Hilfe beim 50€-Trojaner

juls88 · 27.02.2012, 18:13

Hi! Habe seit heute mittag Probleme mit dem Trojaner, der mir sagt, dass ich windows für 50€ kaufen muss. Habe hier bereits einige beiträge zum thema gefunden und gelesen. Habe otl runtergeladen und hatte zuvor schon Malwarebytes antimalware drüberlaufen lassen, was aber mein prob nicht gelöst hat. Ich hoffe richtig zu handeln, wenn ich die log files jetzt hier poste.
MEin otl.txt ist leider zu groß um hochgeladen zu werden, was soll ich tun?

markusg · 27.02.2012, 18:29

hi,
wo ist otl.txt?

juls88 · 27.02.2012, 18:37

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2/27/2012 5:13:18 PM - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Roy Brosende\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.97 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.54% Memory free
7.93 Gb Paging File | 6.22 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 17.67 Gb Free Space | 23.71% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 67.95 Gb Free Space | 32.52% Space Free | Partition Type: NTFS
Drive F: | 43.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.86 Gb Total Space | 7.34 Gb Free Space | 93.43% Space Free | Partition Type: FAT32
 
Computer Name: ROYBROSENDE | User Name: Roy Brosende | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Roy Brosende\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Roy Brosende\AppData\Local\Skype\Skype.exe ()
PRC - C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Windows\SysWOW64\PrivacyProvider.exe ()
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Roy Brosende\AppData\Local\Skype\Skype.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Windows\SysWOW64\PrivacyProvider.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCSUService) -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Suite Service) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (Common Toolkit Tools) -- C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (SPAMfighter ApS)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PrivacyProvider) -- C:\Windows\SysWOW64\PrivacyProvider.exe ()
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (DCamUSBSTK02N) -- C:\Windows\SysNative\drivers\STK02NW2.sys (Syntek Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DCamUSBSTK02N) -- C:\Windows\SysWOW64\drivers\STK02NW2.sys (Syntek Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=mkg029
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Roy Brosende\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Roy Brosende\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/05 17:35:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Roy Brosende\AppData\Roaming\5064 [2011/12/23 01:55:04 | 000,000,000 | ---D | M]
 
[2012/02/27 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/09/26 09:51:59 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/24 15:50:47 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012/02/24 16:39:27 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IPHider] C:\Program Files (x86)\IP Hider\IP Hider.exe (AllAnonymity)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Roy Brosende\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SkypeM] C:\Users\Roy Brosende\AppData\Local\Skype\Skype.exe ()
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [TrueCrypt Format] C:\Program Files\TrueCrypt\TrueCrypt Format.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat) - C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat ()
F3 - HKCU WinNT: Load - (C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat) - C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89E8796B-8274-4B25-98B2-3FB563D7C2A1}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5333A44-DF73-4096-BB82-8B9416A91323}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E694AB6D-D493-4C90-9B1E-19E195AD66EA}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/11 19:53:06 | 000,000,119 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5cb1f002-d893-11e0-88b9-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{5cb1f002-d893-11e0-88b9-001e101fe70e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O33 - MountPoints2\{6a7e63fb-bf13-11df-8744-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{8687afc9-bda0-11df-a625-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{8687b041-bda0-11df-a625-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{8687b041-bda0-11df-a625-e0cb4e1a695d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O33 - MountPoints2\{88753275-c0d1-11df-a33a-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6f2c54-bdab-11df-8733-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6f2c54-bdab-11df-8733-e0cb4e1a695d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O33 - MountPoints2\{fa49a2d5-0798-11e0-b8b7-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{fa49a2d8-0798-11e0-b8b7-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{fa49a306-0798-11e0-b8b7-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD96A00C-07B7-200B-E873-38DA012BAA53} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: 41tskbwsf7wk - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe (ASUS)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/27 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E9423F94-4279-4B5F-BE54-9355672BBB37}
[2012/02/27 16:27:54 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Roy Brosende\Desktop\OTL.exe
[2012/02/27 15:55:34 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DA1E80E3-2139-4671-BF63-9505CBBB6788}
[2012/02/27 15:33:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CFFDB1FE-5146-41CD-8300-4B6FA7DE3AB0}
[2012/02/27 15:19:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{86F00A49-FE60-4C74-9782-0EB6670CA2A0}
[2012/02/27 14:45:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5FD2F61A-03CF-469B-96E1-3C0100ADB354}
[2012/02/27 14:27:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D5D724C3-81BF-42D7-A0A1-3BFC2D7BDAFE}
[2012/02/27 14:26:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0833E140-D4FF-4D3E-AEFD-D9BDE4493CD6}
[2012/02/27 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\Local Settings
[2012/02/27 12:53:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{AF46B675-2D31-4D7F-A6F0-6634AB950C45}
[2012/02/27 09:03:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{EC485A61-6AED-4E6C-8B7C-1404DCEEFC48}
[2012/02/26 16:19:30 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1B698084-99E8-4992-A827-3D44A6D40FE9}
[2012/02/26 16:18:21 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{342BCCA6-3E6A-4CBF-8FC1-7173CE418117}
[2012/02/25 21:00:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{747A0650-F8C5-4DFE-BCC0-BFF76A5FEA7C}
[2012/02/25 20:59:39 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3464A5C1-23E9-4639-AA40-E3683DD6CC37}
[2012/02/25 12:14:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CA50481C-69BD-403B-8779-5970B2742798}
[2012/02/25 12:13:36 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{834028F8-AD63-43CB-A0F0-6732F28FDEFB}
[2012/02/24 16:45:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{AEECA24A-0B49-46FD-B90E-7CF5AD3F01F3}
[2012/02/24 09:00:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{F83FFFD4-DB78-4CCA-93D3-20AA4FB1CF23}
[2012/02/24 08:59:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{38F510C1-0B71-412D-9833-15858A687AF4}
[2012/02/23 20:07:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A8513F07-4C70-42F9-982B-B0C40B62052A}
[2012/02/23 20:06:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7CFCD396-93B8-48A7-80E1-9463C995CECC}
[2012/02/23 13:52:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Skype
[2012/02/23 13:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/23 13:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/23 13:52:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/23 13:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/23 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{75205D22-8DC6-4720-BE42-CB8F7431658C}
[2012/02/23 12:49:21 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{58FC2BE0-99DD-44A6-8828-E044B881B28A}
[2012/02/23 11:31:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E2E90245-B80C-439F-8BFB-B55D0A38E7D6}
[2012/02/23 11:17:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\LG Electronics
[2012/02/23 10:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2012/02/23 10:45:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E14AD96A-D55F-4A3E-9123-42B12DB47440}
[2012/02/23 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{840E639B-67FE-476C-98A3-92F6E4A7E25A}
[2012/02/23 00:12:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{B618BF5D-67A1-4A8F-8CCC-5A4AD33FCD8C}
[2012/02/23 00:10:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{207643FC-223B-4B36-84FA-778B8D861C46}
[2012/02/22 11:16:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3EFCFE5A-444E-49BE-A31C-77EB1707920B}
[2012/02/22 11:16:39 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{FB4D6AFD-F94A-46B9-9911-A1FD8BA38629}
[2012/02/21 21:18:31 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{099FA929-F274-4CBC-B192-61A399412A11}
[2012/02/21 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DB29821A-FEBE-4527-BBC7-514E0132B954}
[2012/02/21 10:22:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{89234E42-DEE7-42DA-A85C-6EFFBE265C2E}
[2012/02/20 08:26:38 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D6F9657E-4F58-4B4A-AE34-60E966F46CDA}
[2012/02/19 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8B99F6EC-A44C-4D76-969C-65316F768BFE}
[2012/02/19 23:13:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C72150DC-FDDF-42BB-81AB-4CC49BC37E44}
[2012/02/19 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2ED0E55C-5C29-4049-9A67-56F628710AFD}
[2012/02/19 10:37:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CE045442-5E6D-477B-8394-2F3883F4B2D0}
[2012/02/18 23:51:02 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C0336C4B-B718-42D4-8EF0-C8C9390EA4A6}
[2012/02/18 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DFCB984E-4A96-4E28-9EF1-65647377BF3C}
[2012/02/18 09:13:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6DC11982-32F8-4631-A50F-5AC8EB9977CB}
[2012/02/18 09:12:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{08D0A68D-B86A-43DC-B1E2-99DF4C6FB5A2}
[2012/02/17 23:46:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{9145081C-4B42-4542-A78B-33137AAB811C}
[2012/02/17 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{695A06BA-4970-42A7-8053-C424430DB099}
[2012/02/17 23:29:24 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C412740C-FCB4-4D86-BDB0-21AD5AA0FCE0}
[2012/02/17 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E708EDD0-BC81-48B9-9F3F-11621DB50191}
[2012/02/17 07:24:03 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{858EA100-9428-4C73-95BE-FD2E87DE7FED}
[2012/02/17 07:22:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0B8DBCCC-7C58-483F-A19E-A4F2819AC887}
[2012/02/16 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3B8693BF-A673-453F-921D-8D6CEDB7C3C6}
[2012/02/16 16:33:54 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8B8B4995-25AE-40EA-B179-B848650FD3B5}
[2012/02/15 22:02:44 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DC85F983-6DFF-451C-8859-2D00D8FD1E43}
[2012/02/15 22:01:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{09436F09-0ECE-45D6-8E75-E670E299F44D}
[2012/02/15 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{40507E6D-9D55-49DA-A311-6E394AF212EB}
[2012/02/15 20:28:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3FA28DC5-D75F-4303-9504-8D0F54965F12}
[2012/02/15 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{4776A9A2-DC28-46C8-8B49-7FF4396548DA}
[2012/02/15 08:21:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{4DE84214-9E1F-40FB-B0C5-6EDBD7569D00}
[2012/02/14 19:28:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2EA3805A-4AE3-4D27-BD4C-36AAA0B35E0A}
[2012/02/14 19:25:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C41899DD-A185-4520-B258-B9E03E3CB7CB}
[2012/02/14 13:09:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DE725F49-578C-4940-9688-834B399C82FE}
[2012/02/14 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\Desktop\afro
[2012/02/14 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{298D5303-9EB1-435E-BEE7-C25C0B95E14A}
[2012/02/14 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{F24F6A6B-4C7C-450A-A041-E4F0875E8511}
[2012/02/14 08:21:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DB2B26B1-B5A8-4343-BF10-2EFC90F0E415}
[2012/02/14 08:20:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{69765AC8-FC78-4307-AF4D-F84CA423323C}
[2012/02/13 23:11:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2BA74E46-C6B8-434F-9CB4-7C442B0FE5ED}
[2012/02/13 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{FB143C96-39BC-4200-84CA-D4A8E1991366}
[2012/02/13 21:22:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1C163D62-2323-4914-AFF0-FEF090272F26}
[2012/02/13 19:39:54 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2D12E1DA-2BD5-44A4-B126-863B71D8E956}
[2012/02/13 16:05:30 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BE0D2F7A-E0EB-4ED6-928A-DCC921042184}
[2012/02/13 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8D065C0A-F231-4436-BE64-538732CA9614}
[2012/02/13 15:14:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D1B70EA2-8E26-44CB-B8EF-33471A21EA39}
[2012/02/13 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5678C246-D749-4395-A9CA-1AC09490A7C7}
[2012/02/12 16:17:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{987FEDD9-07FD-4C92-AB47-CA66CDBB71AC}
[2012/02/11 08:53:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D42F60F1-8D59-49B8-AF0F-964F7226A02F}
[2012/02/11 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6DEBFBCE-C828-49E6-85E7-9BE4CAAE8C18}
[2012/02/10 13:20:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{4507B13B-64B2-4874-B346-B6A23101C74B}
[2012/02/10 11:48:25 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{9C21291B-670D-40F6-A83E-73739BFA70BC}
[2012/02/10 08:03:40 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A594623A-98D9-410B-8D7B-544C8CB3D699}
[2012/02/10 08:02:32 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3D07B83C-0BA6-49B8-8052-079694CE37A4}
[2012/02/10 00:24:10 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{079AF5C9-1AAD-4E12-97F0-B58F2F43BAB9}
[2012/02/10 00:22:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{61169325-636A-49D1-A741-A3A37A971EAB}
[2012/02/09 10:35:14 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CA71ACDD-BA6B-4C2D-856F-BB2A510574CD}
[2012/02/09 10:34:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5102FB96-5AB6-41CB-A673-3BDC0284EE9E}
[2012/02/09 08:12:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{EB156F3A-DFFE-409D-BA71-EA6E2235D46E}
[2012/02/08 23:50:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6A60504B-66A4-4FEA-A66D-B0A1ECCCE87D}
[2012/02/08 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{02E14A2B-AA79-457D-A8E2-325061B3C0C6}
[2012/02/08 09:12:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7BE82F49-A4B9-45D7-8421-F55F1366687B}
[2012/02/07 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6472ED9B-EA1B-4293-B293-2EE6BC3793CC}
[2012/02/07 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{31B2F61C-79E7-42F5-8B24-615032339C54}
[2012/02/06 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BE860773-74C2-48DA-B96B-4921D57B43E4}
[2012/02/06 16:23:15 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C1A93E22-D619-4828-8186-DCEDAFBC7853}
[2012/02/06 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{770A2C07-317B-49A7-99AB-F8BE6AD3C251}
[2012/02/05 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{838D3395-F2F7-4238-A836-759490CCF85C}
[2012/02/05 18:09:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/05 17:58:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{89DB9C09-363E-4EE4-8492-1A03A4CFF6E8}
[2012/02/05 17:57:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\yahoo!
[2012/02/05 17:36:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\AVG2012
[2012/02/05 17:35:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/05 17:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/02/05 17:35:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/02/05 17:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/05 17:35:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/02/05 17:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/05 17:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/05 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Malwarebytes
[2012/02/05 17:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/05 17:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/05 17:13:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/05 17:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/05 16:53:50 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Security Monitor 2012
[2012/02/05 16:21:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6E7A3450-D531-44AD-BB34-D99BC03A228F}
[2012/02/05 16:19:25 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{638A2E26-1D50-4F3F-BE16-64DC90F98253}
[2012/02/05 07:11:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3669C25F-EE39-4681-AF02-10BAB086E7B9}
[2012/02/05 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A1948824-602C-4712-8378-F450EC079E83}
[2012/02/04 23:45:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1849E1EE-71BA-43D8-BCD2-1E77736ABDAA}
[2012/02/04 09:15:55 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5C200659-1827-44BC-8FE9-CA6E95762148}
[2012/02/04 09:14:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A25FF2E7-52CE-4079-9E50-93C9DB3D80EC}
[2012/02/03 11:47:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0D8368BF-A674-438D-AE18-753575AC70A5}
[2012/02/03 09:33:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{81756FC0-C1EE-4EB6-AF56-44F4F68D6CE6}
[2012/02/03 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7DD15D7C-61C6-4894-AFCA-E4704E2FDFEB}
[2012/02/02 09:23:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3CE469FA-1264-4075-82AC-2BA58C506829}
[2012/02/01 20:14:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{33ED34E2-9BF8-4F7C-A2F9-7FC83BAC9954}
[2012/02/01 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{9D13B617-E49B-48BE-BB9C-D553FA48B0A6}
[2012/02/01 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BB2D96E6-F0DA-4078-A428-F8C68117817D}
[2012/02/01 19:22:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{95B680F4-25D7-444E-A1CD-9624FAA0F34A}
[2012/02/01 19:13:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{36B80E66-0BC5-4D7F-BC9C-3C69F49AC981}
[2012/02/01 19:12:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{099A3106-0D4B-4ABF-864F-545AAF8A31F8}
[2012/02/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6DA294B1-6A4E-42A8-8D3C-3415553A772C}
[2012/02/01 18:58:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{480DC3E9-6437-49A1-88AE-CEED591E47AD}
[2012/02/01 09:18:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{F8403F67-8384-4D8A-93EC-2CC492225801}
[2012/02/01 09:17:00 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BACF5E9A-B478-43C0-BA8C-756B424D7446}
[2012/02/01 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7906B29E-EB62-411D-9A60-72C5C5A42F3E}
[2012/02/01 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8EB65AF1-D6EF-49A5-9ACD-E86AFBCEE7B2}
[2012/01/31 15:53:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{51C4F4D6-894E-4673-B038-409418BD0E58}
[2012/01/30 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C4E1485D-81E3-4B84-BB9B-B891EE05A8DE}
[2012/01/30 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{18C73919-AE38-49DE-8490-3621D7C81BD4}
[2012/01/30 09:29:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2B5658E4-BD8E-42E3-A950-5DC74397B2DD}
[2012/01/30 09:29:40 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0ADCD3A1-CECE-4FF6-9507-6976FDA99F42}
[2012/01/30 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{767EE086-20A8-4551-A1AF-59A92B12495A}
[2012/01/30 08:20:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{962DDB00-9370-47FA-966A-E7EADDF68967}
[2012/01/29 19:45:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3B56515D-3FC8-4F4B-A6AB-3AA6A4470294}
[2012/01/29 19:45:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{86A99482-F0F9-41F1-8861-B93F22F62D56}
[2012/01/29 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5CF2FBD1-E38D-4015-9D38-817BB2E7BF8C}
[2012/01/29 18:33:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C698F113-5EFB-49FC-B02E-04857185C77C}
[2012/01/29 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\Desktop\Money
[2012/01/29 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\21Nova Casino
[2012/01/29 17:46:31 | 000,000,000 | ---D | C] -- C:\Casino
[2012/01/29 14:13:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{921A2F3D-41C2-4E65-8933-65D494DF5631}
[2012/01/29 14:11:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{535D7903-C26B-4936-B3C1-46DE8A7A1E79}
[2012/01/29 10:32:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{67A65665-8C0E-4097-B9E8-54B72258A21A}
[2012/01/29 10:31:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1BA4135E-D8C7-4FF7-9D17-F402F0B11277}
[2012/01/29 10:11:36 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D7A8A6F7-F053-47E3-9941-D851BC1B95CD}
[2012/01/29 10:10:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6B0D919E-862E-4EB4-8098-A8793E46FF91}
[2012/01/29 09:58:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D7E29612-829F-4B39-8224-03A3B21BB289}
[2012/01/29 09:58:12 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{21C7278F-4253-4DAB-BDF4-AD346B20DAA3}
[1 C:\Users\Roy Brosende\AppData\Roaming\*.tmp files -> C:\Users\Roy Brosende\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/27 17:16:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 17:16:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 17:13:06 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000UA.job
[2012/02/27 17:13:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000Core.job
[2012/02/27 17:12:52 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/27 17:12:52 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/02/27 17:12:52 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/27 17:12:52 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/02/27 17:12:52 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/27 17:11:10 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/02/27 17:09:51 | 000,001,952 | ---- | M] () -- C:\Windows\SysWow64\PrivacyProvider.ini
[2012/02/27 17:09:51 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2012/02/27 17:09:48 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Roy Brosende-Startup.job
[2012/02/27 17:07:40 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/02/27 17:07:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 17:06:23 | 3193,733,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 16:17:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Brosende\Desktop\OTL.exe
[2012/02/27 14:23:04 | 000,002,648 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/02/27 13:03:44 | 090,228,105 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/24 17:14:23 | 000,086,514 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/24 16:39:27 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/23 20:03:00 | 000,001,565 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/02/23 13:52:05 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/23 11:00:11 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/22 12:36:56 | 000,000,748 | ---- | M] () -- C:\Users\Roy Brosende\Desktop\21Nova Casino.lnk
[2012/02/22 12:22:17 | 000,008,382 | ---- | M] () -- C:\Users\Roy Brosende\Desktop\molekulark_fa59c63b44.jpg
[2012/02/05 17:35:49 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/05 17:35:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 17:35:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/30 10:01:23 | 000,008,355 | ---- | M] () -- C:\Users\Roy Brosende\Desktop\roy2.jpg
[1 C:\Users\Roy Brosende\AppData\Roaming\*.tmp files -> C:\Users\Roy Brosende\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/27 13:03:44 | 090,228,105 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/24 17:14:23 | 000,086,514 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/23 13:52:05 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/23 10:56:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/02/23 10:56:46 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/22 12:36:56 | 000,000,748 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\21Nova Casino.lnk
[2012/02/22 12:22:16 | 000,008,382 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\molekulark_fa59c63b44.jpg
[2012/02/05 17:35:49 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/05 17:35:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 17:35:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/30 10:01:22 | 000,008,355 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\roy2.jpg
[2012/01/30 09:34:05 | 000,129,317 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\IMG_0014.JPG
[2012/01/30 09:34:05 | 000,099,611 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\IMG_0012.JPG
[2012/01/30 09:34:05 | 000,032,555 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\4271611139_bigger_preview.jpg
[2012/01/29 18:27:07 | 000,000,792 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prestige Casino.lnk
[2012/01/29 18:23:20 | 000,000,785 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casino Del Rio.lnk
[2012/01/29 18:16:05 | 000,000,778 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\21Nova Casino.lnk
[2012/01/29 18:01:36 | 000,000,778 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winner Casino.lnk
[2012/01/29 17:46:34 | 000,000,799 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EuroGrand Casino.lnk
[2011/12/11 11:09:45 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/10/05 17:39:23 | 000,003,584 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/26 09:14:19 | 000,017,408 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Local\WebpageIcons.db
[2011/01/25 12:24:43 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2011/01/25 12:24:34 | 002,740,224 | ---- | C] () -- C:\Windows\SysWow64\PrivacyProvider.exe
[2011/01/25 12:24:34 | 000,471,040 | ---- | C] () -- C:\Windows\SysWow64\RegisterLSP.exe
[2011/01/25 12:24:34 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\PrivacyProvider.dll
[2011/01/25 12:24:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2011/01/25 12:24:34 | 000,001,952 | ---- | C] () -- C:\Windows\SysWow64\PrivacyProvider.ini
[2010/11/17 12:43:36 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2010/11/17 09:42:48 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/10/12 11:42:31 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/12 11:10:58 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
 
========== LOP Check ==========
 
[2011/12/07 22:12:18 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5053
[2011/12/11 12:33:23 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5055
[2011/12/13 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5058
[2011/12/14 16:30:42 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5059
[2011/12/17 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5060
[2011/12/19 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5061
[2011/12/21 00:35:13 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5062
[2011/12/22 00:11:19 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5063
[2011/12/23 01:55:04 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5064
[2011/05/23 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Asus WebStorage
[2012/02/05 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\AVG2012
[2011/07/24 15:50:45 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Easy MP3 Recorder
[2011/02/03 00:22:32 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\EeeStorageUploader
[2011/01/16 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Fighters
[2010/11/10 12:21:55 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\FILEminimizerPictures
[2011/12/14 10:08:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\FinalMediaPlayer
[2011/05/20 08:44:40 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\gtk-2.0
[2010/11/17 00:42:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\HDRsoft
[2011/12/07 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\kock
[2012/02/23 11:19:16 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\LG Electronics
[2010/09/25 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\LogoMaker
[2010/11/17 14:12:34 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\MAGIX
[2010/09/22 09:25:30 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Oniton
[2010/10/04 07:19:14 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Opera
[2010/11/07 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\PhotoFiltre
[2010/09/23 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\PhotoScape
[2012/02/05 17:20:23 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Security Monitor 2012
[2012/02/27 15:48:57 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\SoftGrid Client
[2011/12/20 23:47:28 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Systweak
[2011/05/23 16:37:36 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\temp
[2010/10/12 11:43:41 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\TP
[2011/01/14 14:36:59 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\TrueCrypt
[2012/01/03 12:27:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\UAs
[2010/09/30 19:11:43 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Ulead Systems
[2011/05/09 16:17:36 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Uniblue
[2010/09/11 13:44:12 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Vodafone
[2011/06/28 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Windows Live Writer
[2012/01/23 15:50:07 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\xmldm
[2012/02/27 17:13:00 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000Core.job
[2012/02/27 17:13:06 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000UA.job
[2012/02/27 17:11:10 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012/02/03 09:29:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/27 17:09:48 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-Roy Brosende-Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/02/05 18:09:57 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010/12/26 11:42:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/04/27 17:00:49 | 000,000,000 | ---D | M] -- C:\04-27-2011_17-59
[2012/02/27 17:09:32 | 000,000,000 | -H-D | M] -- C:\asus.dat
[2009/07/29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/01/29 18:27:04 | 000,000,000 | ---D | M] -- C:\Casino
[2012/02/27 15:35:23 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/12/03 13:21:40 | 000,000,000 | ---D | M] -- C:\Intel
[2010/10/13 11:24:24 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010/11/17 13:42:54 | 000,000,000 | ---D | M] -- C:\output
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/29 18:40:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/02/27 17:10:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/02/27 14:26:09 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/09/11 13:31:08 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010/11/07 16:52:33 | 000,000,000 | RHSD | M] -- C:\sys07
[2012/02/27 15:43:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/12/03 13:28:33 | 000,000,000 | ---D | M] -- C:\Temp
[2010/12/26 11:42:30 | 000,000,000 | R--D | M] -- C:\Users
[2010/11/19 07:58:56 | 000,000,000 | ---D | M] -- C:\Vodafone
[2012/02/27 16:25:18 | 000,000,000 | ---D | M] -- C:\Windows
[2011/12/14 23:32:42 | 000,000,000 | ---D | M] -- C:\xmldm
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/12/03 13:26:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/12/03 13:26:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/12/03 13:26:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/12/03 13:26:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 11:54:35 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/06/04 11:54:35 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 11:54:35 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011/05/20 08:51:07 | 000,001,458 | ---- | M] () -- C:\Users\Roy Brosende\.recently-used.xbel
[2012/02/27 17:35:54 | 002,359,296 | ---- | M] () -- C:\Users\Roy Brosende\ntuser.dat
[2012/02/27 17:35:54 | 000,262,144 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat.LOG1
[2010/09/11 13:32:34 | 000,000,000 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat.LOG2
[2010/09/11 14:11:03 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/09/11 14:11:03 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/09/11 14:11:03 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/10/13 11:23:24 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{2b541eb6-d6b2-11df-b5ba-001e101f2500}.TM.blf
[2010/10/13 11:23:24 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{2b541eb6-d6b2-11df-b5ba-001e101f2500}.TMContainer00000000000000000001.regtrans-ms
[2010/10/13 11:23:24 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{2b541eb6-d6b2-11df-b5ba-001e101f2500}.TMContainer00000000000000000002.regtrans-ms
[2010/12/21 13:22:29 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{56559298-0cfb-11e0-b344-e0cb4e1a695d}.TM.blf
[2010/12/21 13:22:29 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{56559298-0cfb-11e0-b344-e0cb4e1a695d}.TMContainer00000000000000000001.regtrans-ms
[2010/12/21 13:22:29 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{56559298-0cfb-11e0-b344-e0cb4e1a695d}.TMContainer00000000000000000002.regtrans-ms
[2010/11/22 12:53:45 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{6189f376-f62d-11df-8b17-001e101fb681}.TM.blf
[2010/11/22 12:53:45 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{6189f376-f62d-11df-8b17-001e101fb681}.TMContainer00000000000000000001.regtrans-ms
[2010/11/22 12:53:45 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{6189f376-f62d-11df-8b17-001e101fb681}.TMContainer00000000000000000002.regtrans-ms
[2010/10/20 10:13:17 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{7baf31a1-dc0e-11df-860e-001e101fabdd}.TM.blf
[2010/10/20 10:13:17 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{7baf31a1-dc0e-11df-860e-001e101fabdd}.TMContainer00000000000000000001.regtrans-ms
[2010/10/20 10:13:17 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{7baf31a1-dc0e-11df-860e-001e101fabdd}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 09:21:40 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{8e4472c1-c7b3-11df-b112-e0cb4e1a695d}.TM.blf
[2010/09/24 09:21:40 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{8e4472c1-c7b3-11df-b112-e0cb4e1a695d}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 09:21:40 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{8e4472c1-c7b3-11df-b112-e0cb4e1a695d}.TMContainer00000000000000000002.regtrans-ms
[2010/10/13 11:31:12 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{e41a5dbc-d6b2-11df-a841-001e101fb4df}.TM.blf
[2010/10/13 11:31:12 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{e41a5dbc-d6b2-11df-a841-001e101fb4df}.TMContainer00000000000000000001.regtrans-ms
[2010/10/13 11:31:12 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{e41a5dbc-d6b2-11df-a841-001e101fb4df}.TMContainer00000000000000000002.regtrans-ms
[2010/09/11 13:32:35 | 000,000,020 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.ini
[2010/12/26 11:49:42 | 000,000,680 | RHS- | M] () -- C:\Users\Roy Brosende\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

markusg · 27.02.2012, 18:57

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [SkypeM] C:\Users\Roy Brosende\AppData\Local\Skype\Skype.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat) - C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat ()
F3 - HKCU WinNT: Load - (C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat) - C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
 :Files
C:\Users\Roy Brosende\AppData\Local\Skype
C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

juls88 · 27.02.2012, 19:19

datei is hochgeladen

markusg · 27.02.2012, 20:12

danke.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

juls88 · 27.02.2012, 20:58

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-27.02 - Roy Brosende 27.02.2012  20:31:37.1.2 - x64
ausgeführt von:: H:\ComboFix.exe
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\programdata\FullRemove.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Gast\AppData\Roaming\.#
c:\users\Roy Brosende\AppData\Roaming\AcroIEHelpe.txt
c:\users\Roy Brosende\AppData\Roaming\Security Monitor 2012
c:\users\Roy Brosende\AppData\Roaming\Security Monitor 2012\IcoActivate.ico
c:\users\Roy Brosende\AppData\Roaming\Security Monitor 2012\IcoHelp.ico
c:\users\Roy Brosende\AppData\Roaming\Security Monitor 2012\IcoUninstall.ico
c:\users\Roy Brosende\AppData\Roaming\srvblck2.tmp
c:\windows\UA000096.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-27 bis 2012-02-27  ))))))))))))))))))))))))))))))
.
.
2012-02-27 18:08 . 2012-02-27 18:44	--------	d-----w-	C:\_OTL
2012-02-23 12:52 . 2012-02-27 14:44	--------	d-----w-	c:\users\Roy Brosende\AppData\Roaming\Skype
2012-02-23 12:52 . 2012-02-23 12:52	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-02-23 12:52 . 2012-02-23 12:52	--------	d-----r-	c:\program files (x86)\Skype
2012-02-23 12:52 . 2012-02-23 12:59	--------	d-----w-	c:\programdata\Skype
2012-02-23 10:17 . 2012-02-23 10:19	--------	d-----w-	c:\users\Roy Brosende\AppData\Roaming\LG Electronics
2012-02-23 09:59 . 2011-05-10 12:37	655872	----a-w-	c:\windows\SysWow64\msvcr90.dll
2012-02-23 09:59 . 2011-05-10 12:37	568832	----a-w-	c:\windows\SysWow64\msvcp90.dll
2012-02-23 09:59 . 2011-05-10 12:37	224768	----a-w-	c:\windows\SysWow64\msvcm90.dll
2012-02-23 09:56 . 2006-05-04 07:33	53248	----a-w-	c:\windows\SysWow64\CommonDL.dll
2012-02-23 09:56 . 2012-02-23 09:59	--------	d-----w-	c:\programdata\LGMOBILEAX
2012-02-05 17:09 . 2012-02-05 17:09	--------	d-----w-	C:\$AVG
2012-02-05 16:57 . 2012-02-05 16:58	--------	d-----w-	c:\users\Roy Brosende\AppData\Roaming\yahoo!
2012-02-05 16:36 . 2012-02-05 16:36	--------	d-----w-	c:\users\Roy Brosende\AppData\Roaming\AVG2012
2012-02-05 16:35 . 2012-02-05 16:35	--------	d--h--w-	c:\programdata\Common Files
2012-02-05 16:35 . 2012-02-05 16:35	--------	d-----w-	c:\windows\SysWow64\drivers\AVG
2012-02-05 16:35 . 2012-02-27 12:03	--------	d-----w-	c:\windows\system32\drivers\AVG
2012-02-05 16:35 . 2012-02-24 15:41	--------	d-----w-	c:\programdata\AVG2012
2012-02-05 16:33 . 2012-02-05 16:33	--------	d-----w-	c:\program files (x86)\AVG
2012-02-05 16:27 . 2012-02-27 12:03	--------	d-----w-	c:\programdata\MFAData
2012-02-05 16:13 . 2012-02-05 16:13	--------	d-----w-	c:\users\Roy Brosende\AppData\Roaming\Malwarebytes
2012-02-05 16:13 . 2012-02-05 16:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-05 16:13 . 2012-02-05 16:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 16:13 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-03 08:36 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE693CA6-4F1D-4611-BC75-B47FB6001A58}\mpengine.dll
2012-01-29 16:46 . 2012-01-29 17:27	--------	d-----w-	C:\Casino
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2010-12-27 11:04	279656	------w-	c:\windows\system32\MpSigStub.exe
2011-12-26 17:13 . 2011-12-26 17:13	114000	----a-w-	c:\windows\SysWow64\UpdSvc.dll
2009-04-08 18:31 . 2009-04-08 18:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 15:28	1485112	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46	195360	----a-w-	c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 970752]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-01-14 1496528]
"TrueCrypt Format"="c:\program files\TrueCrypt\TrueCrypt Format.exe" [2011-01-14 1591760]
"Facebook Update"="c:\users\Roy Brosende\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-19 137536]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"IPHider"="c:\program files (x86)\IP Hider\IP Hider.exe" [2010-02-26 1560576]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 Bulk1628;SPCA1628 Still Camera Service;c:\windows\system32\Drivers\Bulk1628.sys [x]
R3 ca1628UVCav;ca1628UVCav Driver Service;c:\windows\system32\Drivers\ca1628UVCav.sys [x]
R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-01-12 121480]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 106496]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Beschleunigen\PCSUService.exe [2011-09-05 233184]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-01-12 1143944]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 PrivacyProvider;PrivacyProvider;c:\windows\SysWOW64\PrivacyProvider.exe [2010-01-26 2740224]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000Core.job
- c:\users\Roy Brosende\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 15:08]
.
2012-02-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000UA.job
- c:\users\Roy Brosende\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 15:08]
.
2012-02-27 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-12-06 14:24]
.
2012-02-27 c:\windows\Tasks\SLOW-PCfighter64-Roy Brosende-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2011-04-07 18:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 10:47	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 10:47	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/?fr=mkg029
mStart Page = hxxp://de.yahoo.com/?fr=mkg029
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\PrivacyProvider.dll
TCP: DhcpNameServer = 139.7.30.126 139.7.30.125
TCP: Interfaces\{E694AB6D-D493-4C90-9B1E-19E195AD66EA}: NameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Messenger (Yahoo!) - ~c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\STK02N\STK02NM.exe
c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
q:\140062.deu\Office14\ONENOTEM.EXE
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-27  20:56:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-27 19:56
.
Vor Suchlauf: 14 Verzeichnis(se), 18.970.353.664 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 18.611.556.352 Bytes frei
.
- - End Of File - - 0D9E048508D8FB2909AB197F91355BB0

--- --- ---

Habe ja bereits malware drüber laufen lassen, habe mir den thread von lisa angeschaut, muss ich jetzt echt auch noch den cccleaner runterladen um ruhe vor diesem trojaner zu haben oder nur um den rechner in einen wunderbaren zustand, der eh nich lange anhalten würde, zu versetzen?

markusg · 27.02.2012, 21:12

vor allem gehts darum sicherheitslücken zu schließen.
und wenn der pc nicht aufgeräumt bleibt, ists ja dein verschulden :d
lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

juls88 · 27.02.2012, 21:59

2007 Microsoft Office system Microsoft Corporation 22.10.2010 12.0.6425.1000 notwendig
21Nova Casino 28.01.2012 notwendig
Acrobat.com Adobe Systems Incorporated 02.12.2009 1,61MB 1.6.65 notwendig
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 02.12.2009 unnötig
Adobe AIR Adobe Systems Inc. 02.12.2009 1.5.0.7220 notwendig
Adobe Bridge 1.0 Adobe Systems 09.11.2010 87,1MB 001.000.004 unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.08.2011 6,00MB 10.3.183.5 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 13.07.2011 6,00MB 10.3.181.34 notwendig
Adobe Photoshop CS2 Adobe Systems, Inc. 09.11.2010 9.0 notwendig
Adobe Reader 9.1 MUI Adobe Systems Incorporated 02.12.2009 650MB 9.1.0 notwendig
Alcor Micro USB Card Reader Alcor Micro Corp. 02.12.2009 2,87MB 1.2.17.25001 unbekannt
ArcSoft MediaImpression ArcSoft 22.05.2011 1.2.33.353 notwendig
ArcSoft MediaImpression 2 ArcSoft 22.05.2011 2.0.15.667 notwendig
ArcSoft Panorama Maker 4 ArcSoft 22.05.2011 notwendig
ArcSoft PhotoImpression 5 ArcSoft 02.01.2012 notwendig
ArcSoft VideoImpression 2 ArcSoft 02.01.2012 notwendig
ASUS AI Recovery ASUS 02.12.2009 2,89MB 1.0.6 unbekannt
ASUS AP Bank ASUSTEK 02.12.2009 1.0.0.0 unbekannt
ASUS CopyProtect ASUS 02.12.2009 3,62MB 1.0.0015notwendig
ASUS Data Security Manager ASUS 02.12.2009 15,1MB 1.00.0013notwendig
ASUS FancyStart ASUSTeK Computer Inc. 02.12.2009 10,5MB 1.0.5unbekannt
ASUS LifeFrame3 ASUS 02.12.2009 27,7MB 3.0.20 unbekannt
ASUS Live Update ASUS 02.12.2009 2.5.9 unbekannt
ASUS MultiFrame ASUS 02.12.2009 1.0.0019 unbekannt
ASUS Power4Gear Hybrid ASUS 02.12.2009 10,8MB 1.1.19 notwendig
ASUS SmartLogon ASUS 02.12.2009 10,9MB 1.0.0007 notwendig
ASUS Splendid Video Enhancement Technology ASUS 02.12.2009 24,4MB 1.02.0028 notwendig
ASUS Virtual Camera asus 02.12.2009 3,15MB 1.0.17 notwendig
Asus WebStorage eCareme Technologies, Inc. 02.12.2009 2.0.31.477 notwendig
Asus_Camera_ScreenSaver ASUS 02.12.2009 2.0.0009 notwendig
Atheros Client Installation Program Atheros 02.12.2009 7.0 unbekannt
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver Atheros Communications Inc. 02.12.2009 1.0.0.16 notwendig
ATK Generic Function Service ATK 02.12.2009 1.00.0008notwendig
ATK Hotkey ASUS 02.12.2009 5,75MB 1.0.0051notwendig
ATK Media ASUS 02.12.2009 0,18MB 2.0.0005notwendig
ATKOSD2 ASUS 02.12.2009 8,08MB 7.0.0005notwendig
AVG 2012 AVG Technologies 04.02.2012 2012.0.1913notwendig
Casino Del Rio 28.01.2012 notwendig
CCleaner Piriform 26.02.2012 3.16notwendig
ControlDeck ASUS 02.12.2009 1,82MB 1.0.4notwendig
CyberGhost VPN S.A.D. 23.09.2010 77,4MB unbekannt
CyberLink LabelPrint CyberLink Corp. 02.12.2009 88,6MB 2.5.1720 unnötig
CyberLink Power2Go CyberLink Corp. 02.12.2009 108,1MB 6.1.2713 notwendig
DHTML Editing Component Microsoft Corporation 29.09.2010 0,54MB 6.02.0001 unbekannt
Digital Camera Driver 22.05.2011 unbekannt
Dream Day Wedding Married in Manhattan Oberon Media 02.12.2009 unnötig
ETDWare PS/2-x64 7.0.5.5_WHQL 02.12.2009 unbekannt
EuroGrand Casino 28.01.2012 notwendig
Facebook Video Calling 1.0.0.8953 Skype Limited 14.11.2011 3,93MB 1.0.8953 unbekannt
Facebook Video Calling 1.1.0.13 Skype Limited 17.01.2012 4,22MB 1.1.13 unbekannt
Facebook Video Calling 1.1.1.1 Skype Limited 25.01.2012 3,93MB 1.1.1unbekannt
Fast Boot ASUS 02.12.2009 1,45MB 1.0.4 notwendig
File Type Assistant Trusted Software 06.12.2011 1,96MB unbekannt, fehlermeldung
FILEminimizer Pictures balesio AG 09.11.2010 unbekannt
Final Media Player 2011 Bitberry Software 06.12.2011 unbekannt
FULL-DISKfighter SPAMfighter ApS. 15.01.2011 1.1.154 notwendig
Game Park Console Oberon Media, Inc. 02.12.2009 5.2.1.4 unbekannt
Global Translator 2.0 Traduce Gratis 24.09.2010 notwendig
Intel(R) Graphics Media Accelerator Driver Intel Corporation 04.02.2011 1.222MB unbekannt
IP Hider 4.9 AllAnonymity 24.01.2011 notwendig
Java(TM) 6 Update 26 Oracle 22.04.2011 94,8MB 6.0.260 unbekannt
Kaspersky Anti-Virus 2012 Kaspersky Lab 28.12.2011 12.0.0.374 unnötig
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 04.02.2012 17,4MB 1.60.1.1000 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 10.02.2011 38,8MB 4.0.30319notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 10.02.2011 2,94MB 4.0.30319notwendig
Microsoft Office Home and Business 2010 - Deutsch Microsoft Corporation 11.10.2010 14.0.5123.5002 unbekannt
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 11.10.2010 14.0.4763.1000unbekannt
Microsoft Office Live Add-in 1.3 Microsoft Corporation 10.09.2010 0,48MB 2.0.2313.0unbekannt
Microsoft Office Outlook Connector Microsoft Corporation 27.06.2011 3,36MB 14.0.5118.5000unbekannt
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Corporation 27.06.2011 1,38MB 14.0.5120.5000notwendig
Microsoft Silverlight Microsoft Corporation 11.10.2011 146,1MB 4.0.60831.0notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.09.2010 1,72MB 3.1.0000notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 23.01.2012 0,25MB 8.0.50727.4053notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.61001notwendig
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 07.10.2011 2,65MB 8.0.51011notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.02.2012 0,57MB 9.0.30729.4148notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.11.2010 1,28MB 4.20.9870.0notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.11.2010 1,33MB 4.20.9876.0notwendig
PC Beschleunigen - Vollständige Deinstallation Speedchecker Limited 06.12.2011 5,08MB 2.3.10 unnötig
PhotoScenery 1.7 Photo Editor Software, Inc. 06.11.2010 notwendig
Piggly Oberon Media 02.12.2009 unbekannt
Prestige Casino 28.01.2012 notwendig
Safe Surfer v. 4.0 Smart PC Solutions, LLC 11.09.2011 4.0 unbekannt
Skype™ 5.8 Skype Technologies S.A. 22.02.2012 19,0MB 5.8.156 notwendig
SLOW-PCfighter SPAMfighter ApS. 22.04.2011 1.4.95 notwendig
Smileyville Oberon Media 02.12.2009 unnötig
SPCA1628 PC Driver Icatch 22.05.2011 1.2.1.0 unbekannt
STK02N 2.3 Syntek 26.04.2011 2.3 unbekannt
SweetIM for Messenger 3.3 SweetIM Technologies Ltd. 11.09.2011 4,04MB 3.3.0007 notwendig
SweetIM Toolbar for Internet Explorer 4.0 SweetIM Technologies Ltd. 11.09.2011 4,16MB 4.0.0004 unnötig
TrueCrypt TrueCrypt Foundation 13.01.2011 7.0a unbekannt
Ulead PhotoImpact X3 Corel 29.09.2010 278MB 13.0 notwendig
VIA Platform Device Manager VIA Technologies, Inc. 02.12.2009 2,62MB 1.34 notwendig
Visitenkarten in 2 Minuten 24.09.2010 unnötig
Visual Studio 2008 x64 Redistributables AVG Technologies 04.02.2012 10,0MB 10.0.0.2 unbekannt
VLC media player 1.1.11 VideoLAN 25.12.2011 1.1.11 notwendig
Vodafone Mobile Connect Lite Vodafone 10.09.2010 21,4MB 9.4.3.17550 notwendig
Wajam 06.12.2011 unbekannt
Windows Live Essentials Microsoft Corporation 28.06.2011 15.4.3508.1109 unnötig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 27.06.2011 5,58MB 15.4.5722.2 unbekannt
Windows Live Sync Microsoft Corporation 06.04.2011 2,79MB 14.0.8117.416 unbekannt
WinFlash 02.12.2009 unbekannt
Winner Casino 28.01.2012 notwendig
WinZip 14.5 WinZip Computing, S.L. 26.03.2011 20,0MB 14.5.9095 unnötig
Wireless Console 3 ASUS 02.12.2009 2,43MB 3.0.10 notwendig
Yahoo! BrowserPlus 2.9.8 Yahoo! Inc. 07.10.2011 unnötig
Yahoo! Messenger Yahoo! Inc. 07.10.2011 notwendig
Yahoo! Software Update 07.10.2011 unnötig
Yahoo! Suche Schutzvorkehrung 07.10.2011 unnötig
Yontoo Layers Runtime 1.10.01 Yontoo LLC 25.09.2011 0,72MB 1.10.01 unbekannt

markusg · 28.02.2012, 12:34

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
CyberGhost
Dream Day
Facebook : alle
File Type
FILEminimizer
Final Media Player
Game Park
IP Hider : auf so was kann man eig verzichten.. wofür nutzt du es?
anonymität erreicht man damit auch nicht unbedingt, denn du musst dem besitzer des proxys insoweit vertrauen das du dem deine ganzen daten anvertraust, und ob die wirklich immer vertrauenswürdig sind...

deinstaliere:
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren
deinstaliere:
PC Beschleunigen
Safe Surfer
SweetIM Toolbar
TrueCrypt
Visitenkarten
Wajam
Windows Live : alle
Yahoo: alle unnötigen
Yontoo

öffne otl, bereinigen neustart.
öffne CCleaner analysieren bereinigen neuwstart.
testen ob alles nach wunsch läuft

27.02.2012, 18:29	#2
markusg /// Malware-holic	Hilfe beim 50€-Trojaner hi, wo ist otl.txt? __________________ __________________

Hilfe beim 50€-Trojaner

Log-Analyse und Auswertung: Hilfe beim 50€-Trojaner