| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook Virus (Koobface oder so)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2011, 17:24
| #16 |
 |  Facebook Virus (Koobface oder so) Achja ^^ SUPERAntiSpyware hatte keine infizierten Dateien gefunden. Außerdem läst sich meine Firewall nicht wieder einschalten. Es kommt immer ein Fehler. Siehe Foto Außerdem kommt von AntiMalware immer eine Warnung einer Potenziell gefährlichen website. Dort steht zum beispiel: Art:Ausgehen Port: csrss.exe oder tmproxy.exe oder sowas Diese dateien sind doch eigentlich wichtig für den Rechner ? |
|
30.07.2011, 23:29
| #17 |
| /// Helfer-Team    | Facebook Virus (Koobface oder so) Lade Combofix von einem der folgenden Download-Spiegel herunter:
__________________BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ |
|
31.07.2011, 11:57
| #18 |
| | Facebook Virus (Koobface oder so) Es gibt ein Problem !!
__________________Als ich den Rechner heute normal hochfahren wollt ging dies nicht. Ich musste Srthilfe benutzen. Dadurch wurde der Pc auf ein Früheres Datum zurückgesetzt. Nun sind die Programme SUPERAntiSpyware nicht mehr Drauf. Ich habe auch nach den vorher gelöschten Dateien geguckt. Sie sind auch noch drauf :/ Was soll ich nun tun ?  |
|
31.07.2011, 16:35
| #19 |
| | Facebook Virus (Koobface oder so) SO habe noch mal AntiMalware durch laufen lassen Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
31.07.2011 14:28:37
mbam-log-2011-07-31 (14-28-37).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 301800
Laufzeit: 50 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 8
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 12
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 26
Infizierte Speicherprozesse:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 2520 -> Unloaded process successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2620 -> Unloaded process successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 4380 -> Unloaded process successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 4716 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2416 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2880 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2388 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2432 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1333882.exe (Trojan.Agent) -> Value: 1333882.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8994680.exe (Trojan.Downloader.Gen) -> Value: 8994680.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9778665.exe (Trojan.Downloader.Gen) -> Value: 9778665.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\26607594-loader2.exe (Trojan.Agent) -> Value: 26607594-loader2.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3068739.exe (Trojan.Downloader.Gen) -> Value: 3068739.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ASUS\AppData\Local\Temp\1333882.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ASUS\AppData\Local\Temp\7392581.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ASUS\AppData\Local\Temp\somoto_chrome.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 7/31/2011 2:55:33 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 35.91% Memory free 8.00 Gb Paging File | 5.04 Gb Available in Paging File | 62.99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 71.49 Gb Free Space | 61.39% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe () PRC - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () ========== Modules (SafeList) ========== MOD - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.) SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll () SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe () SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.) DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.) DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/31 22:10:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/21 22:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions [2011/07/27 21:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions [2011/07/27 20:28:24 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011/07/27 21:36:53 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\cacaoweb@cacaoweb.org File not found (No name found) -- [2011/07/08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2011/07/31 12:51:26 | 000,203,300 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 vkontakte.ru O1 - Hosts: 127.0.0.1 www.vkontakte.ru O1 - Hosts: 127.0.0.1 login.vk.com O1 - Hosts: 127.0.0.1 vk.com O1 - Hosts: 127.0.0.1 www.vk.com O1 - Hosts: 127.0.0.1 odnoklassniki.ru O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru O1 - Hosts: 127.0.0.1 facebook.com O1 - Hosts: 127.0.0.1 af-za.facebook.com O1 - Hosts: 127.0.0.1 az-az.facebook.com O1 - Hosts: 127.0.0.1 id-id.facebook.com O1 - Hosts: 127.0.0.1 ms-my.facebook.com O1 - Hosts: 127.0.0.1 bs-ba.facebook.com O1 - Hosts: 127.0.0.1 ca-es.facebook.com O1 - Hosts: 127.0.0.1 cs-cz.facebook.com O1 - Hosts: 127.0.0.1 cy-gb.facebook.com O1 - Hosts: 127.0.0.1 da-dk.facebook.com O1 - Hosts: 127.0.0.1 et-ee.facebook.com O1 - Hosts: 127.0.0.1 en-gb.facebook.com O1 - Hosts: 127.0.0.1 es-la.facebook.com O1 - Hosts: 127.0.0.1 eo-eo.facebook.com O1 - Hosts: 127.0.0.1 eu-es.facebook.com O1 - Hosts: 127.0.0.1 tl-ph.facebook.com O1 - Hosts: 127.0.0.1 fo-fo.facebook.com O1 - Hosts: 50058 more lines... O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] File not found O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Setwallpaper] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico1] File not found O4 - HKLM..\Run: [tray_ico2] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [cacaoweb] C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O31 - SafeBoot: AlternateShell - services32.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/31 12:59:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/31 12:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/31 12:59:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/30 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/07/30 13:13:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\SUPERAntiSpyware.com [2011/07/30 13:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/07/30 13:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/07/29 13:43:28 | 000,000,000 | ---D | C] -- C:\_OTL [2011/07/28 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Tracing [2011/07/28 20:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011/07/28 12:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/07/28 12:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/07/28 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes [2011/07/28 10:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/28 10:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/07/28 00:44:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2011/07/28 00:25:19 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011/07/27 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\ICQ [2011/07/27 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2011/07/27 20:28:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Minibar [2011/07/27 20:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hyperionics DB Toolbar [2011/07/27 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2 [2011/07/26 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\AMD [2011/07/26 15:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011/07/26 15:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011/07/26 15:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2011/07/26 15:00:38 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys [2011/07/26 15:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2011/07/26 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011/07/26 14:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011/07/26 14:48:11 | 000,000,000 | ---D | C] -- C:\ATI [2011/07/26 14:46:50 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ufa [2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\phoenix [2011/07/26 14:41:38 | 000,000,000 | -H-D | C] -- C:\Windows\update.2 [2011/07/26 14:40:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0 [2011/07/26 14:38:16 | 000,000,000 | ---D | C] -- C:\Windows\av_ico [2011/07/26 14:35:24 | 000,000,000 | -H-D | C] -- C:\Windows\update.1 [2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk [2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0 [2011/07/22 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\cacaoweb [2011/07/22 13:58:47 | 000,000,000 | ---D | C] -- C:\FirefoxPortable [2011/07/21 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Mozilla [2011/07/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya [2011/07/21 16:26:35 | 593,954,668 | ---- | C] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe [2011/07/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\ElevatedDiagnostics [2011/07/16 14:17:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/07/16 01:45:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\.minecraft [2011/07/06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011/07/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mozilla [2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2011/07/06 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ICQ [2011/07/06 21:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5 [2011/07/06 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Fiesta [2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/31 15:01:00 | 000,203,300 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2011/07/31 14:58:53 | 000,203,300 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2011/07/31 14:57:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/31 14:38:16 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/31 14:38:16 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/31 14:30:51 | 000,002,104 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011/07/31 14:30:32 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/31 14:30:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/31 14:29:45 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2011/07/31 13:03:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/07/31 13:00:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/31 12:51:26 | 000,203,300 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/07/31 12:51:23 | 000,203,230 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak [2011/07/31 12:13:49 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011/07/31 12:12:59 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts [2011/07/29 18:51:00 | 381,900,764 | ---- | M] () -- C:\Users\ASUS\Documents\clip0007.avi [2011/07/28 16:14:31 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2011/07/27 23:36:21 | 1175,199,286 | ---- | M] () -- C:\Users\ASUS\Documents\clip0006.avi [2011/07/27 22:31:33 | 3802,291,915 | ---- | M] () -- C:\Users\ASUS\Documents\clip0005.avi [2011/07/27 21:51:18 | 012,707,496 | ---- | M] () -- C:\Users\ASUS\Documents\clip0004.avi [2011/07/27 21:50:57 | 026,040,586 | ---- | M] () -- C:\Users\ASUS\Documents\clip0003.avi [2011/07/27 20:38:59 | 214,771,614 | ---- | M] () -- C:\Users\ASUS\Documents\clip0002.avi [2011/07/27 20:31:43 | 041,177,758 | ---- | M] () -- C:\Users\ASUS\Documents\clip0001.avi [2011/07/27 20:28:51 | 000,000,937 | ---- | M] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk [2011/07/27 20:10:10 | 000,000,155 | ---- | M] () -- C:\Windows\info1 [2011/07/26 22:34:27 | 000,001,429 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011/07/26 14:41:58 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar [2011/07/26 14:41:58 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar [2011/07/26 14:41:58 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe [2011/07/26 14:41:58 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar [2011/07/26 14:40:27 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok [2011/07/26 14:39:58 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar [2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/07/22 18:32:29 | 000,001,971 | ---- | M] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png [2011/07/21 22:07:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011/07/21 17:00:29 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2011/07/21 16:41:04 | 593,954,668 | ---- | M] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe [2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist [2011/07/16 13:54:11 | 000,270,142 | ---- | M] () -- C:\Users\ASUS\Minecraft.exe [2011/07/09 10:45:17 | 311,888,518 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/02 15:01:11 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2} [1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/31 13:03:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/07/31 13:00:00 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/31 12:59:16 | 000,030,259 | ---- | C] () -- C:\Users\ASUS\Desktop\hjtscanlist.bat [2011/07/29 18:48:15 | 381,900,764 | ---- | C] () -- C:\Users\ASUS\Documents\clip0007.avi [2011/07/28 16:14:31 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/27 23:29:11 | 1175,199,286 | ---- | C] () -- C:\Users\ASUS\Documents\clip0006.avi [2011/07/27 21:51:46 | 3802,291,915 | ---- | C] () -- C:\Users\ASUS\Documents\clip0005.avi [2011/07/27 21:51:11 | 012,707,496 | ---- | C] () -- C:\Users\ASUS\Documents\clip0004.avi [2011/07/27 21:50:47 | 026,040,586 | ---- | C] () -- C:\Users\ASUS\Documents\clip0003.avi [2011/07/27 20:31:53 | 214,771,614 | ---- | C] () -- C:\Users\ASUS\Documents\clip0002.avi [2011/07/27 20:30:16 | 041,177,758 | ---- | C] () -- C:\Users\ASUS\Documents\clip0001.avi [2011/07/27 20:28:11 | 000,000,937 | ---- | C] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk [2011/07/26 14:41:58 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar [2011/07/26 14:41:58 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar [2011/07/26 14:41:58 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar [2011/07/26 14:40:27 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok [2011/07/26 14:40:05 | 000,000,155 | ---- | C] () -- C:\Windows\info1 [2011/07/26 14:39:59 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist [2011/07/26 14:39:58 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar [2011/07/26 14:39:58 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe [2011/07/22 18:32:29 | 000,001,971 | ---- | C] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png [2011/07/21 22:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/07/21 17:00:29 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2011/07/16 13:54:07 | 000,270,142 | ---- | C] () -- C:\Users\ASUS\Minecraft.exe [2011/07/02 15:01:11 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2} [2011/06/15 14:04:13 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2009/12/03 09:58:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009/12/03 09:58:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2009/12/03 09:38:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/12/03 09:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/09/16 22:08:27 | 000,001,016 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009/08/19 10:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/07/01 10:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2006/05/19 13:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > |
|
31.07.2011, 16:37
| #20 |
| | Facebook Virus (Koobface oder so) Und nochmal Die OTL Extra: Code:
ATTFilter OTL Extras logfile created on: 7/31/2011 2:55:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 35.91% Memory free
8.00 Gb Paging File | 5.04 Gb Available in Paging File | 62.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 71.49 Gb Free Space | 61.39% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"Asus WebStorage" = Asus WebStorage
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"HyperCam 2" = HyperCam 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE78D9-2859-A192-F416-1D3E93370ACA}" = Catalyst Control Center InstallProxy
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = AMD VISION Engine Control Center
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8966D069-C05A-4B8C-9287-F52DE631A6C0}" = S4 League_EU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ASUS AP Bank_is1" = ASUS AP Bank
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Fraps" = Fraps
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"PROHYBRIDR" = 2007 Microsoft Office system
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/21/2011 9:38:49 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x1718 Startzeit der fehlerhaften Anwendung: 0x01cc47ab3c470aa8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c35a7e24-b39e-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:04:26 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x12a0 Startzeit der fehlerhaften Anwendung: 0x01cc47ae8d77f184 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5759a0e1-b3a2-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:07:21 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01cc47af2c003491 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c00aaf58-b3a2-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:13:55 AM | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 7/21/2011 10:50:12 AM | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 7/21/2011 12:03:41 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.29659,
Zeitstempel: 0x4e26397e Name des fehlerhaften Moduls: S4Client.exe, Version: 0.8.32.29659,
Zeitstempel: 0x4e26397e Ausnahmecode: 0xc0000005 Fehleroffset: 0x007ace9a ID des fehlerhaften
Prozesses: 0x14f8 Startzeit der fehlerhaften Anwendung: 0x01cc47b7ad3928ba Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Berichtskennung:
0055eca9-b3b3-11e0-89f5-e0cb4e2e159e
Error - 7/21/2011 12:03:54 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0xbc8 Startzeit der fehlerhaften Anwendung: 0x01cc47b7a91d07f1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 07b5f58b-b3b3-11e0-89f5-e0cb4e2e159e
Error - 7/21/2011 2:09:06 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x14f4 Startzeit der fehlerhaften Anwendung: 0x01cc47c95ad5cd56 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 85a47482-b3c4-11e0-a688-e0cb4e2e159e
Error - 7/22/2011 7:57:50 AM | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\XNBLSHD7\SoftonicDownloader_fuer_portable-firefox[1].exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 7/22/2011 10:06:21 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x1bec Startzeit der fehlerhaften Anwendung: 0x01cc487388d3d66c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c6a70f99-b46b-11e0-b11c-e0cb4e2e159e
[ System Events ]
Error - 7/29/2011 7:22:48 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/29/2011 7:22:48 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/29/2011 7:22:53 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/29/2011 7:25:05 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 7/29/2011 7:43:28 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 7/29/2011 7:47:50 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/29/2011 7:47:52 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/29/2011 7:47:52 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/29/2011 7:47:58 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/29/2011 7:49:46 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
|
|
31.07.2011, 17:30
| #21 | |
| /// Helfer-Team | Facebook Virus (Koobface oder so) 1. Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/07/26 14:41:38 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/07/26 14:40:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/07/26 14:38:16 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/07/26 14:35:24 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011/07/31 12:12:59 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011/07/27 20:10:10 | 000,000,155 | ---- | M] () -- C:\Windows\info1
[2011/07/26 14:41:58 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/07/26 14:41:58 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/07/26 14:41:58 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/07/26 14:41:58 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/07/26 14:40:27 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/07/26 14:39:58 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" =-
:Commands
[purity]
[emptytemp]
2. erneut einen Scan mit OTL:
3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. ** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten Zitat:
__________________ --> Facebook Virus (Koobface oder so) |
|
01.08.2011, 20:17
| #22 |
| | Facebook Virus (Koobface oder so) So die OTL Datei nach dem Fix : Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
C:\Windows\ufa folder moved successfully.
C:\Windows\phoenix\kernels\poclbm folder moved successfully.
C:\Windows\phoenix\kernels\phatk folder moved successfully.
C:\Windows\phoenix\kernels folder moved successfully.
C:\Windows\phoenix folder moved successfully.
C:\Windows\update.2 folder moved successfully.
C:\Windows\update.5.0 folder moved successfully.
C:\Windows\av_ico folder moved successfully.
C:\Windows\update.1 folder moved successfully.
C:\Windows\update.tray-8-0-lnk folder moved successfully.
C:\Windows\update.tray-8-0 folder moved successfully.
C:\Windows\SysNative\drivers\etc\hîsts moved successfully.
C:\Windows\info1 moved successfully.
C:\Windows\phoenix.rar moved successfully.
C:\Windows\rpcminer.rar moved successfully.
C:\Windows\unrar.exe moved successfully.
C:\Windows\ufa.rar moved successfully.
C:\Windows\loader2.exe_ok moved successfully.
C:\Windows\geoiplist.rar moved successfully.
C:\Windows\geoiplist moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ASUS
->Temp folder emptied: 61008894 bytes
->Temporary Internet Files folder emptied: 1099349098 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1183925 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 3102 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55423 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,114.00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 08012011_115423
Files\Folders moved on Reboot...
C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX9PYZ7N\sh47[1].html moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJRV5P26\if[1].htm moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJRV5P26\v[1].htm moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VIQ2W5M\101779-facebook-virus-koobface-oder-so-3[1].html moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VIQ2W5M\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VIQ2W5M\searchTrack[1].htm moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
Registry entries deleted on Reboot...
|
|
01.08.2011, 20:19
| #23 |
| | Facebook Virus (Koobface oder so) So dann OTL : OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/1/2011 1:53:40 PM - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.67% Memory free 8.00 Gb Paging File | 6.19 Gb Available in Paging File | 77.44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 72.54 Gb Free Space | 62.30% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/31 12:14:53 | 000,398,576 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe PRC - [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe PRC - [2011/07/06 21:42:40 | 000,124,216 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009/12/03 09:58:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/09/25 19:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/09/16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/07/19 05:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (SafeList) ========== MOD - [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010/10/09 11:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV:64bit: - [2009/10/02 05:38:17 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009/08/22 11:37:45 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV:64bit: - [2009/08/22 11:37:45 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/06/29 12:42:05 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll -- (Akamai) SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/09/15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010/07/30 19:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2010/07/30 19:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2010/07/30 19:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/10/02 06:11:13 | 006,182,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/08/22 11:38:33 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 08:00:11 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/17 08:00:11 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 10:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/12 13:41:55 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/05/23 00:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/20 18:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/05/05 16:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/31 22:10:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/21 22:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions [2011/07/27 21:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions [2011/07/27 20:28:24 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011/07/27 21:36:53 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\cacaoweb@cacaoweb.org File not found (No name found) -- [2011/07/08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2011/07/31 12:51:26 | 000,203,300 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 vkontakte.ru O1 - Hosts: 127.0.0.1 www.vkontakte.ru O1 - Hosts: 127.0.0.1 login.vk.com O1 - Hosts: 127.0.0.1 vk.com O1 - Hosts: 127.0.0.1 www.vk.com O1 - Hosts: 127.0.0.1 odnoklassniki.ru O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru O1 - Hosts: 127.0.0.1 facebook.com O1 - Hosts: 127.0.0.1 af-za.facebook.com O1 - Hosts: 127.0.0.1 az-az.facebook.com O1 - Hosts: 127.0.0.1 id-id.facebook.com O1 - Hosts: 127.0.0.1 ms-my.facebook.com O1 - Hosts: 127.0.0.1 bs-ba.facebook.com O1 - Hosts: 127.0.0.1 ca-es.facebook.com O1 - Hosts: 127.0.0.1 cs-cz.facebook.com O1 - Hosts: 127.0.0.1 cy-gb.facebook.com O1 - Hosts: 127.0.0.1 da-dk.facebook.com O1 - Hosts: 127.0.0.1 et-ee.facebook.com O1 - Hosts: 127.0.0.1 en-gb.facebook.com O1 - Hosts: 127.0.0.1 es-la.facebook.com O1 - Hosts: 127.0.0.1 eo-eo.facebook.com O1 - Hosts: 127.0.0.1 eu-es.facebook.com O1 - Hosts: 127.0.0.1 tl-ph.facebook.com O1 - Hosts: 127.0.0.1 fo-fo.facebook.com O1 - Hosts: 50058 more lines... O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] File not found O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Setwallpaper] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [cacaoweb] C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O31 - SafeBoot: AlternateShell - services32.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/31 12:59:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/31 12:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/31 12:59:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/30 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/07/30 13:13:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\SUPERAntiSpyware.com [2011/07/30 13:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/07/30 13:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/07/29 13:43:28 | 000,000,000 | ---D | C] -- C:\_OTL [2011/07/28 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Tracing [2011/07/28 20:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011/07/28 12:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/07/28 12:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/07/28 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes [2011/07/28 10:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/28 10:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/07/28 00:44:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2011/07/28 00:25:19 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011/07/27 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\ICQ [2011/07/27 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2011/07/27 20:28:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Minibar [2011/07/27 20:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hyperionics DB Toolbar [2011/07/27 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2 [2011/07/26 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\AMD [2011/07/26 15:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011/07/26 15:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011/07/26 15:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2011/07/26 15:00:38 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys [2011/07/26 15:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2011/07/26 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011/07/26 14:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011/07/26 14:48:11 | 000,000,000 | ---D | C] -- C:\ATI [2011/07/26 14:46:50 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011/07/22 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\cacaoweb [2011/07/22 13:58:47 | 000,000,000 | ---D | C] -- C:\FirefoxPortable [2011/07/21 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Mozilla [2011/07/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya [2011/07/21 16:26:35 | 593,954,668 | ---- | C] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe [2011/07/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\ElevatedDiagnostics [2011/07/16 14:17:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/07/16 01:45:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\.minecraft [2011/07/06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011/07/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mozilla [2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2011/07/06 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ICQ [2011/07/06 21:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5 [2011/07/06 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Fiesta [2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/08/01 13:57:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/08/01 13:56:54 | 000,203,300 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2011/08/01 13:55:50 | 000,203,300 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2011/08/01 13:47:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/08/01 12:11:32 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/08/01 12:11:32 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/08/01 12:03:19 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/08/01 12:02:32 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2011/08/01 11:27:34 | 000,002,158 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011/08/01 11:27:33 | 000,001,453 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011/07/31 13:03:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/07/31 13:00:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/31 12:51:26 | 000,203,300 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/07/31 12:51:23 | 000,203,230 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak [2011/07/31 12:13:49 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011/07/29 18:51:00 | 381,900,764 | ---- | M] () -- C:\Users\ASUS\Documents\clip0007.avi [2011/07/28 16:14:31 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2011/07/27 23:36:21 | 1175,199,286 | ---- | M] () -- C:\Users\ASUS\Documents\clip0006.avi [2011/07/27 22:31:33 | 3802,291,915 | ---- | M] () -- C:\Users\ASUS\Documents\clip0005.avi [2011/07/27 21:51:18 | 012,707,496 | ---- | M] () -- C:\Users\ASUS\Documents\clip0004.avi [2011/07/27 21:50:57 | 026,040,586 | ---- | M] () -- C:\Users\ASUS\Documents\clip0003.avi [2011/07/27 20:38:59 | 214,771,614 | ---- | M] () -- C:\Users\ASUS\Documents\clip0002.avi [2011/07/27 20:31:43 | 041,177,758 | ---- | M] () -- C:\Users\ASUS\Documents\clip0001.avi [2011/07/27 20:28:51 | 000,000,937 | ---- | M] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk [2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/07/22 18:32:29 | 000,001,971 | ---- | M] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png [2011/07/21 22:07:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011/07/21 17:00:29 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2011/07/21 16:41:04 | 593,954,668 | ---- | M] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe [2011/07/16 13:54:11 | 000,270,142 | ---- | M] () -- C:\Users\ASUS\Minecraft.exe [2011/07/09 10:45:17 | 311,888,518 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/02 15:01:11 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2} [1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/31 13:03:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/07/31 13:00:00 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/31 12:59:16 | 000,030,259 | ---- | C] () -- C:\Users\ASUS\Desktop\hjtscanlist.bat [2011/07/29 18:48:15 | 381,900,764 | ---- | C] () -- C:\Users\ASUS\Documents\clip0007.avi [2011/07/28 16:14:31 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/27 23:29:11 | 1175,199,286 | ---- | C] () -- C:\Users\ASUS\Documents\clip0006.avi [2011/07/27 21:51:46 | 3802,291,915 | ---- | C] () -- C:\Users\ASUS\Documents\clip0005.avi [2011/07/27 21:51:11 | 012,707,496 | ---- | C] () -- C:\Users\ASUS\Documents\clip0004.avi [2011/07/27 21:50:47 | 026,040,586 | ---- | C] () -- C:\Users\ASUS\Documents\clip0003.avi [2011/07/27 20:31:53 | 214,771,614 | ---- | C] () -- C:\Users\ASUS\Documents\clip0002.avi [2011/07/27 20:30:16 | 041,177,758 | ---- | C] () -- C:\Users\ASUS\Documents\clip0001.avi [2011/07/27 20:28:11 | 000,000,937 | ---- | C] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk [2011/07/22 18:32:29 | 000,001,971 | ---- | C] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png [2011/07/21 22:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/07/21 17:00:29 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2011/07/16 13:54:07 | 000,270,142 | ---- | C] () -- C:\Users\ASUS\Minecraft.exe [2011/07/02 15:01:11 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2} [2011/06/15 14:04:13 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2009/12/03 09:58:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009/12/03 09:58:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2009/12/03 09:38:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/12/03 09:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/09/16 22:08:27 | 000,001,016 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009/08/19 10:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/07/01 10:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2006/05/19 13:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini ========== LOP Check ========== [2011/06/03 13:17:11 | 000,000,000 | -HSD | M] -- C:\Users\ASUS\AppData\Roaming\.# [2011/07/22 11:20:47 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\.minecraft [2011/05/19 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Asus WebStorage [2011/06/14 19:16:43 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\bin [2011/07/31 22:10:19 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\cacaoweb [2011/06/03 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\GameConsole [2011/08/01 11:29:03 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ICQ [2011/06/14 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\resources [2011/06/14 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\saves [2011/06/14 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\stats [2011/06/14 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\texturepacks [2011/06/29 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TS3Client [2011/06/29 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ts3overlay [2011/07/19 12:32:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
01.08.2011, 20:24
| #24 |
| | Facebook Virus (Koobface oder so) Extra Log : Code:
ATTFilter OTL Extras logfile created on: 8/1/2011 1:53:40 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.67% Memory free
8.00 Gb Paging File | 6.19 Gb Available in Paging File | 77.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 72.54 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"Asus WebStorage" = Asus WebStorage
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"HyperCam 2" = HyperCam 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE78D9-2859-A192-F416-1D3E93370ACA}" = Catalyst Control Center InstallProxy
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = AMD VISION Engine Control Center
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8966D069-C05A-4B8C-9287-F52DE631A6C0}" = S4 League_EU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ASUS AP Bank_is1" = ASUS AP Bank
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Fraps" = Fraps
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"PROHYBRIDR" = 2007 Microsoft Office system
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/21/2011 9:38:49 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x1718 Startzeit der fehlerhaften Anwendung: 0x01cc47ab3c470aa8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c35a7e24-b39e-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:04:26 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x12a0 Startzeit der fehlerhaften Anwendung: 0x01cc47ae8d77f184 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5759a0e1-b3a2-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:07:21 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01cc47af2c003491 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c00aaf58-b3a2-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:13:55 AM | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 7/21/2011 10:50:12 AM | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 7/21/2011 12:03:41 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.29659,
Zeitstempel: 0x4e26397e Name des fehlerhaften Moduls: S4Client.exe, Version: 0.8.32.29659,
Zeitstempel: 0x4e26397e Ausnahmecode: 0xc0000005 Fehleroffset: 0x007ace9a ID des fehlerhaften
Prozesses: 0x14f8 Startzeit der fehlerhaften Anwendung: 0x01cc47b7ad3928ba Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Berichtskennung:
0055eca9-b3b3-11e0-89f5-e0cb4e2e159e
Error - 7/21/2011 12:03:54 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0xbc8 Startzeit der fehlerhaften Anwendung: 0x01cc47b7a91d07f1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 07b5f58b-b3b3-11e0-89f5-e0cb4e2e159e
Error - 7/21/2011 2:09:06 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x14f4 Startzeit der fehlerhaften Anwendung: 0x01cc47c95ad5cd56 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 85a47482-b3c4-11e0-a688-e0cb4e2e159e
Error - 7/22/2011 7:57:50 AM | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\XNBLSHD7\SoftonicDownloader_fuer_portable-firefox[1].exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 7/22/2011 10:06:21 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x1bec Startzeit der fehlerhaften Anwendung: 0x01cc487388d3d66c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c6a70f99-b46b-11e0-b11c-e0cb4e2e159e
[ System Events ]
Error - 7/29/2011 12:27:59 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/29/2011 12:27:59 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/29/2011 12:28:04 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/29/2011 12:30:03 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 7/29/2011 12:35:34 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/29/2011 12:35:34 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/29/2011 6:39:44 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/29/2011 6:39:45 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/29/2011 6:39:45 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/29/2011 6:39:50 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
01.08.2011, 20:27
| #25 |
| | Facebook Virus (Koobface oder so) Dann Hjtscanlist : Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
01.08.2011 11:54 C:\Windows --------- 40960
31.07.2011 22:10 C:\Program Files (x86) --------- 20480
31.07.2011 22:08 C:\ProgramData --------- 8192
31.07.2011 22:08 C:\Program Files --------- 8192
31.07.2011 21:59 C:\System Volume Information --------- 4096
29.07.2011 13:43 C:\_OTL --------- 0
26.07.2011 14:48 C:\ATI --------- 0
22.07.2011 13:58 C:\FirefoxPortable --------- 4096
15.06.2011 23:24 C:\ProcasterInstaller.log --------- 388652
03.06.2011 17:09 C:\Fraps --------- 4096
19.05.2011 12:02 C:\asus.dat --------- 4096
19.05.2011 12:01 C:\$Recycle.Bin --------- 0
19.05.2011 11:46 C:\Users --------- 4096
19.05.2011 11:44 C:\Recovery --------- 0
03.12.2009 10:02 C:\devlist.txt --------- 13444
03.12.2009 10:01 C:\Finish.log --------- 9
03.12.2009 09:58 C:\setup.log --------- 90
03.12.2009 09:52 C:\inject.log.txt --------- 743079
03.12.2009 09:51 C:\Temp --------- 8192
03.12.2009 09:18 C:\SumHidd.txt --------- 170
03.12.2009 09:16 C:\SumOS.txt --------- 98
03.12.2009 09:05 C:\MSOCache --------- 0
02.12.2009 19:27 C:\Pass.txt --------- 146
10.11.2009 05:02 C:\Patch_Win7.log --------- 196
30.10.2009 08:40 C:\K40AB_K50AB_K40AD_K50AD_WIN7.30 --------- 19
30.10.2009 04:01 C:\K50ADAS.BIN --------- 1048576
30.10.2009 03:17 C:\K40ADAS.BIN --------- 1048576
27.10.2009 03:58 C:\K50ABAS.BIN --------- 1048576
27.10.2009 03:20 C:\K40ABAS.BIN --------- 1048576
16.09.2009 20:04 C:\v82.txt --------- 24
25.08.2009 02:10 C:\RECOVERY.DAT --------- 26
29.07.2009 08:03 C:\BOOTSECT.BAK --------- 8192
29.07.2009 08:03 C:\Boot --------- 4096
14.07.2009 07:08 C:\Documents and Settings --------- 0
14.07.2009 05:20 C:\PerfLogs --------- 0
14.07.2009 03:38 C:\bootmgr --------- 383562
02.07.2009 09:17 C:\Nero.Log --------- 37
15.06.2009 13:11 C:\AdobeReader.log --------- 54
12.06.2009 03:32 C:\OFFICE2007_L.TXT --------- 57
----------------------------------------
C:\Windows
01.08.2011 15:14 C:\Windows\bootstat.dat --------- 67584
01.08.2011 15:15 C:\Windows\WindowsUpdate.log --------- 585612
01.08.2011 12:02 C:\Windows\setupact.log --------- 42186
01.08.2011 12:02 C:\Windows\PFRO.log --------- 6802
31.07.2011 13:13 C:\Windows\iplist.txt --------- 12172
31.07.2011 13:13 C:\Windows\iecheck_iplist.txt --------- 10385
31.07.2011 13:12 C:\Windows\btc_client_iplist.txt --------- 12237
31.07.2011 12:13 C:\Windows\proc_list1.log --------- 1654
26.07.2011 17:07 C:\Windows\front_ip_list.txt --------- 9474
26.07.2011 14:40 C:\Windows\winsetupapi.log --------- 11
26.07.2011 14:23 C:\Windows\winlog-ids.txt --------- 5
26.07.2011 14:23 C:\Windows\winlog-dirs.txt --------- 52
23.07.2011 02:33 C:\Windows\TMFilter.log --------- 432
21.07.2011 22:07 C:\Windows\nsreg.dat --------- 0
09.07.2011 10:45 C:\Windows\MEMORY.DMP --------- 311888518
15.06.2011 14:04 C:\Windows\ODBCINST.INI --------- 244
19.05.2011 12:04 C:\Windows\win.ini --------- 640
19.05.2011 12:01 C:\Windows\PQArecord.log --------- 1567
19.05.2011 12:01 C:\Windows\AsCDProc.log --------- 211506
19.05.2011 12:01 C:\Windows\AsDebug.log --------- 5209586
19.05.2011 11:53 C:\Windows\DirectX.log --------- 31343
19.05.2011 11:53 C:\Windows\0”z --------- 20
19.05.2011 11:47 C:\Windows\FixPatch.log --------- 194
03.12.2009 10:01 C:\Windows\AsChkDev.txt --------- 61126
03.12.2009 09:58 C:\Windows\AsScrProlog.exe --------- 47672
03.12.2009 09:58 C:\Windows\ASUS Camera ScreenSaver.exe --------- 4814371
03.12.2009 09:58 C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe --------- 281144
03.12.2009 09:58 C:\Windows\AsScrPro.exe --------- 3054136
03.12.2009 09:51 C:\Windows\DPINST.LOG --------- 5684
03.12.2009 09:49 C:\Windows\explorer.exe --------- 2868224
03.12.2009 09:01 C:\Windows\TSSysprep.log --------- 3540
03.12.2009 09:00 C:\Windows\ativpsrm.bin --------- 0
02.12.2009 18:03 C:\Windows\DtcInstall.log --------- 3043
11.11.2009 11:34 C:\Windows\csup.txt --------- 10
02.11.2009 13:33 C:\Windows\OOBEPlayer.exe --------- 18944
22.09.2009 11:27 C:\Windows\OOBEPlayer.ini --------- 35
07.08.2009 09:31 C:\Windows\atiogl.xml --------- 18618
29.07.2009 20:37 C:\Windows\FullScreen.wmv --------- 26541350
14.07.2009 06:54 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 06:51 C:\Windows\setuperr.log --------- 0
14.07.2009 03:39 C:\Windows\write.exe --------- 10240
14.07.2009 03:39 C:\Windows\splwow64.exe --------- 61952
14.07.2009 03:39 C:\Windows\regedit.exe --------- 427008
14.07.2009 03:39 C:\Windows\notepad.exe --------- 193536
14.07.2009 03:39 C:\Windows\HelpPane.exe --------- 733696
14.07.2009 03:39 C:\Windows\hh.exe --------- 16896
14.07.2009 03:39 C:\Windows\fveupdate.exe --------- 15360
14.07.2009 03:38 C:\Windows\bfsvc.exe --------- 71168
14.07.2009 03:16 C:\Windows\twain_32.dll --------- 51200
14.07.2009 03:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 03:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 01:06 C:\Windows\mib.bin --------- 43131
01.07.2009 10:10 C:\Windows\explorer.exe.config --------- 176
10.06.2009 23:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 23:41 C:\Windows\twain.dll --------- 94784
10.06.2009 23:08 C:\Windows\system.ini --------- 219
10.06.2009 22:52 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 22:36 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 22:31 C:\Windows\Starter.xml --------- 48201
10.06.2009 22:30 C:\Windows\HomePremium.xml --------- 48265
05.12.2008 00:19 C:\Windows\WLXPGSS.SCR --------- 308584
11.04.2007 09:34 C:\Windows\difxapi.dll --------- 414632
19.05.2006 13:53 C:\Windows\snp2uvc.src --------- 13022
19.05.2006 13:39 C:\Windows\snp2uvc.ini --------- 15497
22.02.2003 06:42 C:\Windows\msvcr71.dll --------- 348160
15.07.2000 10:00 C:\Windows\MSVCRTD.DLL --------- 434252
23.06.2000 22:46 C:\Windows\WMPrfPtg.prx --------- 35916
23.06.2000 22:46 C:\Windows\WMPrfKor.prx --------- 22338
23.06.2000 22:46 C:\Windows\WMPrfJpn.prx --------- 23304
23.06.2000 22:46 C:\Windows\WMPrfIta.prx --------- 35680
23.06.2000 22:46 C:\Windows\WMPrfFra.prx --------- 37916
23.06.2000 22:46 C:\Windows\WMPrfEsp.prx --------- 35590
23.06.2000 22:46 C:\Windows\WMPrfDeu.prx --------- 33820
23.06.2000 22:46 C:\Windows\WMPrfCht.prx --------- 18804
23.06.2000 22:46 C:\Windows\WMPrfChs.prx --------- 19492
----------------------------------------
C:\Windows\System
----------------------------------------
C:\Windows\System32
01.08.2011 12:15 C:\Windows\system32\config --------- 49152
01.08.2011 12:11 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 10016
01.08.2011 12:11 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 10016
01.08.2011 11:27 C:\Windows\system32\AutoRunFilter.ini --------- 2158
01.08.2011 11:27 C:\Windows\system32\ServiceFilter.ini --------- 1453
31.07.2011 22:10 C:\Windows\system32\Tasks --------- 4096
31.07.2011 22:10 C:\Windows\system32\wfp --------- 0
31.07.2011 22:10 C:\Windows\system32\NDF --------- 0
31.07.2011 22:10 C:\Windows\system32\DriverStore --------- 4096
31.07.2011 22:10 C:\Windows\system32\CodeIntegrity --------- 0
31.07.2011 22:10 C:\Windows\system32\catroot2 --------- 20480
31.07.2011 22:10 C:\Windows\system32\wbem --------- 65536
31.07.2011 12:59 C:\Windows\system32\drivers --------- 65536
31.07.2011 12:12 C:\Windows\system32\Service --------- 4096
26.07.2011 15:00 C:\Windows\system32\catroot --------- 4096
01.07.2011 16:19 C:\Windows\system32\wdi --------- 4096
01.07.2011 10:31 C:\Windows\system32\MRT.exe --------- 50867144
20.06.2011 14:51 C:\Windows\system32\winrm --------- 4096
20.06.2011 14:51 C:\Windows\system32\oobe --------- 4096
20.06.2011 14:51 C:\Windows\system32\migwiz --------- 8192
20.06.2011 14:51 C:\Windows\system32\Boot --------- 4096
20.06.2011 14:51 C:\Windows\system32\slmgr --------- 4096
20.06.2011 14:51 C:\Windows\system32\sysprep --------- 4096
20.06.2011 14:51 C:\Windows\system32\Setup --------- 4096
20.06.2011 14:51 C:\Windows\system32\migration --------- 8192
20.06.2011 14:51 C:\Windows\system32\WCN --------- 4096
20.06.2011 14:51 C:\Windows\system32\Dism --------- 4096
20.06.2011 14:51 C:\Windows\system32\MUI --------- 4096
20.06.2011 14:50 C:\Windows\system32\Printing_Admin_Scripts --------- 4096
20.06.2011 14:50 C:\Windows\system32\es-ES --------- 307200
20.06.2011 14:48 C:\Windows\system32\com --------- 4096
20.06.2011 14:41 C:\Windows\system32\pt-PT --------- 327680
20.06.2011 14:39 C:\Windows\system32\en-US --------- 192512
20.06.2011 14:36 C:\Windows\system32\nl-NL --------- 307200
20.06.2011 14:35 C:\Windows\system32\it-IT --------- 307200
20.06.2011 14:34 C:\Windows\system32\he-IL --------- 172032
20.06.2011 14:33 C:\Windows\system32\el-GR --------- 327680
20.06.2011 14:33 C:\Windows\system32\fr-FR --------- 307200
20.06.2011 14:31 C:\Windows\system32\zh-TW --------- 327680
12.06.2011 20:51 C:\Windows\system32\LogFiles --------- 4096
09.06.2011 19:14 C:\Windows\system32\perfh009.dat --------- 607190
09.06.2011 19:14 C:\Windows\system32\perfc009.dat --------- 103568
09.06.2011 19:14 C:\Windows\system32\perfh007.dat --------- 643866
09.06.2011 19:14 C:\Windows\system32\perfc007.dat --------- 126394
09.06.2011 19:14 C:\Windows\system32\PerfStringBackup.INI --------- 7024528
28.05.2011 14:56 C:\Windows\system32\frapsv64.dll --------- 71680
24.05.2011 23:44 C:\Windows\system32\OVDecode64.dll --------- 61952
24.05.2011 23:44 C:\Windows\system32\OpenCL.dll --------- 53760
24.05.2011 23:44 C:\Windows\system32\amdocl64.dll --------- 16672768
24.05.2011 19:14 C:\Windows\system32\MpSigStub.exe --------- 270720
23.05.2011 12:47 C:\Windows\system32\Defrag.ini --------- 80
23.05.2011 12:29 C:\Windows\system32\FNTCACHE.DAT --------- 452688
19.05.2011 20:43 C:\Windows\system32\license.rtf --------- 52953
19.05.2011 11:55 C:\Windows\system32\DRVSTORE --------- 0
19.05.2011 11:44 C:\Windows\system32\log --------- 0
19.05.2011 11:44 C:\Windows\system32\Recovery --------- 0
24.10.2010 00:56 C:\Windows\system32\CamCodec.dll --------- 49664
18.03.2010 09:36 C:\Windows\system32\mfc100esn.dll --------- 63824
18.03.2010 09:36 C:\Windows\system32\mfcm100u.dll --------- 91472
18.03.2010 09:36 C:\Windows\system32\mfcm100.dll --------- 91472
18.03.2010 09:36 C:\Windows\system32\msvcp100.dll --------- 607568
18.03.2010 09:36 C:\Windows\system32\vcomp100.dll --------- 57168
18.03.2010 09:36 C:\Windows\system32\msvcr100.dll --------- 827728
18.03.2010 09:36 C:\Windows\system32\mfc100u.dll --------- 5522768
18.03.2010 09:36 C:\Windows\system32\atl100.dll --------- 158536
18.03.2010 09:36 C:\Windows\system32\mfc100.dll --------- 5493576
18.03.2010 09:36 C:\Windows\system32\mfc100chs.dll --------- 36176
18.03.2010 09:36 C:\Windows\system32\mfc100cht.dll --------- 36176
18.03.2010 09:36 C:\Windows\system32\mfc100deu.dll --------- 64336
18.03.2010 09:36 C:\Windows\system32\mfc100rus.dll --------- 60752
18.03.2010 09:36 C:\Windows\system32\mfc100enu.dll --------- 55120
18.03.2010 09:36 C:\Windows\system32\mfc100kor.dll --------- 43344
18.03.2010 09:36 C:\Windows\system32\mfc100fra.dll --------- 64336
18.03.2010 09:36 C:\Windows\system32\mfc100ita.dll --------- 62288
18.03.2010 09:36 C:\Windows\system32\mfc100jpn.dll --------- 43856
03.12.2009 09:51 C:\Windows\system32\SRSLabs --------- 0
03.12.2009 09:51 C:\Windows\system32\msv1_0.dll --------- 311808
03.12.2009 09:51 C:\Windows\system32\msasn1.dll --------- 46592
03.12.2009 09:50 C:\Windows\system32\mshtml.dll --------- 9272320
03.12.2009 09:50 C:\Windows\system32\msfeedsbs.dll --------- 82944
03.12.2009 09:49 C:\Windows\system32\wmploc.DLL --------- 12625920
03.12.2009 09:49 C:\Windows\system32\wmp.dll --------- 14629376
03.12.2009 09:49 C:\Windows\system32\fontsub.dll --------- 100864
03.12.2009 09:49 C:\Windows\system32\atmfd.dll --------- 366080
03.12.2009 09:49 C:\Windows\system32\CertEnroll.dll --------- 1975296
03.12.2009 09:49 C:\Windows\system32\t2embed.dll --------- 148480
03.12.2009 09:45 C:\Windows\system32\OEM --------- 0
03.12.2009 09:05 C:\Windows\system32\restore --------- 0
02.10.2009 05:39 C:\Windows\system32\ATIDEMGX.dll --------- 446464
02.10.2009 05:38 C:\Windows\system32\atieclxx.exe --------- 439296
02.10.2009 05:38 C:\Windows\system32\atiesrxx.exe --------- 202752
02.10.2009 05:36 C:\Windows\system32\atitmm64.dll --------- 120320
02.10.2009 05:36 C:\Windows\system32\atipdl64.dll --------- 421376
02.10.2009 05:36 C:\Windows\system32\atimuixx.dll --------- 12288
02.10.2009 05:36 C:\Windows\system32\atiedu64.dll --------- 59392
02.10.2009 05:24 C:\Windows\system32\atidxx64.dll --------- 3599360
02.10.2009 05:17 C:\Windows\system32\atio6axx.dll --------- 16681984
02.10.2009 05:10 C:\Windows\system32\atiumd64.dll --------- 4649472
02.10.2009 05:02 C:\Windows\system32\atiumd6a.dll --------- 2519040
02.10.2009 05:00 C:\Windows\system32\atiumd6a.cap --------- 333904
----------------------------------------
C:\Windows\Prefetch
23.05.2011 13:35 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 338851
23.05.2011 13:35 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 357203
23.05.2011 13:35 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 1297268
23.05.2011 13:35 C:\Windows\Prefetch\AgRobust.db --------- 66384
23.05.2011 13:35 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584
23.05.2011 13:05 C:\Windows\Prefetch\ReadyBoot --------- 0
19.05.2011 11:47 C:\Windows\Prefetch\AgAppLaunch.db --------- 334168
----------------------------------------
C:\Windows\Tasks
01.08.2011 15:14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1106
01.08.2011 12:03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1102
01.08.2011 12:03 C:\Windows\Tasks\SA.DAT --------- 6
19.07.2011 12:32 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632
----------------------------------------
C:\Windows\Temp
01.08.2011 13:47 C:\Windows\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb --------- 3596
01.08.2011 12:51 C:\Windows\Temp\fwtsqmfile01.sqm --------- 608
01.08.2011 12:49 C:\Windows\Temp\MpCmdRun.log --------- 930
01.08.2011 12:05 C:\Windows\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb --------- 3596
01.08.2011 12:05 C:\Windows\Temp\lpksetup-20110801-120432-0.log --------- 2650
01.08.2011 12:01 C:\Windows\Temp\fwtsqmfile00.sqm --------- 608
01.08.2011 12:01 C:\Windows\Temp\xx486 --------- 0
01.08.2011 12:01 C:\Windows\Temp\xx485 --------- 0
01.08.2011 12:01 C:\Windows\Temp\xx484 --------- 0
01.08.2011 12:01 C:\Windows\Temp\xx482 --------- 0
01.08.2011 12:01 C:\Windows\Temp\xx483 --------- 0
----------------------------------------
C:\Users\ASUS\AppData\Local\Temp
01.08.2011 13:52 C:\Users\ASUS\AppData\Local\Temp\~DFC6EE5BDA7130E5DE.TMP --------- 20480
01.08.2011 13:51 C:\Users\ASUS\AppData\Local\Temp\StructuredQuery.log --------- 707
01.08.2011 13:48 C:\Users\ASUS\AppData\Local\Temp\~DF3B3C370A6D61847B.TMP --------- 16384
01.08.2011 13:48 C:\Users\ASUS\AppData\Local\Temp\Low --------- 0
01.08.2011 12:09 C:\Users\ASUS\AppData\Local\Temp\jusched.log --------- 765
01.08.2011 12:04 C:\Users\ASUS\AppData\Local\Temp\WPDNSE --------- 0
01.08.2011 12:04 C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
01.08.2011 12:04 C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb --------- 3596
01.08.2011 12:04 C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb --------- 3596
01.08.2011 12:00 C:\Users\ASUS\AppData\Local\Temp\~DFE37BC07179D0CAC1.TMP --------- 32768
----------------------------------------
C:\Program Files
31.07.2011 22:10 C:\Program Files\SUPERAntiSpyware --------- 4096
31.07.2011 13:03 C:\Program Files\CCleaner --------- 0
27.07.2011 20:28 C:\Program Files\HyperCam 2 --------- 4096
26.07.2011 15:00 C:\Program Files\ATI Technologies --------- 0
20.06.2011 14:53 C:\Program Files\Windows Mail --------- 4096
20.06.2011 14:53 C:\Program Files\Windows Sidebar --------- 4096
20.06.2011 14:53 C:\Program Files\Internet Explorer --------- 4096
20.06.2011 14:53 C:\Program Files\Windows Media Player --------- 4096
20.06.2011 14:53 C:\Program Files\Windows Journal --------- 4096
20.06.2011 14:53 C:\Program Files\Windows Photo Viewer --------- 4096
20.06.2011 14:53 C:\Program Files\Windows Defender --------- 4096
20.06.2011 14:32 C:\Program Files\DVD Maker --------- 4096
12.06.2011 12:11 C:\Program Files\Google --------- 0
19.05.2011 11:55 C:\Program Files\Windows Live --------- 0
03.12.2009 09:58 C:\Program Files\ASUS --------- 0
03.12.2009 09:56 C:\Program Files\P4G --------- 4096
03.12.2009 09:53 C:\Program Files\Elantech --------- 4096
03.12.2009 09:52 C:\Program Files\SRS Labs --------- 0
03.12.2009 09:51 C:\Program Files\DIFX --------- 0
03.12.2009 09:51 C:\Program Files\ATKGFNEX --------- 4096
03.12.2009 09:47 C:\Program Files\ATI --------- 0
03.12.2009 09:46 C:\Program Files\Trend Micro --------- 0
03.12.2009 09:11 C:\Program Files\Microsoft Office --------- 0
14.07.2009 09:45 C:\Program Files\Microsoft Games --------- 4096
14.07.2009 07:32 C:\Program Files\Windows Portable Devices --------- 0
14.07.2009 07:32 C:\Program Files\MSBuild --------- 0
14.07.2009 07:32 C:\Program Files\Windows NT --------- 0
14.07.2009 07:32 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 07:09 C:\Program Files\Uninstall Information --------- 0
14.07.2009 06:54 C:\Program Files\desktop.ini --------- 174
14.07.2009 05:20 C:\Program Files\Common Files --------- 4096
----------------------------------------
C:\ProgramData\..
ASUS
Public
Default
Default User
All Users
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
127.0.0.1 fr-fr.facebook.com
127.0.0.1 fy-nl.facebook.com
127.0.0.1 ga-ie.facebook.com
127.0.0.1 gl-es.facebook.com
127.0.0.1 ko-kr.facebook.com
127.0.0.1 hr-hr.facebook.com
127.0.0.1 is-is.facebook.com
127.0.0.1 it-it.facebook.com
127.0.0.1 ka-ge.facebook.com
127.0.0.1 sw-ke.facebook.com
127.0.0.1 ku-tr.facebook.com
127.0.0.1 lv-lv.facebook.com
127.0.0.1 fb-lt.facebook.com
127.0.0.1 lt-lt.facebook.com
127.0.0.1 la-va.facebook.com
127.0.0.1 hu-hu.facebook.com
127.0.0.1 nl-nl.facebook.com
127.0.0.1 ja-jp.facebook.com
127.0.0.1 nb-no.facebook.com
127.0.0.1 nn-no.facebook.com
127.0.0.1 pl-pl.facebook.com
127.0.0.1 pt-br.facebook.com
127.0.0.1 ro-ro.facebook.com
127.0.0.1 ru-ru.facebook.com
127.0.0.1 sq-al.facebook.com
127.0.0.1 sk-sk.facebook.com
127.0.0.1 sl-si.facebook.com
127.0.0.1 fi-fi.facebook.com
127.0.0.1 sv-se.facebook.com
127.0.0.1 th-th.facebook.com
127.0.0.1 vi-vn.facebook.com
127.0.0.1 tr-tr.facebook.com
127.0.0.1 zh-tw.facebook.com
127.0.0.1 el-gr.facebook.com
127.0.0.1 be-by.facebook.com
127.0.0.1 bg-bg.facebook.com
127.0.0.1 mk-mk.facebook.com
127.0.0.1 sr-rs.facebook.com
127.0.0.1 uk-ua.facebook.com
127.0.0.1 hy-am.facebook.com
127.0.0.1 he-il.facebook.com
127.0.0.1 ar-ar.facebook.com
127.0.0.1 ps-af.facebook.com
127.0.0.1 fa-ir.facebook.com
127.0.0.1 ne-np.facebook.com
127.0.0.1 hi-in.facebook.com
127.0.0.1 bn-in.facebook.com
127.0.0.1 pa-in.facebook.com
127.0.0.1 ta-in.facebook.com
127.0.0.1 te-in.facebook.com
127.0.0.1 ml-in.facebook.com
127.0.0.1 es-es.facebook.com
127.0.0.1 fr-ca.facebook.com
127.0.0.1 pt-pt.facebook.com
127.0.0.1 zh-cn.facebook.com
127.0.0.1 zh-hk.facebook.com
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 1.300 K
smss.exe 252 Services 0 1.040 K
csrss.exe 336 Services 0 7.128 K
csrss.exe 416 Console 1 16.000 K
wininit.exe 424 Services 0 6.148 K
winlogon.exe 512 Console 1 6.916 K
services.exe 536 Services 0 13.772 K
lsass.exe 560 Services 0 12.768 K
lsm.exe 568 Services 0 4.348 K
svchost.exe 672 Services 0 9.104 K
svchost.exe 784 Services 0 9.132 K
atiesrxx.exe 868 Services 0 3.980 K
svchost.exe 920 Services 0 28.940 K
svchost.exe 964 Services 0 18.156 K
svchost.exe 988 Services 0 40.156 K
svchost.exe 296 Services 0 13.996 K
svchost.exe 264 Services 0 15.932 K
FBAgent.exe 1144 Services 0 12.460 K
AsLdrSrv.exe 1188 Services 0 3.668 K
atieclxx.exe 1204 Console 1 5.440 K
GFNEXSrv.exe 1372 Services 0 3.088 K
spoolsv.exe 1544 Services 0 11.816 K
taskhost.exe 1588 Console 1 7.756 K
dwm.exe 1648 Console 1 37.088 K
explorer.exe 1680 Console 1 73.524 K
HControl.exe 1736 Console 1 6.244 K
svchost.exe 1764 Services 0 20.784 K
ATKOSD.exe 1824 Console 1 5.532 K
taskeng.exe 1836 Console 1 6.440 K
BatteryLife.exe 1900 Console 1 4.256 K
ACMON.exe 1912 Console 1 4.392 K
ALU.exe 1920 Console 1 4.276 K
sensorsrv.exe 1932 Console 1 4.216 K
wcourier.exe 1944 Console 1 4.284 K
ASPG.exe 1952 Console 1 4.272 K
ControlDeckStartUp.exe 1960 Console 1 3.232 K
svchost.exe 1996 Services 0 14.692 K
Fuel.Service.exe 2024 Services 0 9.164 K
hamachi-2.exe 1120 Services 0 9.948 K
KBFiltr.exe 1236 Console 1 3.772 K
WDC.exe 1316 Console 1 4.984 K
ICQ Service.exe 220 Services 0 6.688 K
hamachi-2-ui.exe 2060 Console 1 7.516 K
OberonGameConsoleService. 2160 Services 0 23.340 K
SeaPort.exe 2292 Services 0 10.116 K
SfCtlCom.exe 2336 Services 0 16.816 K
svchost.exe 2368 Services 0 5.496 K
UfSeAgnt.exe 2676 Console 1 1.868 K
svchost.exe 2704 Services 0 6.660 K
svchost.exe 2892 Services 0 14.764 K
TmProxy.exe 3140 Services 0 25.220 K
TMBMSRV.exe 3228 Services 0 8.996 K
ADSMSrv.exe 3356 Services 0 3.828 K
SearchIndexer.exe 3384 Services 0 26.172 K
AsScrPro.exe 3740 Console 1 7.840 K
CLMLSvc.exe 3780 Console 1 7.368 K
BackupService.exe 4076 Console 1 44.164 K
ETDCtrl.exe 4084 Console 1 8.160 K
AmIcoSinglun64.exe 4092 Console 1 6.036 K
ICQ.exe 604 Console 1 57.060 K
cacaoweb.exe 3396 Console 1 10.228 K
HControlUser.exe 2784 Console 1 3.156 K
ATKOSD2.exe 2944 Console 1 4.928 K
ACEngSvr.exe 108 Console 1 6.188 K
VDECK.EXE 3624 Console 1 31.264 K
DMedia.exe 2940 Console 1 3.968 K
jusched.exe 3724 Console 1 4.260 K
mbamgui.exe 3488 Console 1 6.872 K
SRSPremiumPanel_64.exe 3536 Console 1 18.136 K
MOM.exe 3840 Console 1 5.004 K
CCC.exe 4352 Console 1 4.504 K
wmpnetwk.exe 4904 Services 0 10.924 K
svchost.exe 4992 Services 0 15.648 K
mbamservice.exe 5104 Services 0 98.076 K
svchost.exe 4796 Services 0 44.088 K
PresentationFontCache.exe 5592 Services 0 16.536 K
iexplore.exe 5852 Console 1 25.020 K
iexplore.exe 5272 Console 1 82.868 K
OTL.exe 7720 Console 1 25.228 K
notepad.exe 7516 Console 1 5.872 K
taskeng.exe 7856 Services 0 4.860 K
audiodg.exe 7776 Services 0 16.560 K
iexplore.exe 6052 Console 1 24.092 K
cmd.exe 5064 Console 1 4.008 K
conhost.exe 6504 Console 1 6.020 K
SearchProtocolHost.exe 4124 Services 0 8.020 K
SearchFilterHost.exe 2696 Services 0 6.152 K
tasklist.exe 5452 Console 1 5.108 K
WmiPrvSE.exe 7896 Services 0 5.876 K
***** Ende des Scans 01.08.2011 um 15:17:02,87 ***
|
|
01.08.2011, 20:28
| #26 |
| | Facebook Virus (Koobface oder so) Und zum Schluss noch die ganzen Programme: 2007 Microsoft Office system Microsoft Corporation 02.12.2009 12.0.4518.1014 Acrobat.com Adobe Systems Incorporated 01.12.2009 1,61MB 1.6.65 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 02.12.2009 Adobe AIR Adobe Systems Inc. 02.12.2009 1.5.0.7220 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 25.07.2011 2,96MB 10.3.181.34 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 02.12.2009 10.0.32.18 Adobe Reader 9.1 MUI Adobe Systems Incorporated 01.12.2009 650MB 9.1.0 Akamai NetSession Interface 07.06.2011 Alcor Micro USB Card Reader Alcor Micro Corp. 01.12.2009 2,89MB 1.5.17.25482 Alice Greenfingers Oberon Media 02.12.2009 AMD USB Filter Driver Advanced Micro Devices, Inc. 01.12.2009 56,00KB 1.0.13.88 ASUS AI Recovery ASUS 01.12.2009 2,89MB 1.0.7 ASUS AP Bank ASUSTEK 01.12.2009 1.0.0.0 ASUS CopyProtect ASUS 01.12.2009 3,62MB 1.0.0015 ASUS Data Security Manager ASUS 01.12.2009 15,1MB 1.00.0014 ASUS FancyStart ASUSTeK Computer Inc. 01.12.2009 10,5MB 1.0.6 ASUS LifeFrame3 ASUS 01.12.2009 27,7MB 3.0.20 ASUS Live Update ASUS 02.12.2009 2.5.9 ASUS MultiFrame ASUS 02.12.2009 1.0.0019 ASUS Power4Gear Hybrid ASUS 01.12.2009 10,8MB 1.1.19 ASUS SmartLogon ASUS 01.12.2009 10,9MB 1.0.0007 ASUS Splendid Video Enhancement Technology ASUS 01.12.2009 24,4MB 1.02.0028 Asus WebStorage eCareme Technologies, Inc. 02.12.2009 2.0.31.477 Asus_Camera_ScreenSaver ASUS 02.12.2009 2.0.0008 ATI Catalyst Install Manager ATI Technologies, Inc. 25.07.2011 22,5MB 3.0.829.0 ATK Generic Function Service ATK 01.12.2009 1.00.0008 ATK Hotkey ASUS 01.12.2009 5,75MB 1.0.0053 ATK Media ASUS 01.12.2009 0,18MB 2.0.0005 ATKOSD2 ASUS 01.12.2009 6,53MB 7.0.0006 Avira AntiVir Personal - Free Antivirus Avira GmbH 25.07.2011 70,6MB 10.2.0.696 CamStudio OSS Desktop Recorder CamStudio Open Source Dev Team 02.06.2011 14,9MB 2.6 Beta r294 CCleaner Piriform 30.07.2011 3.09 Chicken Invaders 2 Oberon Media 02.12.2009 ControlDeck ASUS 01.12.2009 1,82MB 1.0.4 CyberLink LabelPrint CyberLink Corp. 01.12.2009 88,6MB 2.5.1720 CyberLink Power2Go CyberLink Corp. 01.12.2009 108,1MB 6.1.2713 Dream Day Wedding Married in Manhattan Oberon Media 02.12.2009 ETDWare PS/2-x64 7.0.5.5_WHQL 02.12.2009 Fast Boot ASUS 01.12.2009 1,45MB 1.0.4 Fiesta Online(EU_German) 1.04.000 gamigo Games 20.06.2011 1.04.000 Fraps 02.06.2011 Game Park Console Oberon Media, Inc. 01.12.2009 5.2.1.4 Google Earth Plug-in Google 29.06.2011 39,9MB 6.0.3.2197 Google SketchUp 8 Google, Inc. 11.06.2011 73,3MB 3.0.4993 Google Toolbar for Internet Explorer Google Inc. 01.07.2011 7.1.1821.1806 HyperCam 2 Hyperionics Technology LLC 26.07.2011 2.25.01 Hyperionics DB Toolbar 26.07.2011 ICQ Toolbar ICQ 05.07.2011 3.0.0 ICQ7.5 ICQ 05.07.2011 7.5 Island Wars 2 Oberon Media 02.12.2009 Java(TM) 6 Update 26 Oracle 28.06.2011 94,9MB 6.0.260 Livestream Procaster Procaster 14.06.2011 50,9MB 20.2.0 LogMeIn Hamachi LogMeIn, Inc. 28.06.2011 2.0.3.115 Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 30.07.2011 13,4MB 1.51.1.1800 Microsoft Office Live Add-in 1.3 Microsoft Corporation 18.05.2011 0,48MB 2.0.2313.0 Microsoft Office Outlook Connector Microsoft Corporation 18.05.2011 6,14MB 12.0.6414.1000 Microsoft Silverlight Microsoft Corporation 18.05.2011 11,8MB 2.0.31005.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.05.2011 1,72MB 3.1.0000 Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 18.05.2011 0,61MB 1.0.1215.0 Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 18.05.2011 1,45MB 1.0.1215.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.06.2011 0,42MB 8.0.56336 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 01.12.2009 0,69MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.06.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.06.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 25.07.2011 13,7MB 10.0.30319 Mozilla Firefox 5.0.1 (x86 de) Mozilla 20.07.2011 31,2MB 5.0.1 MySQL Connector/ODBC 5.1 MySQL AB 14.06.2011 7,10MB 5.1.5 Pando Media Booster Pando Networks Inc. 02.06.2011 5,47MB 2.3.5.9 Piggly Oberon Media 02.12.2009 Realtek 8136 8168 8169 Ethernet Driver Realtek 01.12.2009 1.00.0005 S4 League_EU 20.07.2011 1.00.0000 Smileyville Oberon Media 02.12.2009 SRS Premium Sound Control Panel SRS Labs, Inc. 01.12.2009 1,80MB 1.8.1200 System Requirements Lab CYRI Husdawg, LLC 14.06.2011 0,45MB 4.4.26.0 TeamSpeak 2 RC2 Dominating Bytes Design 18.06.2011 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 28.06.2011 Trend Micro Internet Security Trend Micro Inc. 01.12.2009 94,2MB 17.50 VIA Platform Device Manager VIA Technologies, Inc. 01.12.2009 2,62MB 1.34 Windows Live Anmelde-Assistent Microsoft Corporation 18.05.2011 1,94MB 5.000.817.1 Windows Live Essentials Microsoft Corporation 18.05.2011 14.0.8050.1202 Windows Live Sync Microsoft Corporation 18.05.2011 2,80MB 14.0.8050.1202 Windows Live-Uploadtool Microsoft Corporation 18.05.2011 0,22MB 14.0.8014.1029 WinFlash ASUS 01.12.2009 1,29MB 2.29.0 WinRAR 4.01 (32-Bit) win.rar GmbH 28.06.2011 4.01.0 Wireless Console 3 ASUS 01.12.2009 2,43MB 3.0.12 |
|
02.08.2011, 06:39
| #27 |
| /// Helfer-Team | Facebook Virus (Koobface oder so) 1. Fixen mit OTL
Code:
ATTFilter :OTL
:Files
C:\Windows\iplist.txt
C:\Windows\iecheck_iplist.txt
C:\Windows\btc_client_iplist.txt
C:\Windows\proc_list1.log
C:\Windows\front_ip_list.txt
C:\Windows\winlog-ids.txt
C:\Windows\winlog-dirs.txt
:Commands
[purity]
[emptytemp]
[resethosts]
2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
02.08.2011, 10:50
| #28 |
| | Facebook Virus (Koobface oder so) Einmal Fix: Code:
ATTFilter All processes killed
========== OTL ==========
========== FILES ==========
C:\Windows\iplist.txt moved successfully.
C:\Windows\iecheck_iplist.txt moved successfully.
C:\Windows\btc_client_iplist.txt moved successfully.
C:\Windows\proc_list1.log moved successfully.
C:\Windows\front_ip_list.txt moved successfully.
C:\Windows\winlog-ids.txt moved successfully.
C:\Windows\winlog-dirs.txt moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ASUS
->Temp folder emptied: 61944 bytes
->Temporary Internet Files folder emptied: 43669951 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3657 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14638 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 42.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 08022011_112306
Files\Folders moved on Reboot...
C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWRFZFZN\101779-facebook-virus-koobface-oder-so-3[1].html moved successfully.
C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
Registry entries deleted on Reboot...
|
|
02.08.2011, 10:51
| #29 |
| | Facebook Virus (Koobface oder so) Dann Logfilde OTL: Code:
ATTFilter OTL logfile created on: 8/2/2011 11:38:45 AM - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.12% Memory free 8.00 Gb Paging File | 6.20 Gb Available in Paging File | 77.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 72.55 Gb Free Space | 62.31% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/08/01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\PROGRA~2\ICQ7.5\ICQ.exe PRC - [2011/07/31 12:14:53 | 000,398,576 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe PRC - [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009/12/03 09:58:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/09/25 19:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/09/16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/05/19 01:59:10 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/07/19 05:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (SafeList) ========== MOD - [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010/10/09 11:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV:64bit: - [2009/10/02 05:38:17 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009/08/22 11:37:45 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV:64bit: - [2009/08/22 11:37:45 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011/08/01 21:58:41 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_2da1ebd.dll -- (Akamai) SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/09/15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010/07/30 19:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2010/07/30 19:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2010/07/30 19:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/10/02 06:11:13 | 006,182,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/08/22 11:38:33 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 08:00:11 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/17 08:00:11 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 10:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/12 13:41:55 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/05/23 00:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/20 18:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/05/05 16:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/31 22:10:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/21 22:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions [2011/07/27 21:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions [2011/07/27 20:28:24 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011/07/27 21:36:53 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\cacaoweb@cacaoweb.org File not found (No name found) -- [2011/07/08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2011/08/02 11:24:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] File not found O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Setwallpaper] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [cacaoweb] C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O31 - SafeBoot: AlternateShell - services32.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/31 12:59:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/31 12:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/31 12:59:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/30 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/07/30 13:13:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\SUPERAntiSpyware.com [2011/07/30 13:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/07/30 13:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/07/29 13:43:28 | 000,000,000 | ---D | C] -- C:\_OTL [2011/07/28 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Tracing [2011/07/28 20:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011/07/28 12:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/07/28 12:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/07/28 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes [2011/07/28 10:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/28 10:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/07/28 00:44:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2011/07/28 00:25:19 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011/07/27 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\ICQ [2011/07/27 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2011/07/27 20:28:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Minibar [2011/07/27 20:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hyperionics DB Toolbar [2011/07/27 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2 [2011/07/26 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\AMD [2011/07/26 15:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011/07/26 15:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011/07/26 15:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2011/07/26 15:00:38 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys [2011/07/26 15:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2011/07/26 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011/07/26 14:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011/07/26 14:48:11 | 000,000,000 | ---D | C] -- C:\ATI [2011/07/26 14:46:50 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011/07/22 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\cacaoweb [2011/07/22 13:58:47 | 000,000,000 | ---D | C] -- C:\FirefoxPortable [2011/07/21 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Mozilla [2011/07/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya [2011/07/21 16:26:35 | 593,954,668 | ---- | C] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe [2011/07/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\ElevatedDiagnostics [2011/07/16 14:17:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/07/16 01:45:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\.minecraft [2011/07/06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011/07/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mozilla [2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2011/07/06 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ICQ [2011/07/06 21:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5 [2011/07/06 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Fiesta [2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/08/02 11:44:57 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2011/08/02 11:44:55 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2011/08/02 11:41:35 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/08/02 11:41:35 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/08/02 11:33:23 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/08/02 11:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/08/02 11:32:36 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2011/08/02 11:24:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011/08/02 00:57:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/08/01 22:21:31 | 000,864,075 | ---- | M] () -- C:\Users\ASUS\Documents\screenshot000.jpg [2011/08/01 11:27:34 | 000,002,158 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011/08/01 11:27:33 | 000,001,453 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011/07/31 13:03:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/07/31 13:00:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/31 12:51:23 | 000,203,230 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak [2011/07/31 12:13:49 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011/07/29 18:51:00 | 381,900,764 | ---- | M] () -- C:\Users\ASUS\Documents\clip0007.avi [2011/07/28 16:14:31 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2011/07/27 23:36:21 | 1175,199,286 | ---- | M] () -- C:\Users\ASUS\Documents\clip0006.avi [2011/07/27 22:31:33 | 3802,291,915 | ---- | M] () -- C:\Users\ASUS\Documents\clip0005.avi [2011/07/27 21:51:18 | 012,707,496 | ---- | M] () -- C:\Users\ASUS\Documents\clip0004.avi [2011/07/27 21:50:57 | 026,040,586 | ---- | M] () -- C:\Users\ASUS\Documents\clip0003.avi [2011/07/27 20:38:59 | 214,771,614 | ---- | M] () -- C:\Users\ASUS\Documents\clip0002.avi [2011/07/27 20:31:43 | 041,177,758 | ---- | M] () -- C:\Users\ASUS\Documents\clip0001.avi [2011/07/27 20:28:51 | 000,000,937 | ---- | M] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk [2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/07/22 18:32:29 | 000,001,971 | ---- | M] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png [2011/07/21 22:07:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011/07/21 17:00:29 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2011/07/21 16:41:04 | 593,954,668 | ---- | M] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe [2011/07/16 13:54:11 | 000,270,142 | ---- | M] () -- C:\Users\ASUS\Minecraft.exe [2011/07/09 10:45:17 | 311,888,518 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/08/01 22:21:31 | 000,864,075 | ---- | C] () -- C:\Users\ASUS\Documents\screenshot000.jpg [2011/07/31 13:03:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/07/31 13:00:00 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/31 12:59:16 | 000,030,259 | ---- | C] () -- C:\Users\ASUS\Desktop\hjtscanlist.bat [2011/07/29 18:48:15 | 381,900,764 | ---- | C] () -- C:\Users\ASUS\Documents\clip0007.avi [2011/07/28 16:14:31 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/27 23:29:11 | 1175,199,286 | ---- | C] () -- C:\Users\ASUS\Documents\clip0006.avi [2011/07/27 21:51:46 | 3802,291,915 | ---- | C] () -- C:\Users\ASUS\Documents\clip0005.avi [2011/07/27 21:51:11 | 012,707,496 | ---- | C] () -- C:\Users\ASUS\Documents\clip0004.avi [2011/07/27 21:50:47 | 026,040,586 | ---- | C] () -- C:\Users\ASUS\Documents\clip0003.avi [2011/07/27 20:31:53 | 214,771,614 | ---- | C] () -- C:\Users\ASUS\Documents\clip0002.avi [2011/07/27 20:30:16 | 041,177,758 | ---- | C] () -- C:\Users\ASUS\Documents\clip0001.avi [2011/07/27 20:28:11 | 000,000,937 | ---- | C] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk [2011/07/22 18:32:29 | 000,001,971 | ---- | C] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png [2011/07/21 22:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/07/21 17:00:29 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2011/07/16 13:54:07 | 000,270,142 | ---- | C] () -- C:\Users\ASUS\Minecraft.exe [2011/07/02 15:01:11 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2} [2011/06/15 14:04:13 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2009/12/03 09:58:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009/12/03 09:58:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2009/12/03 09:38:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/12/03 09:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/09/16 22:08:27 | 000,001,016 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009/08/19 10:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/07/01 10:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2006/05/19 13:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini ========== LOP Check ========== [2011/06/03 13:17:11 | 000,000,000 | -HSD | M] -- C:\Users\ASUS\AppData\Roaming\.# [2011/07/22 11:20:47 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\.minecraft [2011/05/19 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Asus WebStorage [2011/06/14 19:16:43 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\bin [2011/08/01 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\cacaoweb [2011/06/03 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\GameConsole [2011/08/02 11:13:36 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ICQ [2011/06/14 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\resources [2011/06/14 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\saves [2011/06/14 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\stats [2011/06/14 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\texturepacks [2011/08/01 23:12:35 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TS3Client [2011/06/29 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ts3overlay [2011/07/19 12:32:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
02.08.2011, 10:53
| #30 |
| | Facebook Virus (Koobface oder so) Extra: Code:
ATTFilter OTL Extras logfile created on: 8/2/2011 11:38:45 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.12% Memory free
8.00 Gb Paging File | 6.20 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 72.55 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"Asus WebStorage" = Asus WebStorage
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"HyperCam 2" = HyperCam 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE78D9-2859-A192-F416-1D3E93370ACA}" = Catalyst Control Center InstallProxy
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = AMD VISION Engine Control Center
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8966D069-C05A-4B8C-9287-F52DE631A6C0}" = S4 League_EU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ASUS AP Bank_is1" = ASUS AP Bank
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Fraps" = Fraps
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"PROHYBRIDR" = 2007 Microsoft Office system
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/21/2011 10:04:26 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x12a0 Startzeit der fehlerhaften Anwendung: 0x01cc47ae8d77f184 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5759a0e1-b3a2-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:07:21 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01cc47af2c003491 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c00aaf58-b3a2-11e0-95f4-e0cb4e2e159e
Error - 7/21/2011 10:13:55 AM | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 7/21/2011 10:50:12 AM | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 7/21/2011 12:03:41 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.29659,
Zeitstempel: 0x4e26397e Name des fehlerhaften Moduls: S4Client.exe, Version: 0.8.32.29659,
Zeitstempel: 0x4e26397e Ausnahmecode: 0xc0000005 Fehleroffset: 0x007ace9a ID des fehlerhaften
Prozesses: 0x14f8 Startzeit der fehlerhaften Anwendung: 0x01cc47b7ad3928ba Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Berichtskennung:
0055eca9-b3b3-11e0-89f5-e0cb4e2e159e
Error - 7/21/2011 12:03:54 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0xbc8 Startzeit der fehlerhaften Anwendung: 0x01cc47b7a91d07f1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 07b5f58b-b3b3-11e0-89f5-e0cb4e2e159e
Error - 7/21/2011 2:09:06 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x14f4 Startzeit der fehlerhaften Anwendung: 0x01cc47c95ad5cd56 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 85a47482-b3c4-11e0-a688-e0cb4e2e159e
Error - 7/22/2011 7:57:50 AM | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\XNBLSHD7\SoftonicDownloader_fuer_portable-firefox[1].exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 7/22/2011 10:06:21 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x1bec Startzeit der fehlerhaften Anwendung: 0x01cc487388d3d66c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c6a70f99-b46b-11e0-b11c-e0cb4e2e159e
Error - 7/23/2011 2:41:24 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x125c Startzeit der fehlerhaften Anwendung: 0x01cc49644566ab20 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5d7036c7-b55b-11e0-931e-e0cb4e2e159e
[ System Events ]
Error - 7/30/2011 5:21:45 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/30/2011 5:21:45 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/30/2011 5:21:51 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/30/2011 5:23:44 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 7/30/2011 8:33:41 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/30/2011 8:33:41 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/30/2011 12:09:29 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/30/2011 12:09:29 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 7/30/2011 12:19:04 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 7/30/2011 12:19:04 PM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
< End of report >
|
|
| Themen zu Facebook Virus (Koobface oder so) |
| adware.bho, angeblich, backdoor.agent, ebenfalls, entdeck, festplatte, forum, loswerden, lösung, micro, microsoft, platte, pum.disabled.securitycenter, scan, security, seite, tool, trend, trojan.agent, trojan.bcminer, trojan.downloader, trojan.dropper, trojan.fakealert.gen, virus, youtube |
.
Linear-Darstellung
