:\Windows\SysWOW64\deploytk.dll
2010-04-08 18:22:22 ----D---- C:\Program Files (x86)\Java
2010-04-08 13:33:49 ----D---- C:\Program Files (x86)\DVDVideoSoft
2010-04-08 13:33:49 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-04-08 00:50:53 ----D---- C:\DockZone 1001 Icon
2010-04-07 21:25:57 ----D---- C:\Program Files (x86)\Stardock
2010-04-07 21:25:57 ----D---- C:\Program Files (x86)\Common Files\Stardock
2010-04-07 17:39:59 ----D---- C:\Program Files (x86)\OpenVPN
2010-04-07 17:10:12 ----D---- C:\Users\Artur\AppData\Roaming\Leadertech
2010-04-07 17:10:12 ----D---- C:\Program Files (x86)\Common Files\LogiShrd
2010-04-07 17:09:16 ----D---- C:\ProgramData\Logishrd
2010-04-07 17:08:42 ----D---- C:\Users\Artur\AppData\Roaming\Logitech
2010-04-07 17:08:42 ----D---- C:\Users\Artur\AppData\Roaming\Logishrd
2010-04-07 16:36:03 ----D---- C:\Users\Artur\AppData\Roaming\GameConsole
2010-04-07 16:35:54 ----SHD---- C:\Users\Artur\AppData\Roaming\.#
2010-04-07 12:52:25 ----D---- C:\ProgramData\Avira
2010-04-07 12:52:25 ----D---- C:\Program Files (x86)\Avira
2010-04-07 12:47:54 ----D---- C:\Users\Artur\AppData\Roaming\vlc
2010-04-07 12:41:32 ----D---- C:\Program Files (x86)\VideoLAN
2010-04-07 12:10:28 ----D---- C:\Program Files (x86)\uTorrent
2010-04-07 12:09:28 ----D---- C:\Users\Artur\AppData\Roaming\uTorrent

======List of files/folders modified in the last 1 months======

2010-05-06 16:43:00 ----RD---- C:\Program Files (x86)
2010-05-06 16:35:58 ----SHD---- C:\System Volume Information
2010-05-06 16:18:55 ----D---- C:\Windows\Temp
2010-05-06 15:31:11 ----AD---- C:\Windows
2010-05-06 15:21:26 ----A---- C:\Windows\SysWOW64\log.txt
2010-05-05 19:56:12 ----RD---- C:\Program Files
2010-05-05 19:56:11 ----D---- C:\Windows\AppCompat
2010-05-05 19:56:10 ----SHD---- C:\Windows\Installer
2010-05-05 19:56:10 ----D---- C:\Windows\Tasks
2010-05-05 19:56:10 ----D---- C:\Windows\SysWOW64\drivers
2010-05-05 19:56:10 ----D---- C:\Windows\SysWOW64
2010-05-05 19:56:10 ----D---- C:\Windows\System32
2010-05-05 19:56:10 ----D---- C:\Windows\registration
2010-05-05 19:56:10 ----D---- C:\Windows\inf
2010-05-05 18:45:43 ----D---- C:\Schwarzer
2010-05-05 18:28:55 ----D---- C:\Windows\debug
2010-05-05 14:46:16 ----HD---- C:\ProgramData
2010-05-04 12:54:49 ----D---- C:\Windows\Prefetch
2010-05-02 21:43:28 ----RSD---- C:\Windows\assembly
2010-05-01 19:24:36 ----AD---- C:\ProgramData\Temp
2010-04-28 14:05:42 ----D---- C:\Windows\Logs
2010-04-28 13:36:52 ----SD---- C:\Users\Artur\AppData\Roaming\Microsoft
2010-04-28 13:28:27 ----D---- C:\ProgramData\eSobi
2010-04-28 12:53:27 ----D---- C:\Windows\winsxs
2010-04-23 12:29:02 ----D---- C:\Users\Artur\AppData\Roaming\Identities
2010-04-23 09:55:28 ----D---- C:\Windows\Downloaded Program Files
2010-04-22 18:45:30 ----D---- C:\Windows\ModemLogs
2010-04-22 14:18:55 ----D---- C:\ProgramData\CyberLink
2010-04-22 14:14:37 ----A---- C:\Windows\PidList.ini
2010-04-22 14:06:44 ----D---- C:\Users\Artur\AppData\Roaming\Skype
2010-04-22 10:55:26 ----D---- C:\Users\Artur\AppData\Roaming\skypePM
2010-04-14 17:39:42 ----RSD---- C:\Windows\Media
2010-04-14 17:37:47 ----D---- C:\Windows\twain_32
2010-04-14 11:53:27 ----D---- C:\ProgramData\Microsoft Help
2010-04-13 18:19:37 ----D---- C:\Windows\Microsoft.NET
2010-04-13 14:20:48 ----D---- C:\ProgramData\Adobe
2010-04-13 14:19:16 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-04-13 01:59:15 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-04-13 01:59:09 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-04-13 01:57:28 ----RSD---- C:\Windows\Fonts
2010-04-13 01:56:30 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-04-13 01:55:06 ----SD---- C:\ProgramData\Microsoft
2010-04-13 01:48:32 ----D---- C:\Program Files (x86)\MSBuild
2010-04-13 01:46:24 ----D---- C:\Program Files (x86)\Common Files
2010-04-13 00:18:03 ----HD---- C:\MyWinLockerData
2010-04-12 22:39:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-04-12 18:33:23 ----D---- C:\Users\Artur\AppData\Roaming\DivX
2010-04-11 21:57:47 ----D---- C:\Program Files (x86)\avmwlanstick
2010-04-08 11:01:45 ----D---- C:\ProgramData\Partner
2010-04-08 11:01:45 ----D---- C:\Program Files (x86)\Google
2010-04-07 16:24:50 ----D---- C:\ProgramData\Google
2010-04-07 12:27:10 ----RD---- C:\Program Files (x86)\Skype
         

Ich hoffe ihr könnt mir Helfen

Grüße
Artur

Hallo und

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 09.05.2010 00:57:58 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Artur\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 179,15 Gb Free Space | 62,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARTUR-PC
Current User Name: Artur
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Artur\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Artur\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (TVICHW32) -- C:\Windows\SysNative\drivers\TVicHW32.sys (EnTech Taiwan)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV - (TVICHW32) -- C:\Windows\SysWOW64\drivers\TVicHW32.sys (EnTech Taiwan)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys (Egis Technology Inc.)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360410l506l0428z1i5t5471d616
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 19:24:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.17 07:51:43 | 000,000,000 | ---D | M]
 
[2010.04.01 17:03:32 | 000,000,000 | ---D | M] -- C:\Users\Artur\AppData\Roaming\mozilla\Extensions
[2010.05.09 00:38:07 | 000,000,000 | ---D | M] -- C:\Users\Artur\AppData\Roaming\mozilla\Firefox\Profiles\36ah0wvl.default\extensions
[2010.04.21 20:21:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Artur\AppData\Roaming\mozilla\Firefox\Profiles\36ah0wvl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.05 19:56:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Artur\AppData\Roaming\mozilla\Firefox\Profiles\36ah0wvl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.14 22:47:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.07 12:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.01.16 03:15:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Audio HD Driver] C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe ()
O4 - HKCU..\Run: [HKCU] C:\Windows\iexplorer\iexplorer.exe (LMiktQx)
O4 - Startup: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c1c75bc-41ac-11df-a8ab-c417fe688e04}\Shell - "" = AutoRun
O33 - MountPoints2\{0c1c75bc-41ac-11df-a8ab-c417fe688e04}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1c919803-40a1-11df-b21a-c417fe688e04}\Shell - "" = AutoRun
O33 - MountPoints2\{1c919803-40a1-11df-b21a-c417fe688e04}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1c919814-40a1-11df-b21a-c417fe688e04}\Shell - "" = AutoRun
O33 - MountPoints2\{1c919814-40a1-11df-b21a-c417fe688e04}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{2114b6cd-431a-11df-b50b-00262d90eb2d}\Shell - "" = AutoRun
O33 - MountPoints2\{2114b6cd-431a-11df-b50b-00262d90eb2d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{383495da-41aa-11df-a984-c417fe688e04}\Shell - "" = AutoRun
O33 - MountPoints2\{383495da-41aa-11df-a984-c417fe688e04}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{65ed83ed-44f0-11df-a40f-00262d90eb2d}\Shell - "" = AutoRun
O33 - MountPoints2\{65ed83ed-44f0-11df-a40f-00262d90eb2d}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found
O33 - MountPoints2\{7edb403c-4e22-11df-83f7-001c4af707fb}\Shell - "" = AutoRun
O33 - MountPoints2\{7edb403c-4e22-11df-83f7-001c4af707fb}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd46bf71-3db7-11df-a304-00262d90eb2d}\Shell - "" = AutoRun
O33 - MountPoints2\{bd46bf71-3db7-11df-a304-00262d90eb2d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.09 00:56:48 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Artur\Desktop\OTL.exe
[2010.05.06 16:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.05.06 16:43:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.05 18:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.05.05 14:46:26 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\Malwarebytes
[2010.05.05 14:46:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.05 14:46:16 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.05 14:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.05 14:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.03 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\PokerStars.NET
[2010.05.03 16:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2010.05.02 21:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.05.02 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\Artur\Documents\TrackMania
[2010.05.02 21:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever
[2010.05.02 17:45:37 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\NetSpeedMonitor
[2010.05.02 15:40:44 | 000,000,000 | ---D | C] -- C:\Users\Artur\Documents\speed-dreams.settings
[2010.05.02 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\speed-dreams
[2010.05.02 15:21:53 | 000,000,000 | ---D | C] -- C:\Programme\NetSpeedMonitor
[2010.05.02 15:09:21 | 000,000,000 | ---D | C] -- C:\Programme\OpenTTD
[2010.05.02 15:08:02 | 000,000,000 | ---D | C] -- C:\Users\Artur\Documents\OpenTTD
[2010.05.01 18:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy2
[2010.04.30 22:28:46 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\ViquaSoft
[2010.04.30 21:28:10 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\PlayFirst
[2010.04.30 21:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2010.04.28 22:49:56 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\CanuckSoftware
[2010.04.28 14:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
[2010.04.28 13:27:28 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\eSobi
[2010.04.28 11:51:05 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.04.28 11:51:05 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.04.28 11:50:54 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010.04.23 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TikGames
[2010.04.23 12:28:57 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\Zylom
[2010.04.23 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\Zylom Games
[2010.04.23 12:27:59 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\install
[2010.04.23 09:55:32 | 000,000,000 | ---D | C] -- C:\Users\Artur\Documents\TikGames
[2010.04.23 09:55:22 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\SpinTop
[2010.04.23 09:45:04 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.22 17:11:03 | 000,029,536 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysWow64\drivers\TVicHW32.sys
[2010.04.22 17:11:03 | 000,021,200 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysNative\drivers\TVicHW32.sys
[2010.04.22 14:32:14 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.04.22 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\InstallShield
[2010.04.22 14:19:13 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\CyberLink
[2010.04.22 14:19:12 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\Acer Arcade Deluxe
[2010.04.22 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\SoftDMA
[2010.04.22 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\PlayMovie
[2010.04.22 14:18:54 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\CyberLink
[2010.04.22 14:18:53 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\PowerCinema
[2010.04.22 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\PowerCinema
[2010.04.22 12:15:13 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\Avira
[2010.04.22 10:47:52 | 000,000,000 | ---D | C] -- C:\Users\Artur\dwhelper
[2010.04.21 23:06:39 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\gtk-2.0
[2010.04.21 23:04:15 | 000,000,000 | ---D | C] -- C:\Users\Artur\.thumbnails
[2010.04.21 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\Artur\Documents\gegl-0.0
[2010.04.21 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\Artur\.gimp-2.6
[2010.04.21 23:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010.04.21 20:17:00 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.04.21 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2010.04.21 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\Orbit
[2010.04.21 18:21:03 | 000,000,000 | ---D | C] -- C:\Programme\hus Struktogrammer
[2010.04.21 18:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hus Struktogrammer
[2010.04.21 18:12:34 | 000,000,000 | ---D | C] -- C:\Users\Artur\Documents\Studium
[2010.04.21 17:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2010.04.21 16:36:45 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\Template
[2010.04.20 20:32:11 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\ElevatedDiagnostics
[2010.04.20 16:23:34 | 000,000,000 | ---D | C] -- C:\Users\Artur\appleJuice
[2010.04.20 16:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\appleJuice
[2010.04.14 20:12:31 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\Canon
[2010.04.14 17:40:33 | 000,000,000 | ---D | C] -- C:\Programme\Canon
[2010.04.14 17:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2010.04.14 17:37:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010.04.14 17:37:47 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2010.04.14 17:37:25 | 000,235,520 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM83.DLL
[2010.04.14 17:37:22 | 000,017,408 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\cnco160.dll
[2010.04.14 17:37:21 | 001,338,368 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNCC160.DLL
[2010.04.14 17:37:21 | 000,090,624 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCL160.DLL
[2010.04.14 17:37:21 | 000,049,664 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNCI160.DLL
[2010.04.14 17:37:16 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ
[2010.04.14 11:52:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2010.04.14 11:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SQLTools9_KB970892_ENU
[2010.04.14 11:49:11 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010.04.14 11:40:07 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.14 11:40:07 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.04.14 11:40:06 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.04.14 11:40:01 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.04.14 11:40:01 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.04.14 11:40:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.14 11:40:01 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.14 11:39:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.14 11:39:56 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.13 02:04:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2010.04.13 02:03:16 | 000,000,000 | ---D | C] -- C:\Programme\Business Objects
[2010.04.13 02:01:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\js
[2010.04.13 02:01:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\images
[2010.04.13 02:01:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\html
[2010.04.13 02:01:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\css
[2010.04.13 02:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2010.04.13 01:57:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server
[2010.04.13 01:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010.04.13 01:57:33 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Device Emulator
[2010.04.13 01:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Device Emulator
[2010.04.13 01:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
[2010.04.13 01:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010.04.13 01:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2010.04.13 01:48:01 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010.04.13 01:47:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031
[2010.04.13 01:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2010.04.13 01:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2010.04.13 01:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010.04.13 01:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2010.04.13 01:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CE Remote Tools
[2010.04.13 01:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Designer Tools
[2010.04.13 01:43:44 | 000,000,000 | ---D | C] -- C:\Users\Artur\Documents\Visual Studio 2008
[2010.04.13 01:43:42 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Local\Microsoft Help
[2010.04.13 01:43:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031
[2010.04.13 01:43:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0
[2010.04.12 22:54:09 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\Ubisoft
[2010.04.12 22:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2010.04.12 22:44:12 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.04.12 22:44:12 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.04.12 22:44:12 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.04.12 22:44:12 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.04.12 22:44:11 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.04.12 22:44:11 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.04.12 22:44:10 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.04.12 22:44:10 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.04.12 22:44:10 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.04.12 22:44:10 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.04.12 22:44:10 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.04.12 22:44:10 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.04.12 22:44:10 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.04.12 22:44:10 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.04.12 22:44:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.04.12 22:44:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.04.12 22:44:09 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.04.12 22:44:09 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.04.12 22:44:09 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.04.12 22:44:09 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.04.12 22:44:09 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.04.12 22:44:09 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.04.12 22:44:09 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.04.12 22:44:09 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.04.12 22:44:08 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.04.12 22:44:08 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.04.12 22:44:08 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.04.12 22:44:08 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.04.12 22:44:08 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.04.12 22:44:08 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.04.12 22:44:08 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.04.12 22:44:08 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.04.12 22:44:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.04.12 22:44:07 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.04.12 22:44:06 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.04.12 22:44:06 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.04.12 22:44:06 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.04.12 22:44:06 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.04.12 22:44:06 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.04.12 22:44:06 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.04.12 22:44:05 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.04.12 22:44:05 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.04.12 22:44:05 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.04.12 22:44:05 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.04.12 22:44:05 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.04.12 22:44:05 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.04.12 22:44:05 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.04.12 22:44:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.04.12 22:44:04 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.04.12 22:44:04 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.04.12 22:44:04 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.04.12 22:44:04 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.04.12 22:44:04 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.04.12 22:44:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.04.12 22:44:03 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.04.12 22:44:03 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.04.12 22:44:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.04.12 22:44:03 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.04.12 22:44:03 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.04.12 22:44:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.04.12 22:44:02 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.04.12 22:44:02 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.04.12 22:44:02 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.04.12 22:44:02 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.04.12 22:44:02 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.04.12 22:44:02 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.04.12 22:44:00 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.04.12 22:44:00 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.04.12 22:43:58 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.04.12 22:43:58 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.04.12 22:43:58 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.04.12 22:43:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.04.12 22:43:57 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.04.12 22:43:57 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.04.12 22:43:56 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.04.12 22:43:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.04.12 22:43:56 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.04.12 22:43:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.04.12 22:43:56 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.04.12 22:43:56 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.04.12 22:43:55 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.04.12 22:43:55 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.04.12 22:43:54 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.04.12 22:43:54 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.04.12 22:43:54 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.04.12 22:43:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.04.12 22:43:54 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.04.12 22:43:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.04.12 22:43:54 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.04.12 22:43:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.04.12 22:43:54 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.04.12 22:43:54 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.04.12 22:43:54 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.04.12 22:43:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.04.12 22:43:53 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.04.12 22:43:53 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.04.12 22:43:53 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.04.12 22:43:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.04.12 22:43:53 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.04.12 22:43:53 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.04.12 22:43:52 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.04.12 22:43:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.04.12 22:43:52 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.04.12 22:43:52 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.04.12 22:43:51 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.04.12 22:43:51 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.04.12 22:43:51 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.04.12 22:43:51 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.04.12 22:43:49 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.04.12 22:43:49 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.04.12 22:43:49 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.04.12 22:43:49 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.04.12 22:43:49 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.04.12 22:43:49 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.04.12 22:43:48 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.04.12 22:43:48 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.04.12 22:43:48 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.04.12 22:43:48 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.04.12 22:43:48 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.04.12 22:43:48 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.04.12 22:43:48 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.04.12 22:43:48 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.04.12 22:43:46 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.04.12 22:43:46 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.04.12 22:43:37 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010.04.12 22:43:37 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010.04.12 22:43:36 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.04.12 22:43:36 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.04.12 22:43:36 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.04.12 22:43:36 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.04.12 22:43:35 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.04.12 22:43:35 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.04.12 22:43:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.04.12 22:43:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.04.12 22:43:34 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.04.12 22:43:34 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.04.12 22:43:34 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.04.12 22:43:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.04.12 22:43:33 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.04.12 22:43:33 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.04.12 22:43:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.04.12 22:43:33 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.04.12 22:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.04.12 17:18:01 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\dvdcss
[2010.04.11 01:13:32 | 000,000,000 | ---D | C] -- C:\Temp
[2010.04.10 23:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010.04.10 23:00:57 | 000,000,000 | ---D | C] -- C:\Users\Artur\AppData\Roaming\TeamViewer
[2010.04.10 23:00:54 | 000,000,000 | ---D | C] -- C:\Users\Artur\temp
[2010.04.09 16:38:00 | 000,000,000 | ---D | C] -- C:\Users\Artur\Option
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.09 01:00:02 | 001,835,008 | -HS- | M] () -- C:\Users\Artur\NTUSER.DAT
[2010.05.09 00:56:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Artur\Desktop\OTL.exe
[2010.05.09 00:36:18 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 00:36:18 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 00:29:40 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.09 00:21:31 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.09 00:21:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.07 14:46:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.07 14:45:53 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.07 14:29:08 | 003,283,930 | -H-- | M] () -- C:\Users\Artur\AppData\Local\IconCache.db
[2010.05.07 14:01:07 | 001,619,686 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.07 14:01:07 | 000,700,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.07 14:01:07 | 000,653,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.07 14:01:07 | 000,150,040 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.07 14:01:07 | 000,121,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.07 00:18:39 | 006,592,545 | ---- | M] () -- C:\Users\Artur\Desktop\Britney Spears Telephone Pitched Ver.mp3
[2010.05.06 16:17:49 | 000,000,017 | ---- | M] () -- C:\Users\Artur\AppData\Local\resmon.resmoncfg
[2010.05.05 17:39:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.03 22:02:12 | 001,220,519 | ---- | M] () -- C:\Users\Artur\Documents\nbb_fbl_3.pdf
[2010.05.03 21:00:37 | 001,291,039 | ---- | M] () -- C:\Users\Artur\Documents\nbb_fbl_1.pdf
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.22 17:11:02 | 000,029,536 | ---- | M] (EnTech Taiwan) -- C:\Windows\SysWow64\drivers\TVicHW32.sys
[2010.04.22 17:11:02 | 000,021,200 | ---- | M] (EnTech Taiwan) -- C:\Windows\SysNative\drivers\TVicHW32.sys
[2010.04.22 14:14:37 | 000,000,188 | ---- | M] () -- C:\Windows\PidList.ini
[2010.04.21 16:36:45 | 000,000,126 | ---- | M] () -- C:\Users\Artur\AppData\Roaming\wklnhst.dat
[2010.04.20 21:04:21 | 000,224,609 | ---- | M] () -- C:\Users\Artur\Documents\VIERTER NEWSLETTER.pdf
[2010.04.14 11:52:48 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010.04.14 11:49:49 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.13 13:49:43 | 000,343,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.04.13 02:06:53 | 000,080,032 | ---- | M] () -- C:\Users\Artur\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.13 02:03:33 | 000,000,316 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.04.12 22:44:15 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.04.12 22:44:14 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.04.12 12:07:06 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.04.11 00:30:48 | 000,000,118 | ---- | M] () -- C:\Windows\Podcasts.INI
 
========== Files Created - No Company Name ==========
 
[2010.05.07 00:17:24 | 006,592,545 | ---- | C] () -- C:\Users\Artur\Desktop\Britney Spears Telephone Pitched Ver.mp3
[2010.05.06 16:17:49 | 000,000,017 | ---- | C] () -- C:\Users\Artur\AppData\Local\resmon.resmoncfg
[2010.05.05 17:39:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.03 22:02:12 | 001,220,519 | ---- | C] () -- C:\Users\Artur\Documents\nbb_fbl_3.pdf
[2010.05.03 21:00:37 | 001,291,039 | ---- | C] () -- C:\Users\Artur\Documents\nbb_fbl_1.pdf
[2010.04.21 16:36:43 | 000,000,126 | ---- | C] () -- C:\Users\Artur\AppData\Roaming\wklnhst.dat
[2010.04.20 21:04:21 | 000,224,609 | ---- | C] () -- C:\Users\Artur\Documents\VIERTER NEWSLETTER.pdf
[2010.04.20 16:19:51 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\TrayIcon12.dll
[2010.04.20 16:19:51 | 000,061,952 | ---- | C] () -- C:\Windows\SysWow64\ajnetmask.dll
[2010.04.14 11:52:48 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010.04.13 02:02:07 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.13 02:00:49 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.12 22:44:15 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.04.12 22:44:14 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.04.09 20:29:55 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.03.01 23:47:28 | 000,001,799 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.03.01 15:31:17 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.03.01 15:11:22 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.05 02:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.11.05 02:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.11.05 02:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AFFC859A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:52B72A7C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
< End of report >
         

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
PRC - C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe ()
O4 - HKCU..\Run: [Audio HD Driver] C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe ()
O4 - HKCU..\Run: [HKCU] C:\Windows\iexplorer\iexplorer.exe (LMiktQx)
:Files
C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe
C:\Windows\iexplorer
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
No active process named 3LDfCQpxnY0.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Audio HD Driver deleted successfully.
C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully.
C:\Windows\iexplorer\iexplorer.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Artur\AppData\Local\Temp\3LDfCQpxnY0.exe not found.
C:\Windows\iexplorer folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Artur
->Temp folder emptied: 2774222 bytes
->Temporary Internet Files folder emptied: 178382 bytes
->Java cache emptied: 15966289 bytes
->FireFox cache emptied: 104176944 bytes
->Flash cache emptied: 5113 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87661 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67631 bytes
RecycleBin emptied: 209764 bytes
 
Total Files Cleaned = 118,00 mb
 
 
OTL by OldTimer - Version 3.2.4.1 log created on 05092010_203549

Files\Folders moved on Reboot...
C:\Users\Artur\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Gut. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/10/2010 at 04:17 PM

Application Version : 4.37.1000

Core Rules Database Version : 4911
Trace Rules Database Version: 2723

Scan type       : Complete Scan
Total Scan Time : 01:30:11

Memory items scanned      : 648
Memory threats detected   : 0
Registry items scanned    : 7881
Registry threats detected : 0
File items scanned        : 155126
File threats detected     : 2

Trojan.Dropper/Gen-MultiPacked
	C:\SCHWARZER\ALTE D FESTPLATTE\DESKTOP\STEDITHOMECAST\SETEDITHOMECAST.EXE

Trojan.IEXPLORER
	C:\_OTL\MOVEDFILES\05092010_203549\C_WINDOWS\IEXPLORER\IEXPLORER.EXE
         

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4068

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.05.2010 20:16:21
mbam-log-2010-05-10 (20-16-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 270877
Laufzeit: 42 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Ok - Rechner wieder normal?

ja, keine infizierten dateien mehr

vielen dank cosinus, echt cooles forum!!!

grüße

Gut, dann prüf mal die Updates:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

ok ist erledigt, danke!