Facebook Virus (Koobface oder so)

Drumming · 28.07.2011, 00:27

Hallo
Ich bin gestern auf diese bekannten Facebook Virus reingefallen.
Nun habe ich die befürchtung das ich diesen Virus auf den Rachner habe (bin mir nich sicher).
Ich habe auch im Forum schon einen Thread mit den selben anzeichen Gefunden, aller dings hat der mir nich weitergeholfen.
Erstmal wie ich zu dem Virus gekommen bin :

Ich wurd angeschrieben von einer Klassenkameradin (sie muss den Virus ebenfalls haben). IN der PN stand halt etwas von einem Video übermich (halt alles gefaket). In meiner Dummheit habe ich den natürlich angeklickt. Dann wurd ich auf diese angeblich Youtube seite geleitet, konnte aber nich das Video anschauen, weil ich angeblich nich den FlashPlayer hätte. Den hab ich dann von der Seite gedowloadet wie sich raustellte war es der Virus.

Nun hätte ich gerne Hilfe wie ich den loswerden kann ohne die Festplatte gleich zu formatieren.

Ich habe auch schon einen scan mit Antivir und danach mit Trend Micro Internet security gemacht, da die aber nichts gefunden haben, habe ich natürlich nach einer lösung gegoogelt, da habe ich ein tool von microsoft entdeckt.....hat aber ebenfalls nich geholfen...

ich bitte um schnellen Rat
PS: schonmal DANKE im Vorraus....

kira · 28.07.2011, 07:27

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Drumming · 28.07.2011, 11:49

So habe alle auf der Liste getan ^^
Anti-Malware hat was gefunden. (69 Infizierte Dateien usw.)
Hier einmal der Bericht vom Anti-Malware

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7308

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.07.2011 11:50:31
mbam-log-2011-07-28 (11-50-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 303866
Laufzeit: 49 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 8
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 12
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 36

Infizierte Speicherprozesse:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 2520 -> Unloaded process successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2596 -> Unloaded process successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 4484 -> Unloaded process successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 4852 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2408 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2876 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2380 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2424 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8994680.exe (Trojan.Agent) -> Value: 8994680.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1333882.exe (Trojan.Agent) -> Value: 1333882.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9778665.exe (Trojan.Agent) -> Value: 9778665.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\26607594-loader2.exe (Trojan.Agent) -> Value: 26607594-loader2.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3068739.exe (Trojan.Agent) -> Value: 3068739.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\8994680.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ASUS\AppData\Local\Temp\1333882.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9778665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\26607594-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ASUS\AppData\Local\Temp\7392581.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ASUS\AppData\Local\Temp\somoto_chrome.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\Windows\Temp\1380268.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\36487029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\3765476.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5526996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6698_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\3068739.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\471761108.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

Drumming · 28.07.2011, 11:52

OTL:

Code:

ATTFilter

OTL logfile created on: 7/28/2011 12:04:02 PM - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.70% Memory free
8.00 Gb Paging File | 6.19 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 72.54 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe ()
PRC - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/21 22:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/07/21 22:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2011/07/27 21:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions
[2011/07/27 20:28:24 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/07/27 21:36:53 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\cacaoweb@cacaoweb.org
[2011/07/21 22:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
[2011/07/08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/07/28 10:16:42 | 000,203,160 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 www.vkontakte.ru
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 www.vk.com
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico1]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cacaoweb] C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/28 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2011/07/28 10:50:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/28 10:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/28 10:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/28 10:50:35 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/28 10:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/28 00:44:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2011/07/28 00:25:19 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/07/27 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\ICQ
[2011/07/27 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2011/07/27 20:28:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Minibar
[2011/07/27 20:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hyperionics DB Toolbar
[2011/07/27 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2011/07/26 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\AMD
[2011/07/26 15:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/26 15:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/26 15:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/26 15:00:38 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/07/26 15:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/26 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/07/26 14:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/26 14:48:11 | 000,000,000 | ---D | C] -- C:\ATI
[2011/07/26 14:46:50 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/07/26 14:41:38 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/07/26 14:40:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/07/26 14:38:16 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/07/26 14:35:24 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011/07/22 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\cacaoweb
[2011/07/22 13:58:47 | 000,000,000 | ---D | C] -- C:\FirefoxPortable
[2011/07/21 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Mozilla
[2011/07/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2011/07/21 16:26:35 | 593,954,668 | ---- | C] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe
[2011/07/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\ElevatedDiagnostics
[2011/07/16 14:17:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/16 01:45:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\.minecraft
[2011/07/06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011/07/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mozilla
[2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011/07/06 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ICQ
[2011/07/06 21:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011/07/06 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Fiesta
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\texturepacks
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\saves
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\resources
[2011/07/01 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\stats
[2011/07/01 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\bin
[2011/06/30 18:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/30 17:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011/06/30 17:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/30 17:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/06/29 18:10:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ts3overlay
[2011/06/29 18:09:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\TS3Client
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\WinRAR
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/29 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/06/29 18:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/06/29 18:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2011/06/29 17:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/29 17:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/29 17:54:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/29 17:54:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/29 17:54:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/29 17:54:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/29 17:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/06/29 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\LogMeIn Hamachi
[2011/06/29 17:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/06/29 17:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/28 12:09:14 | 000,203,160 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/07/28 12:07:07 | 000,203,160 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/07/28 12:00:47 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 12:00:47 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 11:57:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 11:53:18 | 000,002,158 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/07/28 11:53:18 | 000,001,453 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/07/28 11:53:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 11:52:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/28 11:52:13 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/28 10:50:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 10:17:30 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/28 10:16:42 | 000,203,160 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/28 10:16:42 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2011/07/28 00:17:04 | 000,203,160 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/07/27 23:36:21 | 1175,199,286 | ---- | M] () -- C:\Users\ASUS\Documents\clip0006.avi
[2011/07/27 22:31:33 | 3802,291,915 | ---- | M] () -- C:\Users\ASUS\Documents\clip0005.avi
[2011/07/27 21:51:18 | 012,707,496 | ---- | M] () -- C:\Users\ASUS\Documents\clip0004.avi
[2011/07/27 21:50:57 | 026,040,586 | ---- | M] () -- C:\Users\ASUS\Documents\clip0003.avi
[2011/07/27 20:38:59 | 214,771,614 | ---- | M] () -- C:\Users\ASUS\Documents\clip0002.avi
[2011/07/27 20:31:43 | 041,177,758 | ---- | M] () -- C:\Users\ASUS\Documents\clip0001.avi
[2011/07/27 20:28:51 | 000,000,937 | ---- | M] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk
[2011/07/27 20:10:10 | 000,000,155 | ---- | M] () -- C:\Windows\info1
[2011/07/26 14:41:58 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/07/26 14:41:58 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/07/26 14:41:58 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/07/26 14:41:58 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/07/26 14:40:27 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/07/26 14:39:58 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/07/22 18:32:29 | 000,001,971 | ---- | M] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png
[2011/07/21 22:07:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/07/21 17:00:29 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/07/21 16:41:04 | 593,954,668 | ---- | M] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe
[2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011/07/16 13:54:11 | 000,270,142 | ---- | M] () -- C:\Users\ASUS\Minecraft.exe
[2011/07/09 10:45:17 | 311,888,518 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/02 15:01:11 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2}
[2011/07/01 09:54:42 | 049,089,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/06/29 18:07:37 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/29 17:54:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/29 17:54:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/29 17:54:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/29 17:54:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/07/28 10:50:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/27 23:29:11 | 1175,199,286 | ---- | C] () -- C:\Users\ASUS\Documents\clip0006.avi
[2011/07/27 21:51:46 | 3802,291,915 | ---- | C] () -- C:\Users\ASUS\Documents\clip0005.avi
[2011/07/27 21:51:11 | 012,707,496 | ---- | C] () -- C:\Users\ASUS\Documents\clip0004.avi
[2011/07/27 21:50:47 | 026,040,586 | ---- | C] () -- C:\Users\ASUS\Documents\clip0003.avi
[2011/07/27 20:31:53 | 214,771,614 | ---- | C] () -- C:\Users\ASUS\Documents\clip0002.avi
[2011/07/27 20:30:16 | 041,177,758 | ---- | C] () -- C:\Users\ASUS\Documents\clip0001.avi
[2011/07/27 20:28:11 | 000,000,937 | ---- | C] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk
[2011/07/26 14:41:58 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011/07/26 14:41:58 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011/07/26 14:41:58 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011/07/26 14:40:27 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011/07/26 14:40:05 | 000,000,155 | ---- | C] () -- C:\Windows\info1
[2011/07/26 14:39:59 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011/07/26 14:39:58 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011/07/26 14:39:58 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/07/22 18:32:29 | 000,001,971 | ---- | C] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png
[2011/07/21 22:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/21 17:00:29 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/07/16 13:54:07 | 000,270,142 | ---- | C] () -- C:\Users\ASUS\Minecraft.exe
[2011/07/02 15:01:11 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2}
[2011/06/29 18:07:37 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/15 14:04:13 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2009/12/03 09:58:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/12/03 09:58:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 09:38:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/03 09:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 22:08:27 | 000,001,016 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/19 10:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 10:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/05/19 13:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >

hjtscanlist:
[/code]

Drumming · 28.07.2011, 11:53

OTL:

Code:

ATTFilter

OTL logfile created on: 7/28/2011 12:04:02 PM - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.70% Memory free
8.00 Gb Paging File | 6.19 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 72.54 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe ()
PRC - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/21 22:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/07/21 22:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2011/07/27 21:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions
[2011/07/27 20:28:24 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/07/27 21:36:53 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\cacaoweb@cacaoweb.org
[2011/07/21 22:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
[2011/07/08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/07/28 10:16:42 | 000,203,160 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 www.vkontakte.ru
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 www.vk.com
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico1]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cacaoweb] C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/28 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2011/07/28 10:50:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/28 10:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/28 10:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/28 10:50:35 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/28 10:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/28 00:44:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2011/07/28 00:25:19 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/07/27 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\ICQ
[2011/07/27 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2011/07/27 20:28:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Minibar
[2011/07/27 20:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hyperionics DB Toolbar
[2011/07/27 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2011/07/26 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\AMD
[2011/07/26 15:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/26 15:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/26 15:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/26 15:00:38 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/07/26 15:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/26 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/07/26 14:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/26 14:48:11 | 000,000,000 | ---D | C] -- C:\ATI
[2011/07/26 14:46:50 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/07/26 14:41:38 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/07/26 14:40:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/07/26 14:38:16 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/07/26 14:35:24 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011/07/22 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\cacaoweb
[2011/07/22 13:58:47 | 000,000,000 | ---D | C] -- C:\FirefoxPortable
[2011/07/21 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Mozilla
[2011/07/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2011/07/21 16:26:35 | 593,954,668 | ---- | C] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe
[2011/07/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\ElevatedDiagnostics
[2011/07/16 14:17:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/16 01:45:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\.minecraft
[2011/07/06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011/07/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mozilla
[2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011/07/06 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ICQ
[2011/07/06 21:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011/07/06 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Fiesta
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\texturepacks
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\saves
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\resources
[2011/07/01 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\stats
[2011/07/01 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\bin
[2011/06/30 18:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/30 17:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011/06/30 17:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/30 17:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/06/29 18:10:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ts3overlay
[2011/06/29 18:09:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\TS3Client
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\WinRAR
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/29 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/06/29 18:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/06/29 18:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2011/06/29 17:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/29 17:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/29 17:54:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/29 17:54:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/29 17:54:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/29 17:54:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/29 17:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/06/29 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\LogMeIn Hamachi
[2011/06/29 17:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/06/29 17:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/28 12:09:14 | 000,203,160 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/07/28 12:07:07 | 000,203,160 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/07/28 12:00:47 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 12:00:47 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 11:57:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 11:53:18 | 000,002,158 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/07/28 11:53:18 | 000,001,453 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/07/28 11:53:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 11:52:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/28 11:52:13 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/28 10:50:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 10:17:30 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/28 10:16:42 | 000,203,160 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/28 10:16:42 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2011/07/28 00:17:04 | 000,203,160 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/07/27 23:36:21 | 1175,199,286 | ---- | M] () -- C:\Users\ASUS\Documents\clip0006.avi
[2011/07/27 22:31:33 | 3802,291,915 | ---- | M] () -- C:\Users\ASUS\Documents\clip0005.avi
[2011/07/27 21:51:18 | 012,707,496 | ---- | M] () -- C:\Users\ASUS\Documents\clip0004.avi
[2011/07/27 21:50:57 | 026,040,586 | ---- | M] () -- C:\Users\ASUS\Documents\clip0003.avi
[2011/07/27 20:38:59 | 214,771,614 | ---- | M] () -- C:\Users\ASUS\Documents\clip0002.avi
[2011/07/27 20:31:43 | 041,177,758 | ---- | M] () -- C:\Users\ASUS\Documents\clip0001.avi
[2011/07/27 20:28:51 | 000,000,937 | ---- | M] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk
[2011/07/27 20:10:10 | 000,000,155 | ---- | M] () -- C:\Windows\info1
[2011/07/26 14:41:58 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/07/26 14:41:58 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/07/26 14:41:58 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/07/26 14:41:58 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/07/26 14:40:27 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/07/26 14:39:58 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/07/22 18:32:29 | 000,001,971 | ---- | M] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png
[2011/07/21 22:07:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/07/21 17:00:29 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/07/21 16:41:04 | 593,954,668 | ---- | M] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe
[2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011/07/16 13:54:11 | 000,270,142 | ---- | M] () -- C:\Users\ASUS\Minecraft.exe
[2011/07/09 10:45:17 | 311,888,518 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/02 15:01:11 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2}
[2011/07/01 09:54:42 | 049,089,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/06/29 18:07:37 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/29 17:54:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/29 17:54:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/29 17:54:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/29 17:54:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/07/28 10:50:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/27 23:29:11 | 1175,199,286 | ---- | C] () -- C:\Users\ASUS\Documents\clip0006.avi
[2011/07/27 21:51:46 | 3802,291,915 | ---- | C] () -- C:\Users\ASUS\Documents\clip0005.avi
[2011/07/27 21:51:11 | 012,707,496 | ---- | C] () -- C:\Users\ASUS\Documents\clip0004.avi
[2011/07/27 21:50:47 | 026,040,586 | ---- | C] () -- C:\Users\ASUS\Documents\clip0003.avi
[2011/07/27 20:31:53 | 214,771,614 | ---- | C] () -- C:\Users\ASUS\Documents\clip0002.avi
[2011/07/27 20:30:16 | 041,177,758 | ---- | C] () -- C:\Users\ASUS\Documents\clip0001.avi
[2011/07/27 20:28:11 | 000,000,937 | ---- | C] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk
[2011/07/26 14:41:58 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011/07/26 14:41:58 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011/07/26 14:41:58 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011/07/26 14:40:27 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011/07/26 14:40:05 | 000,000,155 | ---- | C] () -- C:\Windows\info1
[2011/07/26 14:39:59 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011/07/26 14:39:58 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011/07/26 14:39:58 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/07/22 18:32:29 | 000,001,971 | ---- | C] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png
[2011/07/21 22:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/21 17:00:29 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/07/16 13:54:07 | 000,270,142 | ---- | C] () -- C:\Users\ASUS\Minecraft.exe
[2011/07/02 15:01:11 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2}
[2011/06/29 18:07:37 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/15 14:04:13 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2009/12/03 09:58:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/12/03 09:58:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 09:38:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/03 09:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 22:08:27 | 000,001,016 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/19 10:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 10:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/05/19 13:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >

hjtscanlist:
[code]

Drumming · 28.07.2011, 11:54

hjtscanlist:

Code:

ATTFilter

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  28.07.2011 11:50     C:\Windows --------- 40960   
  28.07.2011 10:50     C:\ProgramData --------- 8192   
  28.07.2011 10:50     C:\Program Files (x86) --------- 20480   
  28.07.2011 00:54     C:\System Volume Information --------- 4096   
  27.07.2011 20:28     C:\Program Files --------- 8192   
  26.07.2011 14:48     C:\ATI --------- 0   
  22.07.2011 13:58     C:\FirefoxPortable --------- 4096   
  15.06.2011 23:24     C:\ProcasterInstaller.log --------- 388652   
  03.06.2011 17:09     C:\Fraps --------- 4096   
  19.05.2011 12:02     C:\asus.dat --------- 4096   
  19.05.2011 12:01     C:\$Recycle.Bin --------- 0   
  19.05.2011 11:46     C:\Users --------- 4096   
  19.05.2011 11:44     C:\Recovery --------- 0   
  03.12.2009 10:02     C:\devlist.txt --------- 13444   
  03.12.2009 10:01     C:\Finish.log --------- 9   
  03.12.2009 09:58     C:\setup.log --------- 90   
  03.12.2009 09:52     C:\inject.log.txt --------- 743079   
  03.12.2009 09:51     C:\Temp --------- 8192   
  03.12.2009 09:18     C:\SumHidd.txt --------- 170   
  03.12.2009 09:16     C:\SumOS.txt --------- 98   
  03.12.2009 09:05     C:\MSOCache --------- 0   
  02.12.2009 19:27     C:\Pass.txt --------- 146   
  10.11.2009 05:02     C:\Patch_Win7.log --------- 196   
  30.10.2009 08:40     C:\K40AB_K50AB_K40AD_K50AD_WIN7.30 --------- 19   
  30.10.2009 04:01     C:\K50ADAS.BIN --------- 1048576   
  30.10.2009 03:17     C:\K40ADAS.BIN --------- 1048576   
  27.10.2009 03:58     C:\K50ABAS.BIN --------- 1048576   
  27.10.2009 03:20     C:\K40ABAS.BIN --------- 1048576   
  16.09.2009 20:04     C:\v82.txt --------- 24   
  25.08.2009 02:10     C:\RECOVERY.DAT --------- 26   
  29.07.2009 08:03     C:\BOOTSECT.BAK --------- 8192   
  29.07.2009 08:03     C:\Boot --------- 4096   
  14.07.2009 07:08     C:\Documents and Settings --------- 0   
  14.07.2009 05:20     C:\PerfLogs --------- 0   
  14.07.2009 03:38     C:\bootmgr --------- 383562   
  02.07.2009 09:17     C:\Nero.Log --------- 37   
  15.06.2009 13:11     C:\AdobeReader.log --------- 54   
  12.06.2009 03:32     C:\OFFICE2007_L.TXT --------- 57   
----------------------------------------

 
C:\Windows

  28.07.2011 11:56     C:\Windows\WindowsUpdate.log --------- 577147   
  28.07.2011 11:52     C:\Windows\setupact.log --------- 42074   
  28.07.2011 11:52     C:\Windows\bootstat.dat --------- 67584   
  28.07.2011 11:17     C:\Windows\iecheck_iplist.txt --------- 12413   
  28.07.2011 11:16     C:\Windows\btc_client_iplist.txt --------- 10935   
  28.07.2011 11:16     C:\Windows\iplist.txt --------- 10929   
  28.07.2011 10:17     C:\Windows\proc_list1.log --------- 1672   
  27.07.2011 20:10     C:\Windows\info1 --------- 155   
  26.07.2011 17:07     C:\Windows\front_ip_list.txt --------- 9474   
  26.07.2011 14:41     C:\Windows\unrar.exe --------- 246272   
  26.07.2011 14:41     C:\Windows\ufa.rar --------- 182617   
  26.07.2011 14:41     C:\Windows\phoenix.rar --------- 5589370   
  26.07.2011 14:41     C:\Windows\rpcminer.rar --------- 1075284   
  26.07.2011 14:40     C:\Windows\loader2.exe_ok --------- 0   
  26.07.2011 14:40     C:\Windows\winsetupapi.log --------- 11   
  26.07.2011 14:39     C:\Windows\geoiplist.rar --------- 904792   
  26.07.2011 14:23     C:\Windows\winlog-ids.txt --------- 5   
  26.07.2011 14:23     C:\Windows\winlog-dirs.txt --------- 52   
  23.07.2011 02:33     C:\Windows\TMFilter.log --------- 432   
  22.07.2011 18:11     C:\Windows\PFRO.log --------- 6322   
  21.07.2011 22:07     C:\Windows\nsreg.dat --------- 0   
  17.07.2011 03:24     C:\Windows\geoiplist --------- 4636907   
  09.07.2011 10:45     C:\Windows\MEMORY.DMP --------- 311888518   
  15.06.2011 14:04     C:\Windows\ODBCINST.INI --------- 244   
  19.05.2011 12:04     C:\Windows\win.ini --------- 640   
  19.05.2011 12:01     C:\Windows\PQArecord.log --------- 1567   
  19.05.2011 12:01     C:\Windows\AsCDProc.log --------- 211506   
  19.05.2011 12:01     C:\Windows\AsDebug.log --------- 5209586   
  19.05.2011 11:53     C:\Windows\DirectX.log --------- 31343   
  19.05.2011 11:53     C:\Windows\0”z --------- 20   
  19.05.2011 11:47     C:\Windows\FixPatch.log --------- 194   
  03.12.2009 10:01     C:\Windows\AsChkDev.txt --------- 61126   
  03.12.2009 09:58     C:\Windows\AsScrProlog.exe --------- 47672   
  03.12.2009 09:58     C:\Windows\ASUS Camera ScreenSaver.exe --------- 4814371   
  03.12.2009 09:58     C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe --------- 281144   
  03.12.2009 09:58     C:\Windows\AsScrPro.exe --------- 3054136   
  03.12.2009 09:51     C:\Windows\DPINST.LOG --------- 5684   
  03.12.2009 09:49     C:\Windows\explorer.exe --------- 2868224   
  03.12.2009 09:01     C:\Windows\TSSysprep.log --------- 3540   
  03.12.2009 09:00     C:\Windows\ativpsrm.bin --------- 0   
  02.12.2009 18:03     C:\Windows\DtcInstall.log --------- 3043   
  11.11.2009 11:34     C:\Windows\csup.txt --------- 10   
  02.11.2009 13:33     C:\Windows\OOBEPlayer.exe --------- 18944   
  22.09.2009 11:27     C:\Windows\OOBEPlayer.ini --------- 35   
  07.08.2009 09:31     C:\Windows\atiogl.xml --------- 18618   
  29.07.2009 20:37     C:\Windows\FullScreen.wmv --------- 26541350   
  14.07.2009 06:54     C:\Windows\WindowsShell.Manifest --------- 749   
  14.07.2009 06:51     C:\Windows\setuperr.log --------- 0   
  14.07.2009 03:39     C:\Windows\write.exe --------- 10240   
  14.07.2009 03:39     C:\Windows\splwow64.exe --------- 61952   
  14.07.2009 03:39     C:\Windows\regedit.exe --------- 427008   
  14.07.2009 03:39     C:\Windows\notepad.exe --------- 193536   
  14.07.2009 03:39     C:\Windows\hh.exe --------- 16896   
  14.07.2009 03:39     C:\Windows\HelpPane.exe --------- 733696   
  14.07.2009 03:39     C:\Windows\fveupdate.exe --------- 15360   
  14.07.2009 03:38     C:\Windows\bfsvc.exe --------- 71168   
  14.07.2009 03:16     C:\Windows\twain_32.dll --------- 51200   
  14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
  14.07.2009 01:06     C:\Windows\mib.bin --------- 43131   
  01.07.2009 10:10     C:\Windows\explorer.exe.config --------- 176   
  10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
  10.06.2009 23:08     C:\Windows\system.ini --------- 219   
  10.06.2009 22:52     C:\Windows\WMSysPr9.prx --------- 316640   
  10.06.2009 22:36     C:\Windows\msdfmap.ini --------- 1405   
  10.06.2009 22:31     C:\Windows\Starter.xml --------- 48201   
  10.06.2009 22:30     C:\Windows\HomePremium.xml --------- 48265   
  05.12.2008 00:19     C:\Windows\WLXPGSS.SCR --------- 308584   
  11.04.2007 09:34     C:\Windows\difxapi.dll --------- 414632   
  19.05.2006 13:53     C:\Windows\snp2uvc.src --------- 13022   
  19.05.2006 13:39     C:\Windows\snp2uvc.ini --------- 15497   
  22.02.2003 06:42     C:\Windows\msvcr71.dll --------- 348160   
  15.07.2000 10:00     C:\Windows\MSVCRTD.DLL --------- 434252   
  23.06.2000 22:46     C:\Windows\WMPrfPtg.prx --------- 35916   
  23.06.2000 22:46     C:\Windows\WMPrfJpn.prx --------- 23304   
  23.06.2000 22:46     C:\Windows\WMPrfKor.prx --------- 22338   
  23.06.2000 22:46     C:\Windows\WMPrfIta.prx --------- 35680   
  23.06.2000 22:46     C:\Windows\WMPrfFra.prx --------- 37916   
  23.06.2000 22:46     C:\Windows\WMPrfEsp.prx --------- 35590   
  23.06.2000 22:46     C:\Windows\WMPrfDeu.prx --------- 33820   
  23.06.2000 22:46     C:\Windows\WMPrfCht.prx --------- 18804   
  23.06.2000 22:46     C:\Windows\WMPrfChs.prx --------- 19492   
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 28.07.2011 12:04     C:\Windows\system32\config --------- 49152  
 28.07.2011 12:00     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 10016  
 28.07.2011 12:00     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 10016  
 28.07.2011 11:53     C:\Windows\system32\AutoRunFilter.ini --------- 2158  
 28.07.2011 11:53     C:\Windows\system32\ServiceFilter.ini --------- 1453  
 28.07.2011 10:50     C:\Windows\system32\drivers --------- 65536  
 27.07.2011 21:31     C:\Windows\system32\NDF --------- 4096  
 26.07.2011 23:56     C:\Windows\system32\catroot2 --------- 20480  
 26.07.2011 15:00     C:\Windows\system32\catroot --------- 4096  
 26.07.2011 15:00     C:\Windows\system32\DriverStore --------- 4096  
 22.07.2011 15:07     C:\Windows\system32\Tasks --------- 4096  
 09.07.2011 23:32     C:\Windows\system32\Service --------- 4096  
 01.07.2011 16:19     C:\Windows\system32\wdi --------- 4096  
 01.07.2011 10:31     C:\Windows\system32\MRT.exe --------- 50867144  
 20.06.2011 14:51     C:\Windows\system32\winrm --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\oobe --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\migwiz --------- 8192  
 20.06.2011 14:51     C:\Windows\system32\Boot --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\slmgr --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\sysprep --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\Setup --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\migration --------- 8192  
 20.06.2011 14:51     C:\Windows\system32\WCN --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\Dism --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\MUI --------- 4096  
 20.06.2011 14:50     C:\Windows\system32\Printing_Admin_Scripts --------- 4096  
 20.06.2011 14:50     C:\Windows\system32\wbem --------- 65536  
 20.06.2011 14:50     C:\Windows\system32\es-ES --------- 307200  
 20.06.2011 14:48     C:\Windows\system32\com --------- 4096  
 20.06.2011 14:41     C:\Windows\system32\pt-PT --------- 327680  
 20.06.2011 14:39     C:\Windows\system32\en-US --------- 192512  
 20.06.2011 14:36     C:\Windows\system32\nl-NL --------- 307200  
 20.06.2011 14:35     C:\Windows\system32\it-IT --------- 307200  
 20.06.2011 14:34     C:\Windows\system32\he-IL --------- 172032  
 20.06.2011 14:33     C:\Windows\system32\el-GR --------- 327680  
 20.06.2011 14:33     C:\Windows\system32\fr-FR --------- 307200  
 20.06.2011 14:31     C:\Windows\system32\zh-TW --------- 327680  
 12.06.2011 20:51     C:\Windows\system32\LogFiles --------- 4096  
 09.06.2011 19:14     C:\Windows\system32\perfh009.dat --------- 607190  
 09.06.2011 19:14     C:\Windows\system32\perfc009.dat --------- 103568  
 09.06.2011 19:14     C:\Windows\system32\perfh007.dat --------- 643866  
 09.06.2011 19:14     C:\Windows\system32\perfc007.dat --------- 126394  
 09.06.2011 19:14     C:\Windows\system32\PerfStringBackup.INI --------- 7024528  
 28.05.2011 14:56     C:\Windows\system32\frapsv64.dll --------- 71680  
 24.05.2011 23:44     C:\Windows\system32\OVDecode64.dll --------- 61952  
 24.05.2011 23:44     C:\Windows\system32\OpenCL.dll --------- 53760  
 24.05.2011 23:44     C:\Windows\system32\amdocl64.dll --------- 16672768  
 24.05.2011 19:14     C:\Windows\system32\MpSigStub.exe --------- 270720  
 23.05.2011 12:47     C:\Windows\system32\Defrag.ini --------- 80  
 23.05.2011 12:29     C:\Windows\system32\FNTCACHE.DAT --------- 452688  
 19.05.2011 20:43     C:\Windows\system32\license.rtf --------- 52953  
 19.05.2011 11:55     C:\Windows\system32\DRVSTORE --------- 0  
 19.05.2011 11:44     C:\Windows\system32\log --------- 0  
 19.05.2011 11:44     C:\Windows\system32\Recovery --------- 0  
 24.10.2010 00:56     C:\Windows\system32\CamCodec.dll --------- 49664  
 18.03.2010 09:36     C:\Windows\system32\mfc100fra.dll --------- 64336  
 18.03.2010 09:36     C:\Windows\system32\msvcp100.dll --------- 607568  
 18.03.2010 09:36     C:\Windows\system32\msvcr100.dll --------- 827728  
 18.03.2010 09:36     C:\Windows\system32\mfcm100u.dll --------- 91472  
 18.03.2010 09:36     C:\Windows\system32\mfcm100.dll --------- 91472  
 18.03.2010 09:36     C:\Windows\system32\mfc100u.dll --------- 5522768  
 18.03.2010 09:36     C:\Windows\system32\vcomp100.dll --------- 57168  
 18.03.2010 09:36     C:\Windows\system32\atl100.dll --------- 158536  
 18.03.2010 09:36     C:\Windows\system32\mfc100.dll --------- 5493576  
 18.03.2010 09:36     C:\Windows\system32\mfc100chs.dll --------- 36176  
 18.03.2010 09:36     C:\Windows\system32\mfc100cht.dll --------- 36176  
 18.03.2010 09:36     C:\Windows\system32\mfc100deu.dll --------- 64336  
 18.03.2010 09:36     C:\Windows\system32\mfc100enu.dll --------- 55120  
 18.03.2010 09:36     C:\Windows\system32\mfc100esn.dll --------- 63824  
 18.03.2010 09:36     C:\Windows\system32\mfc100rus.dll --------- 60752  
 18.03.2010 09:36     C:\Windows\system32\mfc100kor.dll --------- 43344  
 18.03.2010 09:36     C:\Windows\system32\mfc100ita.dll --------- 62288  
 18.03.2010 09:36     C:\Windows\system32\mfc100jpn.dll --------- 43856  
 03.12.2009 09:51     C:\Windows\system32\SRSLabs --------- 0  
 03.12.2009 09:51     C:\Windows\system32\msv1_0.dll --------- 311808  
 03.12.2009 09:51     C:\Windows\system32\msasn1.dll --------- 46592  
 03.12.2009 09:50     C:\Windows\system32\mshtml.dll --------- 9272320  
 03.12.2009 09:50     C:\Windows\system32\msfeedsbs.dll --------- 82944  
 03.12.2009 09:49     C:\Windows\system32\wmploc.DLL --------- 12625920  
 03.12.2009 09:49     C:\Windows\system32\wmp.dll --------- 14629376  
 03.12.2009 09:49     C:\Windows\system32\fontsub.dll --------- 100864  
 03.12.2009 09:49     C:\Windows\system32\atmfd.dll --------- 366080  
 03.12.2009 09:49     C:\Windows\system32\CertEnroll.dll --------- 1975296  
 03.12.2009 09:49     C:\Windows\system32\t2embed.dll --------- 148480  
 03.12.2009 09:45     C:\Windows\system32\OEM --------- 0  
 03.12.2009 09:05     C:\Windows\system32\restore --------- 0  
 02.10.2009 05:39     C:\Windows\system32\ATIDEMGX.dll --------- 446464  
 02.10.2009 05:38     C:\Windows\system32\atieclxx.exe --------- 439296  
 02.10.2009 05:38     C:\Windows\system32\atiesrxx.exe --------- 202752  
 02.10.2009 05:36     C:\Windows\system32\atitmm64.dll --------- 120320  
 02.10.2009 05:36     C:\Windows\system32\atipdl64.dll --------- 421376  
 02.10.2009 05:36     C:\Windows\system32\atimuixx.dll --------- 12288  
 02.10.2009 05:36     C:\Windows\system32\atiedu64.dll --------- 59392  
 02.10.2009 05:24     C:\Windows\system32\atidxx64.dll --------- 3599360  
 02.10.2009 05:17     C:\Windows\system32\atio6axx.dll --------- 16681984  
 02.10.2009 05:10     C:\Windows\system32\atiumd64.dll --------- 4649472  
 02.10.2009 05:02     C:\Windows\system32\atiumd6a.dll --------- 2519040  
 02.10.2009 05:00     C:\Windows\system32\atiumd6a.cap --------- 333904  
 02.10.2009 04:40     C:\Windows\system32\atimpc64.dll --------- 53248  
 02.10.2009 04:40     C:\Windows\system32\amdpcom64.dll --------- 53248  
----------------------------------------

 
C:\Windows\Prefetch

 23.05.2011 13:35     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 338851  
 23.05.2011 13:35     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 357203  
 23.05.2011 13:35     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 1297268  
 23.05.2011 13:35     C:\Windows\Prefetch\AgRobust.db --------- 66384  
 23.05.2011 13:35     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584  
 23.05.2011 13:05     C:\Windows\Prefetch\ReadyBoot --------- 0  
 19.05.2011 11:47     C:\Windows\Prefetch\AgAppLaunch.db --------- 334168  
----------------------------------------

 
C:\Windows\Tasks

 28.07.2011 11:57     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1106  
 28.07.2011 11:53     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1102  
 28.07.2011 11:52     C:\Windows\Tasks\SA.DAT --------- 6  
 19.07.2011 12:32     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632  
----------------------------------------

 
C:\Windows\Temp

 28.07.2011 12:21     C:\Windows\Temp\MpCmdRun.log --------- 11514  
 28.07.2011 11:54     C:\Windows\Temp\lpksetup-20110728-115414-0.log --------- 2650  
 28.07.2011 11:53     C:\Windows\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb --------- 3596  
 28.07.2011 11:52     C:\Windows\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb --------- 3596  
 28.07.2011 11:51     C:\Windows\Temp\fwtsqmfile17.sqm --------- 608  
 28.07.2011 11:17     C:\Windows\Temp\js_vk_1 --------- 7164  
 28.07.2011 11:17     C:\Windows\Temp\js_vk_0 --------- 13317  
 28.07.2011 10:58     C:\Windows\Temp\GoogleToolbarInstaller1.log --------- 18180  
 28.07.2011 10:18     C:\Windows\Temp\lpksetup-20110728-101726-0.log --------- 2650  
 28.07.2011 01:44     C:\Windows\Temp\WERC4E5.tmp.appcompat.txt --------- 31422  
 28.07.2011 01:44     C:\Windows\Temp\fwtsqmfile16.sqm --------- 608  
 28.07.2011 00:17     C:\Windows\Temp\lpksetup-20110728-001733-0.log --------- 2650  
 27.07.2011 23:36     C:\Windows\Temp\fwtsqmfile15.sqm --------- 608  
 27.07.2011 23:07     C:\Windows\Temp\lpksetup-20110727-230713-0.log --------- 2650  
 27.07.2011 23:04     C:\Windows\Temp\fwtsqmfile14.sqm --------- 608  
 27.07.2011 21:37     C:\Windows\Temp\lpksetup-20110727-213710-0.log --------- 2650  
 27.07.2011 21:34     C:\Windows\Temp\fwtsqmfile13.sqm --------- 608  
 27.07.2011 20:11     C:\Windows\Temp\lpksetup-20110727-201049-0.log --------- 2650  
 26.07.2011 23:56     C:\Windows\Temp\xx1885 --------- 0  
 26.07.2011 23:56     C:\Windows\Temp\xx1884 --------- 0  
 26.07.2011 23:56     C:\Windows\Temp\xx1886 --------- 0  
 26.07.2011 23:56     C:\Windows\Temp\xx1887 --------- 0  
 26.07.2011 23:56     C:\Windows\Temp\xx1883 --------- 0  
 26.07.2011 23:54     C:\Windows\Temp\fwtsqmfile12.sqm --------- 608  
 26.07.2011 22:36     C:\Windows\Temp\lpksetup-20110726-223518-0.log --------- 2650  
 26.07.2011 16:27     C:\Windows\Temp\fwtsqmfile11.sqm --------- 608  
 26.07.2011 15:16     C:\Windows\Temp\MpSigStub.log --------- 3442  
 26.07.2011 15:13     C:\Windows\Temp\OCL59D5.tmp --------- 0  
 26.07.2011 15:13     C:\Windows\Temp\OCL3987.tmp --------- 0  
 26.07.2011 15:00     C:\Windows\Temp\x86 --------- 0  
 26.07.2011 15:00     C:\Windows\Temp\amd64 --------- 0  
 26.07.2011 14:45     C:\Windows\Temp\488025.exe --------- 643072  
 26.07.2011 14:44     C:\Windows\Temp\268349748_ati.exe --------- 90660504  
 26.07.2011 14:41     C:\Windows\Temp\332159.exe --------- 495616  
 26.07.2011 14:40     C:\Windows\Temp\841380.exe --------- 348672  
 26.07.2011 14:38     C:\Windows\Temp\lpksetup-20110726-143801-0.log --------- 2650  
 26.07.2011 14:33     C:\Windows\Temp\fwtsqmfile10.sqm --------- 608  
 26.07.2011 14:23     C:\Windows\Temp\bcdedit32.exe --------- 294912  
 26.07.2011 14:03     C:\Windows\Temp\AskSLib.dll --------- 12590  
 26.07.2011 13:58     C:\Windows\Temp\lpksetup-20110726-135814-0.log --------- 2650  
 25.07.2011 07:47     C:\Windows\Temp\fwtsqmfile09.sqm --------- 608  
 25.07.2011 07:37     C:\Windows\Temp\lpksetup-20110725-073644-0.log --------- 2650  
 24.07.2011 23:56     C:\Windows\Temp\fwtsqmfile08.sqm --------- 608  
 24.07.2011 22:51     C:\Windows\Temp\lpksetup-20110724-225046-0.log --------- 2650  
 24.07.2011 20:27     C:\Windows\Temp\lpksetup-20110724-202715-0.log --------- 2650  
 24.07.2011 18:06     C:\Windows\Temp\lpksetup-20110724-180614-0.log --------- 2650  
 24.07.2011 16:14     C:\Windows\Temp\fwtsqmfile07.sqm --------- 608  
 24.07.2011 16:04     C:\Windows\Temp\lpksetup-20110724-160402-0.log --------- 2650  
 24.07.2011 00:29     C:\Windows\Temp\fwtsqmfile06.sqm --------- 608  
 23.07.2011 18:41     C:\Windows\Temp\lpksetup-20110723-184041-0.log --------- 2650  
 23.07.2011 13:29     C:\Windows\Temp\fwtsqmfile05.sqm --------- 608  
 23.07.2011 13:02     C:\Windows\Temp\lpksetup-20110723-130134-0.log --------- 2650  
 23.07.2011 02:33     C:\Windows\Temp\fwtsqmfile04.sqm --------- 608  
 23.07.2011 01:45     C:\Windows\Temp\lpksetup-20110723-014529-0.log --------- 2650  
 22.07.2011 18:43     C:\Windows\Temp\fwtsqmfile03.sqm --------- 608  
 22.07.2011 18:13     C:\Windows\Temp\lpksetup-20110722-181338-0.log --------- 2650  
 22.07.2011 17:29     C:\Windows\Temp\fwtsqmfile02.sqm --------- 608  
 22.07.2011 11:09     C:\Windows\Temp\lpksetup-20110722-110840-0.log --------- 2650  
 22.07.2011 01:32     C:\Windows\Temp\fwtsqmfile01.sqm --------- 608  
 21.07.2011 19:10     C:\Windows\Temp\lpksetup-20110721-191027-0.log --------- 2650  
 21.07.2011 18:06     C:\Windows\Temp\fwtsqmfile00.sqm --------- 608  
 21.07.2011 16:18     C:\Windows\Temp\lpksetup-20110721-161800-0.log --------- 2650  
 21.07.2011 15:48     C:\Windows\Temp\fwtsqmfile19.sqm --------- 608  
 21.07.2011 15:07     C:\Windows\Temp\lpksetup-20110721-150735-0.log --------- 2650  
 21.07.2011 14:54     C:\Windows\Temp\fwtsqmfile18.sqm --------- 608  
 21.07.2011 14:39     C:\Windows\Temp\lpksetup-20110721-143854-0.log --------- 2650  
 21.07.2011 14:32     C:\Windows\Temp\WER9251.tmp.appcompat.txt --------- 80550  
 21.07.2011 13:25     C:\Windows\Temp\lpksetup-20110721-132447-0.log --------- 2642  
 20.07.2011 23:34     C:\Windows\Temp\lpksetup-20110720-233415-0.log --------- 2650  
 20.07.2011 05:57     C:\Windows\Temp\lpksetup-20110720-055725-0.log --------- 2650  
 19.07.2011 17:05     C:\Windows\Temp\lpksetup-20110719-170517-0.log --------- 2650  
 19.07.2011 12:34     C:\Windows\Temp\lpksetup-20110719-123357-0.log --------- 2650  
 19.07.2011 00:26     C:\Windows\Temp\lpksetup-20110719-002612-0.log --------- 2650  
 18.07.2011 17:37     C:\Windows\Temp\lpksetup-20110718-173708-0.log --------- 2650  
 18.07.2011 14:38     C:\Windows\Temp\lpksetup-20110718-143756-0.log --------- 2650  
 18.07.2011 00:01     C:\Windows\Temp\lpksetup-20110718-000121-0.log --------- 2650  
 17.07.2011 13:03     C:\Windows\Temp\lpksetup-20110717-130314-0.log --------- 2650  
 17.07.2011 00:22     C:\Windows\Temp\lpksetup-20110717-002146-0.log --------- 2650  
 16.07.2011 18:53     C:\Windows\Temp\xx141 --------- 0  
 16.07.2011 18:53     C:\Windows\Temp\xx137 --------- 0  
 16.07.2011 18:53     C:\Windows\Temp\xx140 --------- 0  
 16.07.2011 18:53     C:\Windows\Temp\xx139 --------- 0  
 16.07.2011 18:53     C:\Windows\Temp\xx138 --------- 0  
 16.07.2011 18:25     C:\Windows\Temp\lpksetup-20110716-182504-0.log --------- 2650  
 16.07.2011 11:53     C:\Windows\Temp\lpksetup-20110716-115300-0.log --------- 2650  
 16.07.2011 01:49     C:\Windows\Temp\xx1569 --------- 0  
 16.07.2011 01:49     C:\Windows\Temp\xx1570 --------- 0  
 16.07.2011 01:49     C:\Windows\Temp\xx1571 --------- 0  
 16.07.2011 01:49     C:\Windows\Temp\xx1568 --------- 0  
 16.07.2011 01:49     C:\Windows\Temp\xx1572 --------- 0  
 15.07.2011 16:27     C:\Windows\Temp\lpksetup-20110715-162732-0.log --------- 2650  
 14.07.2011 19:10     C:\Windows\Temp\lpksetup-20110714-191018-0.log --------- 2650  
 14.07.2011 11:10     C:\Windows\Temp\lpksetup-20110714-110951-0.log --------- 2650  
 13.07.2011 21:30     C:\Windows\Temp\WERA9E.tmp.appcompat.txt --------- 80776  
 13.07.2011 17:50     C:\Windows\Temp\lpksetup-20110713-175030-0.log --------- 2650  
 13.07.2011 14:10     C:\Windows\Temp\lpksetup-20110713-141009-0.log --------- 2650  
 13.07.2011 00:26     C:\Windows\Temp\WERCE1C.tmp.appcompat.txt --------- 77178  
 12.07.2011 20:13     C:\Windows\Temp\lpksetup-20110712-201325-0.log --------- 2650  
 12.07.2011 00:15     C:\Windows\Temp\WER73CB.tmp.appcompat.txt --------- 102250  
 11.07.2011 21:37     C:\Windows\Temp\lpksetup-20110711-213724-0.log --------- 2650  
 11.07.2011 18:01     C:\Windows\Temp\WERC39E.tmp.appcompat.txt --------- 95044  
 11.07.2011 15:51     C:\Windows\Temp\lpksetup-20110711-155038-0.log --------- 2650  
 11.07.2011 14:01     C:\Windows\Temp\lpksetup-20110711-140054-0.log --------- 2650  
 11.07.2011 10:45     C:\Windows\Temp\lpksetup-20110711-104515-0.log --------- 2650  
 10.07.2011 12:41     C:\Windows\Temp\WER86CC.tmp.appcompat.txt --------- 82434  
 10.07.2011 11:53     C:\Windows\Temp\lpksetup-20110710-115309-0.log --------- 2650  
 10.07.2011 11:50     C:\Windows\Temp\xx200 --------- 0  
 10.07.2011 11:50     C:\Windows\Temp\xx201 --------- 0  
 10.07.2011 11:50     C:\Windows\Temp\xx198 --------- 0  
 10.07.2011 11:50     C:\Windows\Temp\xx199 --------- 0  
 10.07.2011 11:50     C:\Windows\Temp\xx197 --------- 0  
 10.07.2011 11:22     C:\Windows\Temp\lpksetup-20110710-112219-0.log --------- 2650  
 10.07.2011 00:57     C:\Windows\Temp\lpksetup-20110710-005635-0.log --------- 2650  
 10.07.2011 00:19     C:\Windows\Temp\WER1074.tmp.appcompat.txt --------- 106056  
 09.07.2011 23:33     C:\Windows\Temp\lpksetup-20110709-233256-0.log --------- 2650  
 09.07.2011 10:47     C:\Windows\Temp\lpksetup-20110709-104718-0.log --------- 2650  
 09.07.2011 01:03     C:\Windows\Temp\WER2D29.tmp.appcompat.txt --------- 99906  
 08.07.2011 22:59     C:\Windows\Temp\lpksetup-20110708-225844-0.log --------- 2650  
 08.07.2011 19:14     C:\Windows\Temp\lpksetup-20110708-191340-0.log --------- 2650  
 08.07.2011 18:24     C:\Windows\Temp\WERCFDC.tmp.appcompat.txt --------- 80550  
 08.07.2011 17:44     C:\Windows\Temp\lpksetup-20110708-174354-0.log --------- 2650  
 08.07.2011 13:43     C:\Windows\Temp\WER674D.tmp.appcompat.txt --------- 106056  
 08.07.2011 10:41     C:\Windows\Temp\lpksetup-20110708-104049-0.log --------- 2650  
 07.07.2011 17:59     C:\Windows\Temp\lpksetup-20110707-175831-0.log --------- 2642  
 07.07.2011 12:25     C:\Windows\Temp\lpksetup-20110707-122446-0.log --------- 2650  
 07.07.2011 11:10     C:\Windows\Temp\lpksetup-20110707-110950-0.log --------- 2650  
 06.07.2011 22:42     C:\Windows\Temp\xx3564 --------- 0  
 06.07.2011 22:42     C:\Windows\Temp\xx3566 --------- 0  
 06.07.2011 22:42     C:\Windows\Temp\xx3567 --------- 0  
 06.07.2011 22:42     C:\Windows\Temp\xx3565 --------- 0  
 06.07.2011 22:42     C:\Windows\Temp\xx3563 --------- 0  
 06.07.2011 14:01     C:\Windows\Temp\lpksetup-20110706-140130-0.log --------- 2650  
 05.07.2011 22:53     C:\Windows\Temp\WERA1DB.tmp.appcompat.txt --------- 80550  
 05.07.2011 21:33     C:\Windows\Temp\lpksetup-20110705-213313-0.log --------- 2650  
 05.07.2011 18:50     C:\Windows\Temp\lpksetup-20110705-185008-0.log --------- 2650  
 05.07.2011 12:59     C:\Windows\Temp\lpksetup-20110705-125924-0.log --------- 2650  
 05.07.2011 00:10     C:\Windows\Temp\WER3810.tmp.appcompat.txt --------- 80776  
 04.07.2011 23:54     C:\Windows\Temp\lpksetup-20110704-235400-0.log --------- 2650  
 04.07.2011 19:22     C:\Windows\Temp\lpksetup-20110704-192208-0.log --------- 2642  
 04.07.2011 17:20     C:\Windows\Temp\xx647 --------- 0  
 04.07.2011 14:52     C:\Windows\Temp\lpksetup-20110704-145210-0.log --------- 2650  
 03.07.2011 19:18     C:\Windows\Temp\lpksetup-20110703-191726-0.log --------- 2650  
 03.07.2011 16:35     C:\Windows\Temp\lpksetup-20110703-163517-0.log --------- 2650  
 03.07.2011 12:24     C:\Windows\Temp\lpksetup-20110703-122419-0.log --------- 2650  
 02.07.2011 16:46     C:\Windows\Temp\lpksetup-20110702-164558-0.log --------- 2650  
 02.07.2011 15:01     C:\Windows\Temp\xx375 --------- 0  
 02.07.2011 15:01     C:\Windows\Temp\xx374 --------- 0  
 02.07.2011 15:01     C:\Windows\Temp\xx373 --------- 0  
 02.07.2011 15:01     C:\Windows\Temp\xx372 --------- 0  
 02.07.2011 15:01     C:\Windows\Temp\xx376 --------- 0  
 02.07.2011 15:01     C:\Windows\Temp\GUR4186.tmp --------- 0  
 02.07.2011 11:42     C:\Windows\Temp\Google Toolbar --------- 0  
 02.07.2011 11:41     C:\Windows\Temp\GoogleToolbarInstaller2.log --------- 935  
 02.07.2011 11:20     C:\Windows\Temp\lpksetup-20110702-112010-0.log --------- 2650  
 02.07.2011 08:42     C:\Windows\Temp\lpksetup-20110702-084134-0.log --------- 2650  
 01.07.2011 19:42     C:\Windows\Temp\lpksetup-20110701-194157-0.log --------- 2650  
 01.07.2011 16:18     C:\Windows\Temp\lpksetup-20110701-161828-0.log --------- 2650  
 01.07.2011 13:25     C:\Windows\Temp\lpksetup-20110701-132441-0.log --------- 2650  
 01.07.2011 00:05     C:\Windows\Temp\lpksetup-20110701-000508-0.log --------- 2650  
 30.06.2011 17:15     C:\Windows\Temp\lpksetup-20110630-171448-0.log --------- 2650  
 30.06.2011 16:11     C:\Windows\Temp\lpksetup-20110630-161056-0.log --------- 2650  
 30.06.2011 13:30     C:\Windows\Temp\lpksetup-20110630-132958-0.log --------- 2650  
 29.06.2011 22:03     C:\Windows\Temp\lpksetup-20110629-220303-0.log --------- 2650  
 29.06.2011 17:46     C:\Windows\Temp\lpksetup-20110629-174633-0.log --------- 2650  
 29.06.2011 12:43     C:\Windows\Temp\lpksetup-20110629-124257-0.log --------- 2650  
 28.06.2011 21:35     C:\Windows\Temp\lpksetup-20110628-213442-0.log --------- 2650  
 28.06.2011 12:56     C:\Windows\Temp\lpksetup-20110628-125543-0.log --------- 2650  
 27.06.2011 21:33     C:\Windows\Temp\WER66BF.tmp.appcompat.txt --------- 67118  
 27.06.2011 19:36     C:\Windows\Temp\lpksetup-20110627-193615-0.log --------- 2650  
 27.06.2011 16:19     C:\Windows\Temp\lpksetup-20110627-161922-0.log --------- 2650  
 26.06.2011 21:29     C:\Windows\Temp\WER3D22.tmp.appcompat.txt --------- 22656  
 26.06.2011 18:28     C:\Windows\Temp\lpksetup-20110626-182809-0.log --------- 2650  
 26.06.2011 11:23     C:\Windows\Temp\lpksetup-20110626-112315-0.log --------- 2650  
 24.06.2011 14:23     C:\Windows\Temp\lpksetup-20110624-142307-0.log --------- 2650  
 23.06.2011 23:00     C:\Windows\Temp\WER8FE3.tmp.appcompat.txt --------- 5032  
 23.06.2011 19:55     C:\Windows\Temp\lpksetup-20110623-195510-0.log --------- 2650  
 23.06.2011 17:43     C:\Windows\Temp\lpksetup-20110623-174328-0.log --------- 2650  
 23.06.2011 16:41     C:\Windows\Temp\WER2629.tmp.appcompat.txt --------- 39940  
 23.06.2011 13:28     C:\Windows\Temp\lpksetup-20110623-132806-0.log --------- 2650  
 22.06.2011 20:11     C:\Windows\Temp\WERF18F.tmp.appcompat.txt --------- 44138  
 22.06.2011 19:52     C:\Windows\Temp\lpksetup-20110622-195150-0.log --------- 2650  
 22.06.2011 13:34     C:\Windows\Temp\lpksetup-20110622-133346-0.log --------- 2650  
 22.06.2011 01:15     C:\Windows\Temp\WER6E7C.tmp.appcompat.txt --------- 65422  
 22.06.2011 00:12     C:\Windows\Temp\lpksetup-20110622-001244-0.log --------- 2650  
 21.06.2011 21:20     C:\Windows\Temp\lpksetup-20110621-211958-0.log --------- 2650  
 21.06.2011 20:10     C:\Windows\Temp\xx2066 --------- 0  
 21.06.2011 20:10     C:\Windows\Temp\xx2062 --------- 0  
 21.06.2011 20:10     C:\Windows\Temp\xx2065 --------- 0  
 21.06.2011 20:10     C:\Windows\Temp\xx2064 --------- 0  
 21.06.2011 20:10     C:\Windows\Temp\xx2063 --------- 0  
 21.06.2011 16:29     C:\Windows\Temp\lpksetup-20110621-162830-0.log --------- 2650  
 21.06.2011 13:33     C:\Windows\Temp\lpksetup-20110621-133307-0.log --------- 2650  
 20.06.2011 22:09     C:\Windows\Temp\WERDC9.tmp.appcompat.txt --------- 8342  
 20.06.2011 18:28     C:\Windows\Temp\lpksetup-20110620-182732-0.log --------- 4364  
 20.06.2011 15:05     C:\Windows\Temp\WER8B1F.tmp.appcompat.txt --------- 94592  
 20.06.2011 15:00     C:\Windows\Temp\lpksetup-20110620-145843-0.log --------- 950  
 20.06.2011 00:01     C:\Windows\Temp\xx2028 --------- 0  
 20.06.2011 00:01     C:\Windows\Temp\xx2031 --------- 0  
 20.06.2011 00:01     C:\Windows\Temp\xx2030 --------- 0  
 20.06.2011 00:01     C:\Windows\Temp\xx2029 --------- 0  
 20.06.2011 00:01     C:\Windows\Temp\xx2027 --------- 0  
 19.06.2011 22:55     C:\Windows\Temp\lpksetup-20110619-223031-0.log --------- 162750  
 18.06.2011 17:16     C:\Windows\Temp\WERE536.tmp.appcompat.txt --------- 11556  
 18.06.2011 00:12     C:\Windows\Temp\WERE3B1.tmp.appcompat.txt --------- 17574  
 17.06.2011 14:14     C:\Windows\Temp\WERAF14.tmp.appcompat.txt --------- 110180  
 15.06.2011 22:20     C:\Windows\Temp\WER4731.tmp.appcompat.txt --------- 82208  
 14.06.2011 19:35     C:\Windows\Temp\WER30C6.tmp.appcompat.txt --------- 81982  
 13.06.2011 23:38     C:\Windows\Temp\WER63B4.tmp.appcompat.txt --------- 42236  
 12.06.2011 12:43     C:\Windows\Temp\WER5E66.tmp.appcompat.txt --------- 81982  
 11.06.2011 23:13     C:\Windows\Temp\WER4C5E.tmp.appcompat.txt --------- 117964  
 11.06.2011 17:26     C:\Windows\Temp\WERD2AA.tmp.appcompat.txt --------- 92784  
 11.06.2011 00:51     C:\Windows\Temp\WERD723.tmp.appcompat.txt --------- 30970  
 10.06.2011 17:34     C:\Windows\Temp\WER312E.tmp.appcompat.txt --------- 126660  
 10.06.2011 14:45     C:\Windows\Temp\WERD7BA.tmp.appcompat.txt --------- 113670  
 09.06.2011 22:53     C:\Windows\Temp\WERB676.tmp.appcompat.txt --------- 27182  
 09.06.2011 17:32     C:\Windows\Temp\WER5C63.tmp.appcompat.txt --------- 85826  
 09.06.2011 15:44     C:\Windows\Temp\xx730 --------- 0  
 09.06.2011 15:44     C:\Windows\Temp\xx728 --------- 0  
 09.06.2011 15:44     C:\Windows\Temp\xx729 --------- 0  
 09.06.2011 15:44     C:\Windows\Temp\xx727 --------- 0  
 09.06.2011 15:44     C:\Windows\Temp\xx731 --------- 0  
 07.06.2011 13:02     C:\Windows\Temp\WERC591.tmp.appcompat.txt --------- 91766  
 04.06.2011 19:30     C:\Windows\Temp\WERC8AE.tmp.appcompat.txt --------- 94366  
 04.06.2011 00:48     C:\Windows\Temp\WER4081.tmp.appcompat.txt --------- 9890  
 03.06.2011 17:17     C:\Windows\Temp\WER403A.tmp.appcompat.txt --------- 167760  
 03.06.2011 17:16     C:\Windows\Temp\~temp-20110603_1715_43.avi --------- 180248576  
 03.06.2011 17:15     C:\Windows\Temp\~temp-20110603_1715_43.txt --------- 0  
 03.06.2011 17:14     C:\Windows\Temp\20110603_1714_27.avi --------- 113384960  
 03.06.2011 17:14     C:\Windows\Temp\20110603_1714_27.txt --------- 67  
 23.05.2011 12:30     C:\Windows\Temp\WER60A5.tmp.appcompat.txt --------- 125012  
 19.05.2011 11:48     C:\Windows\Temp\History --------- 0  
 19.05.2011 11:48     C:\Windows\Temp\Cookies --------- 0  
 19.05.2011 11:48     C:\Windows\Temp\Temporary Internet Files --------- 0  
 19.05.2011 11:46     C:\Windows\Temp\FXSAPIDebugLogFile.txt --------- 0  
 19.05.2011 11:46     C:\Windows\Temp\FXSTIFFDebugLogFile.txt --------- 0  
 04.11.2010 22:00     C:\Windows\Temp\AMDCatalyst_EXE_Package_Banner_415x82_Oct_2010.bmp --------- 102390  
 03.12.2009 09:34     C:\Windows\Temp\_tis_msiexecdb9.log --------- 1014668  
 03.12.2009 09:34     C:\Windows\Temp\02122009_TIS17_tismsi_S-1-5-21-3496300140-1810844875-3561447292-500.log --------- 6551766  
 03.12.2009 09:34     C:\Windows\Temp\tismsi --------- 4096  
 03.12.2009 09:33     C:\Windows\Temp\tmdbg.ini --------- 1406  
 03.12.2009 09:28     C:\Windows\Temp\MPTelemetrySubmit --------- 0  
 03.12.2009 09:00     C:\Windows\Temp\DMI3468.tmp --------- 0  
 02.12.2009 18:04     C:\Windows\Temp\WER2625.tmp.appcompat.txt --------- 118586  
 22.10.2009 06:55     C:\Windows\Temp\LOCAL1.cmd --------- 1131  
 29.07.2009 07:08     C:\Windows\Temp\TS_84B1.tmp --------- 327680  
 29.07.2009 07:08     C:\Windows\Temp\TS_7E3A.tmp --------- 196608  
 29.07.2009 07:08     C:\Windows\Temp\TS_6A2D.tmp --------- 720896  
 29.07.2009 07:08     C:\Windows\Temp\TS_680A.tmp --------- 262144  
 29.07.2009 07:08     C:\Windows\Temp\TS_5C75.tmp --------- 524288  
 29.07.2009 07:08     C:\Windows\Temp\TS_59D5.tmp --------- 262144  
 29.07.2009 07:08     C:\Windows\Temp\TS_4EEC.tmp --------- 458752  
 29.07.2009 07:07     C:\Windows\Temp\TS_45A7.tmp --------- 262144  
 29.07.2009 07:06     C:\Windows\Temp\DMIA83F.tmp --------- 0  
 09.12.2008 03:04     C:\Windows\Temp\LOCAL.cmd --------- 1290  
----------------------------------------

 
C:\Users\ASUS\AppData\Local\Temp

 28.07.2011 12:02     C:\Users\ASUS\AppData\Local\Temp\~DF0982F92F5377033F.TMP --------- 32768  
 28.07.2011 12:02     C:\Users\ASUS\AppData\Local\Temp\~DFB2EDCB7C2979C5BF.TMP --------- 16384  
 28.07.2011 11:58     C:\Users\ASUS\AppData\Local\Temp\jusched.log --------- 67089  
 28.07.2011 11:54     C:\Users\ASUS\AppData\Local\Temp\WPDNSE --------- 0  
 28.07.2011 11:54     C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb --------- 3596  
 28.07.2011 11:53     C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb --------- 3596  
 28.07.2011 11:43     C:\Users\ASUS\AppData\Local\Temp\Google Toolbar --------- 0  
 28.07.2011 10:51     C:\Users\ASUS\AppData\Local\Temp\~DFB46FF8F5CD16BEC7.TMP --------- 147456  
 28.07.2011 10:51     C:\Users\ASUS\AppData\Local\Temp\~DFB13B5B1B09FC276B.TMP --------- 147456  
 28.07.2011 10:41     C:\Users\ASUS\AppData\Local\Temp\StructuredQuery.log --------- 118027  
 28.07.2011 10:22     C:\Users\ASUS\AppData\Local\Temp\hsperfdata_ASUS --------- 0  
 28.07.2011 10:18     C:\Users\ASUS\AppData\Local\Temp\cacaonew068cb2.exe --------- 398064  
 28.07.2011 10:17     C:\Users\ASUS\AppData\Local\Temp\log115.txt --------- 50867  
 27.07.2011 23:16     C:\Users\ASUS\AppData\Local\Temp\xprt27c3.ico --------- 4286  
 27.07.2011 23:12     C:\Users\ASUS\AppData\Local\Temp\xprt5a9e.ico --------- 4286  
 27.07.2011 23:11     C:\Users\ASUS\AppData\Local\Temp\xprt4b9d.ico --------- 4286  
 27.07.2011 23:09     C:\Users\ASUS\AppData\Local\Temp\xprt7284.ico --------- 4286  
 27.07.2011 23:01     C:\Users\ASUS\AppData\Local\Temp\msdtadmin --------- 0  
 27.07.2011 23:01     C:\Users\ASUS\AppData\Local\Temp\xprt3835.ico --------- 4286  
 27.07.2011 22:57     C:\Users\ASUS\AppData\Local\Temp\xprt2b18.ico --------- 4286  
 27.07.2011 22:45     C:\Users\ASUS\AppData\Local\Temp\xprt2464.ico --------- 4286  
 27.07.2011 22:36     C:\Users\ASUS\AppData\Local\Temp\xprt4d7a.ico --------- 4286  
 27.07.2011 22:34     C:\Users\ASUS\AppData\Local\Temp\xprt37c3.ico --------- 4286  
 27.07.2011 22:33     C:\Users\ASUS\AppData\Local\Temp\xprt5724.ico --------- 4286  
 27.07.2011 21:49     C:\Users\ASUS\AppData\Local\Temp\delete.ini --------- 0  
 27.07.2011 21:49     C:\Users\ASUS\AppData\Local\Temp\maintenance.ini --------- 87  
 27.07.2011 20:29     C:\Users\ASUS\AppData\Local\Temp\InstallComplete --------- 0  
 27.07.2011 20:29     C:\Users\ASUS\AppData\Local\Temp\HyperCam.exe --------- 2295832  
 27.07.2011 20:28     C:\Users\ASUS\AppData\Local\Temp\xx.ini --------- 281  
 27.07.2011 20:28     C:\Users\ASUS\AppData\Local\Temp\RarSFX1 --------- 4096  
 27.07.2011 20:28     C:\Users\ASUS\AppData\Local\Temp\nss1AE2.tmp --------- 0  
 27.07.2011 20:28     C:\Users\ASUS\AppData\Local\Temp\RarSFX0 --------- 4096  
 27.07.2011 20:12     C:\Users\ASUS\AppData\Local\Temp\cacaonew608acd.exe --------- 398064  
 26.07.2011 15:18     C:\Users\ASUS\AppData\Local\Temp\Log --------- 0  
 26.07.2011 14:23     C:\Users\ASUS\AppData\Local\Temp\bcdedit32.exe --------- 294912  
 26.07.2011 14:23     C:\Users\ASUS\AppData\Local\Temp\51773975.bat --------- 234  
 26.07.2011 14:21     C:\Users\ASUS\AppData\Local\Temp\MSI72146.LOG --------- 364530  
 22.07.2011 14:10     C:\Users\ASUS\AppData\Local\Temp\chrome_installer.log --------- 0  
 22.07.2011 14:10     C:\Users\ASUS\AppData\Local\Temp\cacaonew7224c3.exe --------- 398064  
 22.07.2011 14:02     C:\Users\ASUS\AppData\Local\Temp\{6F2C548D-3B6F-4A89-B968-B07427D891C7} --------- 28672  
 21.07.2011 14:41     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(201107211441069C8).log --------- 695  
 21.07.2011 14:41     C:\Users\ASUS\AppData\Local\Temp\SetupExe(201107211441029C8).log --------- 18106  
 21.07.2011 14:05     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(2011072114051610AC).log --------- 70837  
 21.07.2011 14:05     C:\Users\ASUS\AppData\Local\Temp\SetupExe(2011072114051310AC).log --------- 18110  
 21.07.2011 10:58     C:\Users\ASUS\AppData\Local\Temp\Hyperionics DB Toolbar.xpi --------- 155831  
 21.07.2011 10:58     C:\Users\ASUS\AppData\Local\Temp\ietb.cab --------- 1485143  
 21.07.2011 00:03     C:\Users\ASUS\AppData\Local\Temp\jar_cache1678786475409790603.tmp --------- 2111443  
 21.07.2011 00:02     C:\Users\ASUS\AppData\Local\Temp\www.minecraft.net --------- 0  
 19.07.2011 13:35     C:\Users\ASUS\AppData\Local\Temp\WMPBurn --------- 0  
 19.07.2011 01:22     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(2011071901163817D4).log --------- 70837  
 19.07.2011 01:16     C:\Users\ASUS\AppData\Local\Temp\SetupExe(2011071901163517D4).log --------- 18110  
 08.07.2011 19:29     C:\Users\ASUS\AppData\Local\Temp\Low --------- 4096  
 08.07.2011 10:48     C:\Users\ASUS\AppData\Local\Temp\e4j37F1.tmp_dir --------- 0  
 08.07.2011 01:04     C:\Users\ASUS\AppData\Local\Temp\e4jC7D8.tmp_dir --------- 0  
 07.07.2011 23:55     C:\Users\ASUS\AppData\Local\Temp\e4j45CC.tmp_dir --------- 0  
 07.07.2011 23:46     C:\Users\ASUS\AppData\Local\Temp\e4j4E83.tmp_dir --------- 0  
 07.07.2011 21:12     C:\Users\ASUS\AppData\Local\Temp\e4j4DC5.tmp_dir --------- 0  
 07.07.2011 18:07     C:\Users\ASUS\AppData\Local\Temp\e4j508F.tmp_dir --------- 0  
 07.07.2011 18:05     C:\Users\ASUS\AppData\Local\Temp\{0A83BBC5-6E66-4538-B73B-1E5A210FC8DB} --------- 4096  
 07.07.2011 13:16     C:\Users\ASUS\AppData\Local\Temp\e4j5753.tmp_dir --------- 0  
 06.07.2011 21:43     C:\Users\ASUS\AppData\Local\Temp\{BB501BD4-3E4B-4AA4-AD22-350DE3380537} --------- 0  
 06.07.2011 21:43     C:\Users\ASUS\AppData\Local\Temp\{5D53CE6D-8724-4EEB-A774-48943B20EB16} --------- 4096  
 06.07.2011 18:36     C:\Users\ASUS\AppData\Local\Temp\wmsetup.log --------- 4467  
 06.07.2011 15:40     C:\Users\ASUS\AppData\Local\Temp\e4j274F.tmp_dir --------- 0  
 05.07.2011 21:38     C:\Users\ASUS\AppData\Local\Temp\e4jCCC0.tmp_dir --------- 0  
 05.07.2011 18:56     C:\Users\ASUS\AppData\Local\Temp\e4j757D.tmp_dir --------- 0  
 05.07.2011 13:12     C:\Users\ASUS\AppData\Local\Temp\e4j8BBB.tmp_dir --------- 0  
 04.07.2011 21:20     C:\Users\ASUS\AppData\Local\Temp\e4jEE27.tmp_dir --------- 0  
 04.07.2011 19:24     C:\Users\ASUS\AppData\Local\Temp\e4j2413.tmp_dir --------- 0  
 04.07.2011 14:59     C:\Users\ASUS\AppData\Local\Temp\e4j389C.tmp_dir --------- 0  
 03.07.2011 21:27     C:\Users\ASUS\AppData\Local\Temp\e4j8B40.tmp_dir --------- 0  
 03.07.2011 20:22     C:\Users\ASUS\AppData\Local\Temp\e4j74D2.tmp_dir --------- 0  
 03.07.2011 19:18     C:\Users\ASUS\AppData\Local\Temp\e4jCB59.tmp_dir --------- 0  
 03.07.2011 19:18     C:\Users\ASUS\AppData\Local\Temp\e4j6C87.tmp_dir --------- 0  
 03.07.2011 19:18     C:\Users\ASUS\AppData\Local\Temp\e4j8C76.tmp_dir --------- 0  
 03.07.2011 16:37     C:\Users\ASUS\AppData\Local\Temp\e4j6843.tmp_dir --------- 0  
 03.07.2011 12:27     C:\Users\ASUS\AppData\Local\Temp\e4jEF7C.tmp_dir --------- 0  
 02.07.2011 22:05     C:\Users\ASUS\AppData\Local\Temp\e4j62CD.tmp_dir --------- 0  
 02.07.2011 21:50     C:\Users\ASUS\AppData\Local\Temp\e4j7FBF.tmp_dir --------- 0  
 02.07.2011 21:39     C:\Users\ASUS\AppData\Local\Temp\e4j6221.tmp_dir --------- 0  
 02.07.2011 21:33     C:\Users\ASUS\AppData\Local\Temp\e4jAF56.tmp_dir --------- 0  
 02.07.2011 20:38     C:\Users\ASUS\AppData\Local\Temp\e4jF9DC.tmp_dir --------- 0  
 02.07.2011 20:17     C:\Users\ASUS\AppData\Local\Temp\e4j95CC.tmp_dir --------- 0  
 02.07.2011 19:50     C:\Users\ASUS\AppData\Local\Temp\e4j2001.tmp_dir --------- 0  
 02.07.2011 18:39     C:\Users\ASUS\AppData\Local\Temp\msdt --------- 0  
 02.07.2011 18:36     C:\Users\ASUS\AppData\Local\Temp\e4jBD67.tmp_dir --------- 0  
 02.07.2011 18:32     C:\Users\ASUS\AppData\Local\Temp\e4j71E6.tmp_dir --------- 0  
 02.07.2011 17:52     C:\Users\ASUS\AppData\Local\Temp\e4jF316.tmp_dir --------- 0  
 02.07.2011 17:41     C:\Users\ASUS\AppData\Local\Temp\e4jB616.tmp_dir --------- 0  
 02.07.2011 17:17     C:\Users\ASUS\AppData\Local\Temp\e4jD2E8.tmp_dir --------- 0  
 02.07.2011 17:12     C:\Users\ASUS\AppData\Local\Temp\e4jD8B2.tmp_dir --------- 0  
 02.07.2011 17:11     C:\Users\ASUS\AppData\Local\Temp\e4jC783.tmp_dir --------- 0  
 02.07.2011 11:39     C:\Users\ASUS\AppData\Local\Temp\e4j4327.tmp_dir --------- 0  
 02.07.2011 11:39     C:\Users\ASUS\AppData\Local\Temp\e4j4318.tmp_dir --------- 0  
 02.07.2011 08:53     C:\Users\ASUS\AppData\Local\Temp\e4j888.tmp_dir --------- 0  
 01.07.2011 23:22     C:\Users\ASUS\AppData\Local\Temp\e4j5D9D.tmp_dir --------- 0  
 01.07.2011 21:09     C:\Users\ASUS\AppData\Local\Temp\e4j42CB.tmp_dir --------- 0  
 01.07.2011 21:06     C:\Users\ASUS\AppData\Local\Temp\e4j7E92.tmp_dir --------- 0  
 01.07.2011 20:07     C:\Users\ASUS\AppData\Local\Temp\e4jDD06.tmp_dir --------- 0  
 01.07.2011 17:13     C:\Users\ASUS\AppData\Local\Temp\e4j695D.tmp_dir --------- 0  
 01.07.2011 17:13     C:\Users\ASUS\AppData\Local\Temp\e4jE012.tmp_dir --------- 0  
 01.07.2011 17:12     C:\Users\ASUS\AppData\Local\Temp\e4j1FA1.tmp_dir --------- 0  
 01.07.2011 17:11     C:\Users\ASUS\AppData\Local\Temp\e4j864F.tmp_dir --------- 0  
 01.07.2011 17:11     C:\Users\ASUS\AppData\Local\Temp\e4j43E3.tmp_dir --------- 0  
 01.07.2011 17:09     C:\Users\ASUS\AppData\Local\Temp\e4j1A83.tmp_dir --------- 0  
 01.07.2011 17:07     C:\Users\ASUS\AppData\Local\Temp\e4jCB79.tmp_dir --------- 0  
 01.07.2011 17:06     C:\Users\ASUS\AppData\Local\Temp\e4jE34D.tmp_dir --------- 0  
 01.07.2011 17:06     C:\Users\ASUS\AppData\Local\Temp\e4jA7E3.tmp_dir --------- 0  
 01.07.2011 17:02     C:\Users\ASUS\AppData\Local\Temp\e4jB579.tmp_dir --------- 0  
 01.07.2011 17:00     C:\Users\ASUS\AppData\Local\Temp\e4j12B6.tmp_dir --------- 0  
 01.07.2011 16:58     C:\Users\ASUS\AppData\Local\Temp\e4j73C8.tmp_dir --------- 0  
 01.07.2011 16:35     C:\Users\ASUS\AppData\Local\Temp\e4jB5D7.tmp_dir --------- 0  
 01.07.2011 16:33     C:\Users\ASUS\AppData\Local\Temp\e4j674A.tmp_dir --------- 0  
 01.07.2011 16:30     C:\Users\ASUS\AppData\Local\Temp\e4j2D18.tmp_dir --------- 0  
 01.07.2011 14:13     C:\Users\ASUS\AppData\Local\Temp\e4jFB6E.tmp_dir --------- 0  
 01.07.2011 13:59     C:\Users\ASUS\AppData\Local\Temp\e4j958B.tmp_dir --------- 0  
 01.07.2011 13:27     C:\Users\ASUS\AppData\Local\Temp\e4jBF87.tmp_dir --------- 0  
 30.06.2011 18:53     C:\Users\ASUS\AppData\Local\Temp\is2F5B.tmp --------- 0  
 30.06.2011 18:53     C:\Users\ASUS\AppData\Local\Temp\._msigeplugin60 --------- 4096  
 30.06.2011 18:45     C:\Users\ASUS\AppData\Local\Temp\e4j8CB6.tmp_dir --------- 0  
 30.06.2011 18:44     C:\Users\ASUS\AppData\Local\Temp\e4j4F49.tmp_dir --------- 0  
 30.06.2011 18:36     C:\Users\ASUS\AppData\Local\Temp\e4jDE5E.tmp_dir --------- 0  
 30.06.2011 18:16     C:\Users\ASUS\AppData\Local\Temp\e4j121A.tmp_dir --------- 0  
 30.06.2011 17:58     C:\Users\ASUS\AppData\Local\Temp\e4j1DAE.tmp_dir --------- 0  
 30.06.2011 17:55     C:\Users\ASUS\AppData\Local\Temp\Blizzard --------- 0  
 30.06.2011 17:54     C:\Users\ASUS\AppData\Local\Temp\~DFDABA3E907F9CA309.TMP --------- 131072  
 30.06.2011 17:54     C:\Users\ASUS\AppData\Local\Temp\~DF6064598C0BD59A44.TMP --------- 131072  
 30.06.2011 17:50     C:\Users\ASUS\AppData\Local\Temp\~DF3E5E2697AF9A34FD.TMP --------- 131072  
 30.06.2011 17:50     C:\Users\ASUS\AppData\Local\Temp\Blizzard Installer Bootstrap - 00224653 --------- 0  
 30.06.2011 17:47     C:\Users\ASUS\AppData\Local\Temp\~DF76C6CBAFD3B9875E.TMP --------- 131072  
 30.06.2011 17:39     C:\Users\ASUS\AppData\Local\Temp\e4j9655.tmp_dir --------- 0  
 30.06.2011 17:34     C:\Users\ASUS\AppData\Local\Temp\e4j98E5.tmp_dir --------- 0  
 30.06.2011 17:21     C:\Users\ASUS\AppData\Local\Temp\e4jFF25.tmp_dir --------- 0  
 30.06.2011 16:36     C:\Users\ASUS\AppData\Local\Temp\e4j3929.tmp_dir --------- 0  
 30.06.2011 16:33     C:\Users\ASUS\AppData\Local\Temp\e4j8DBE.tmp_dir --------- 0  
 30.06.2011 16:28     C:\Users\ASUS\AppData\Local\Temp\e4jAD20.tmp_dir --------- 0  
 30.06.2011 16:24     C:\Users\ASUS\AppData\Local\Temp\e4jAFED.tmp_dir --------- 0  
 30.06.2011 13:43     C:\Users\ASUS\AppData\Local\Temp\e4j8E5.tmp_dir --------- 0  
 29.06.2011 23:00     C:\Users\ASUS\AppData\Local\Temp\e4j754F.tmp_dir --------- 0  
 29.06.2011 22:04     C:\Users\ASUS\AppData\Local\Temp\e4jD7E7.tmp_dir --------- 0  
 29.06.2011 19:00     C:\Users\ASUS\AppData\Local\Temp\e4j9C1.tmp_dir --------- 0  
 29.06.2011 18:39     C:\Users\ASUS\AppData\Local\Temp\e4jD098.tmp_dir --------- 0  
 29.06.2011 18:27     C:\Users\ASUS\AppData\Local\Temp\e4jB08.tmp_dir --------- 0  
 29.06.2011 18:25     C:\Users\ASUS\AppData\Local\Temp\e4j5C72.tmp_dir --------- 0  
 29.06.2011 18:08     C:\Users\ASUS\AppData\Local\Temp\dd_vcredistUI000F.txt --------- 11430  
 29.06.2011 18:08     C:\Users\ASUS\AppData\Local\Temp\dd_vcredistMSI000F.txt --------- 406454  
 29.06.2011 17:55     C:\Users\ASUS\AppData\Local\Temp\JAUReg.log --------- 255  
 29.06.2011 17:55     C:\Users\ASUS\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 183  
 29.06.2011 17:55     C:\Users\ASUS\AppData\Local\Temp\java_install_reg.log --------- 2606  
 29.06.2011 17:54     C:\Users\ASUS\AppData\Local\Temp\java_install.log --------- 28813  
 29.06.2011 17:54     C:\Users\ASUS\AppData\Local\Temp\java_install_sp.log --------- 1221  
 29.06.2011 17:53     C:\Users\ASUS\AppData\Local\Temp\jinstall.cfg --------- 1284  
 29.06.2011 17:51     C:\Users\ASUS\AppData\Local\Temp\HamachiSetup.log --------- 4209  
 29.06.2011 14:46     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(201106291446291970).log --------- 70837  
 29.06.2011 14:46     C:\Users\ASUS\AppData\Local\Temp\SetupExe(201106291446261970).log --------- 18110  
 21.06.2011 15:25     C:\Users\ASUS\AppData\Local\Temp\InstallAX.exe --------- 3118592  
 19.06.2011 22:04     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(201106192203581904).log --------- 36235  
 19.06.2011 22:03     C:\Users\ASUS\AppData\Local\Temp\SetupExe(201106192203561904).log --------- 18113  
 19.06.2011 22:02     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(20110619220201390).log --------- 70837  
 19.06.2011 22:02     C:\Users\ASUS\AppData\Local\Temp\SetupExe(20110619220200390).log --------- 18112  
 19.06.2011 18:50     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(2011061918501117D4).log --------- 70837  
 19.06.2011 18:50     C:\Users\ASUS\AppData\Local\Temp\SetupExe(2011061918500817D4).log --------- 18110  
 19.06.2011 18:34     C:\Users\ASUS\AppData\Local\Temp\oPackage --------- 0  
 13.06.2011 09:03     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(20110613090338131C).log --------- 70836  
 13.06.2011 09:03     C:\Users\ASUS\AppData\Local\Temp\SetupExe(20110613090334131C).log --------- 18107  
 12.06.2011 15:27     C:\Users\ASUS\AppData\Local\Temp\TFR9ACA.tmp --------- 45624  
 12.06.2011 12:14     C:\Users\ASUS\AppData\Local\Temp\msohtmlclip1 --------- 0  
 12.06.2011 12:14     C:\Users\ASUS\AppData\Local\Temp\msohtmlclip --------- 0  
 12.06.2011 12:14     C:\Users\ASUS\AppData\Local\Temp\SketchUpUndo0.log --------- 2921  
 12.06.2011 12:11     C:\Users\ASUS\AppData\Local\Temp\GoogleToolbarInstaller2.log --------- 7603  
 12.06.2011 12:11     C:\Users\ASUS\AppData\Local\Temp\GoogleToolbarInstaller1.log --------- 4224  
 12.06.2011 12:11     C:\Users\ASUS\AppData\Local\Temp\swg5.6.5805.1910110612-121138.dmp --------- 1084227  
 12.06.2011 12:11     C:\Users\ASUS\AppData\Local\Temp\7zS5B3A.tmp --------- 0  
 12.06.2011 12:11     C:\Users\ASUS\AppData\Local\Temp\MSI926.tmp --------- 2302128  
 12.06.2011 12:08     C:\Users\ASUS\AppData\Local\Temp\VSD711B.tmp --------- 0  
 12.06.2011 10:59     C:\Users\ASUS\AppData\Local\Temp\UserInfoSetup(20110612105936834).log --------- 70835  
 12.06.2011 10:59     C:\Users\ASUS\AppData\Local\Temp\SetupExe(20110612105931834).log --------- 18106  
 12.06.2011 10:59     C:\Users\ASUS\AppData\Local\Temp\VBE --------- 0  
 08.06.2011 22:52     C:\Users\ASUS\AppData\Local\Temp\akamaiclient --------- 0  
 03.06.2011 23:51     C:\Users\ASUS\AppData\Local\Temp\Cab572B.tmp --------- 44566  
 03.06.2011 23:51     C:\Users\ASUS\AppData\Local\Temp\Tar572C.tmp --------- 0  
 03.06.2011 13:15     C:\Users\ASUS\AppData\Local\Temp\dd_vcredistUI2FD6.txt --------- 11630  
 03.06.2011 13:15     C:\Users\ASUS\AppData\Local\Temp\dd_vcredistMSI2FD6.txt --------- 407378  
 03.06.2011 13:10     C:\Users\ASUS\AppData\Local\Temp\FiestaOnline-Dawn-Of-The-Spirits-DE_Downloader_05192011[1].exe.log --------- 2352434  
 03.06.2011 12:54     C:\Users\ASUS\AppData\Local\Temp\Windows Live Toolbar --------- 0  
 03.06.2011 12:46     C:\Users\ASUS\AppData\Local\Temp\pdoF037.tmp --------- 0  
 03.06.2011 12:45     C:\Users\ASUS\AppData\Local\Temp\53434a04b9dd2cbf65e49f35e53625ed.lock --------- 0  
 03.06.2011 12:45     C:\Users\ASUS\AppData\Local\Temp\swt-win32-3349.dll --------- 139672  
 19.05.2011 12:03     C:\Users\ASUS\AppData\Local\Temp\B6A1.tmp --------- 0  
 19.05.2011 12:02     C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 19.05.2011 12:02     C:\Users\ASUS\AppData\Local\Temp\MUI --------- 0  
 19.05.2011 12:01     C:\Users\ASUS\AppData\Local\Temp\ASUS.bmp --------- 49208  
 19.05.2011 12:00     C:\Users\ASUS\AppData\Local\Temp\Silverlight0.log --------- 2078  
 19.05.2011 12:00     C:\Users\ASUS\AppData\Local\Temp\SilverlightMSI.log --------- 529884  
 20.04.2011 01:21     C:\Users\ASUS\AppData\Local\Temp\AskSLib.dll --------- 178568  
----------------------------------------

 
C:\Program Files

 27.07.2011 20:28     C:\Program Files\HyperCam 2 --------- 4096  
 26.07.2011 15:00     C:\Program Files\ATI Technologies --------- 0  
 20.06.2011 14:53     C:\Program Files\Windows Mail --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Sidebar --------- 4096  
 20.06.2011 14:53     C:\Program Files\Internet Explorer --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Media Player --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Journal --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Photo Viewer --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Defender --------- 4096  
 20.06.2011 14:32     C:\Program Files\DVD Maker --------- 4096  
 12.06.2011 12:11     C:\Program Files\Google --------- 0  
 19.05.2011 11:55     C:\Program Files\Windows Live --------- 0  
 03.12.2009 09:58     C:\Program Files\ASUS --------- 0  
 03.12.2009 09:56     C:\Program Files\P4G --------- 4096  
 03.12.2009 09:53     C:\Program Files\Elantech --------- 4096  
 03.12.2009 09:52     C:\Program Files\SRS Labs --------- 0  
 03.12.2009 09:51     C:\Program Files\DIFX --------- 0  
 03.12.2009 09:51     C:\Program Files\ATKGFNEX --------- 4096  
 03.12.2009 09:47     C:\Program Files\ATI --------- 0  
 03.12.2009 09:46     C:\Program Files\Trend Micro --------- 0  
 03.12.2009 09:11     C:\Program Files\Microsoft Office --------- 0  
 14.07.2009 09:45     C:\Program Files\Microsoft Games --------- 4096  
 14.07.2009 07:32     C:\Program Files\Windows Portable Devices --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:32     C:\Program Files\Windows NT --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
 14.07.2009 05:20     C:\Program Files\Common Files --------- 4096  
----------------------------------------

 
C:\ProgramData\.. 

ASUS    
Public    
Default    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
127.0.0.1 fr-fr.facebook.com
127.0.0.1 fy-nl.facebook.com
127.0.0.1 ga-ie.facebook.com
127.0.0.1 gl-es.facebook.com
127.0.0.1 ko-kr.facebook.com
127.0.0.1 hr-hr.facebook.com
127.0.0.1 is-is.facebook.com
127.0.0.1 it-it.facebook.com
127.0.0.1 ka-ge.facebook.com
127.0.0.1 sw-ke.facebook.com
127.0.0.1 ku-tr.facebook.com
127.0.0.1 lv-lv.facebook.com
127.0.0.1 fb-lt.facebook.com
127.0.0.1 lt-lt.facebook.com
127.0.0.1 la-va.facebook.com
127.0.0.1 hu-hu.facebook.com
127.0.0.1 nl-nl.facebook.com
127.0.0.1 ja-jp.facebook.com
127.0.0.1 nb-no.facebook.com
127.0.0.1 nn-no.facebook.com
127.0.0.1 pl-pl.facebook.com
127.0.0.1 pt-br.facebook.com
127.0.0.1 ro-ro.facebook.com
127.0.0.1 ru-ru.facebook.com
127.0.0.1 sq-al.facebook.com
127.0.0.1 sk-sk.facebook.com
127.0.0.1 sl-si.facebook.com
127.0.0.1 fi-fi.facebook.com
127.0.0.1 sv-se.facebook.com
127.0.0.1 th-th.facebook.com
127.0.0.1 vi-vn.facebook.com
127.0.0.1 tr-tr.facebook.com
127.0.0.1 zh-tw.facebook.com
127.0.0.1 el-gr.facebook.com
127.0.0.1 be-by.facebook.com
127.0.0.1 bg-bg.facebook.com
127.0.0.1 mk-mk.facebook.com
127.0.0.1 sr-rs.facebook.com
127.0.0.1 uk-ua.facebook.com
127.0.0.1 hy-am.facebook.com
127.0.0.1 he-il.facebook.com
127.0.0.1 ar-ar.facebook.com
127.0.0.1 ps-af.facebook.com
127.0.0.1 fa-ir.facebook.com
127.0.0.1 ne-np.facebook.com
127.0.0.1 hi-in.facebook.com
127.0.0.1 bn-in.facebook.com
127.0.0.1 pa-in.facebook.com
127.0.0.1 ta-in.facebook.com
127.0.0.1 te-in.facebook.com
127.0.0.1 ml-in.facebook.com
127.0.0.1 es-es.facebook.com
127.0.0.1 fr-ca.facebook.com
127.0.0.1 pt-pt.facebook.com
127.0.0.1 zh-cn.facebook.com
127.0.0.1 zh-hk.facebook.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0           748 K
smss.exe                       252 Services                   0         1.032 K
csrss.exe                      336 Services                   0         6.896 K
csrss.exe                      416 Console                    1         7.292 K
wininit.exe                    424 Services                   0         6.028 K
winlogon.exe                   512 Console                    1         6.736 K
services.exe                   552 Services                   0        10.520 K
lsass.exe                      560 Services                   0        12.584 K
lsm.exe                        568 Services                   0         4.144 K
svchost.exe                    672 Services                   0         9.308 K
svchost.exe                    784 Services                   0         8.556 K
atiesrxx.exe                   868 Services                   0         3.972 K
svchost.exe                    928 Services                   0        28.300 K
svchost.exe                    972 Services                   0        17.400 K
svchost.exe                    996 Services                   0        36.908 K
svchost.exe                    300 Services                   0        13.548 K
svchost.exe                   1036 Services                   0        15.568 K
FBAgent.exe                   1164 Services                   0        12.560 K
atieclxx.exe                  1176 Console                    1         5.268 K
AsLdrSrv.exe                  1216 Services                   0         3.624 K
smartlogon.exe                1316 Console                    1         6.400 K
GFNEXSrv.exe                  1376 Services                   0         3.068 K
spoolsv.exe                   1576 Services                   0        11.656 K
taskhost.exe                  1596 Console                    1         7.668 K
dwm.exe                       1668 Console                    1        37.360 K
explorer.exe                  1688 Console                    1        73.256 K
HControl.exe                  1752 Console                    1         6.120 K
svchost.exe                   1780 Services                   0        19.564 K
ATKOSD.exe                    1844 Console                    1         5.508 K
taskeng.exe                   1856 Console                    1         6.432 K
BatteryLife.exe               1924 Console                    1         4.268 K
ACMON.exe                     1932 Console                    1         4.268 K
sensorsrv.exe                 1940 Console                    1         4.272 K
ALU.exe                       1948 Console                    1         4.276 K
wcourier.exe                  1972 Console                    1         4.272 K
ASPG.exe                      1980 Console                    1         4.260 K
ControlDeckStartUp.exe        1988 Console                    1         3.228 K
svchost.exe                   2024 Services                   0        14.060 K
Fuel.Service.exe              1028 Services                   0         8.924 K
KBFiltr.exe                   1348 Console                    1         3.768 K
hamachi-2.exe                 1340 Services                   0         9.768 K
WDC.exe                       1328 Console                    1         5.012 K
ICQ Service.exe               1236 Services                   0         6.680 K
hamachi-2-ui.exe              2128 Console                    1         7.428 K
OberonGameConsoleService.     2236 Services                   0        23.324 K
SeaPort.exe                   2368 Services                   0        10.260 K
SfCtlCom.exe                  2408 Services                   0         9.024 K
svchost.exe                   2440 Services                   0         5.232 K
UfSeAgnt.exe                  2676 Console                    1         1.380 K
svchost.exe                   2768 Services                   0         6.496 K
svchost.exe                   2972 Services                   0        14.312 K
TmProxy.exe                   2016 Services                   0        21.916 K
TMBMSRV.exe                   1072 Services                   0         9.136 K
mbamservice.exe               3332 Services                   0        48.532 K
ADSMSrv.exe                   3380 Services                   0         3.748 K
AsScrPro.exe                  3640 Console                    1         7.808 K
CLMLSvc.exe                   3724 Console                    1         7.332 K
BackupService.exe             3864 Console                    1        44.792 K
ETDCtrl.exe                   3872 Console                    1         8.132 K
AmIcoSinglun64.exe            3880 Console                    1         5.956 K
ICQ.exe                       3920 Console                    1        26.228 K
cacaoweb.exe                  3940 Console                    1         7.440 K
HControlUser.exe              3996 Console                    1         3.156 K
ATKOSD2.exe                   4008 Console                    1         4.908 K
VDECK.EXE                     4016 Console                    1        31.072 K
DMedia.exe                    4052 Console                    1         3.892 K
jusched.exe                   4068 Console                    1         4.260 K
mbamgui.exe                   4084 Console                    1         6.756 K
MOM.exe                       3440 Console                    1         6.828 K
ACEngSvr.exe                  3588 Console                    1         5.684 K
SRSPremiumPanel_64.exe        3652 Console                    1        18.096 K
CCC.exe                       4252 Console                    1        25.288 K
SearchIndexer.exe             4952 Services                   0        27.092 K
wmpnetwk.exe                  4468 Services                   0         7.408 K
svchost.exe                   2036 Services                   0        15.196 K
svchost.exe                   6040 Services                   0        44.312 K
PresentationFontCache.exe     5680 Services                   0        16.728 K
OTL.exe                       5952 Console                    1        24.816 K
iexplore.exe                  4960 Console                    1        26.636 K
iexplore.exe                  2724 Console                    1        79.016 K
GoogleToolbarUser_32.exe      4196 Console                    1        11.040 K
taskhost.exe                  5208 Services                   0         3.004 K
SearchFilterHost.exe          1640 Services                   0         6.196 K
cmd.exe                       4076 Console                    1         3.628 K
conhost.exe                   5932 Console                    1         6.136 K
SearchProtocolHost.exe        4700 Services                   0         7.896 K
tasklist.exe                  4108 Console                    1         5.136 K
WmiPrvSE.exe                  5880 Services                   0         5.900 K

 
***** Ende des Scans 28.07.2011 um 12:33:50,76 ***

Drumming · 28.07.2011, 21:56

Achja :
1. Firewall ist aus und kann nich eingschaltet werden (manuell auch nicht)
2. Facebook kann nich aufgerufen werden
3. MBAM zeigt wieder ne gefährlich datei an...also sozusagen ein zugriff von außen auf meinen rechner. Die Datei heißt csrss.exe. Eig is das ja ne gute Datei aber wenn die inner anderen Datei fehlt deutet die auffem Virus hin.....
brauch dringend hilfe

kira · 29.07.2011, 10:17

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico1]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/07/26 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/07/26 14:41:38 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/07/26 14:40:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/07/26 14:38:16 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/07/26 14:35:24 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011/07/26 14:35:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011/07/26 14:41:58 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/07/26 14:41:58 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/07/26 14:41:58 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/07/26 14:41:58 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/07/26 14:40:27 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/07/26 14:39:58 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA

:Files
C:\Windows\iecheck_iplist.txt
C:\Windows\btc_client_iplist.txt  
C:\Windows\iplist.txt
C:\Windows\proc_list1.log 
C:\Windows\front_ip_list.txt   
C:\Windows\geoiplist

:Commands
[purity]
[emptytemp]
[resethosts]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
poste erneut - nach der vorgenommenen Reinigungsaktion:
hjtscanlist v2.0 - Dateiliste

Drumming · 29.07.2011, 14:01

So den OTL Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Starting removal of ActiveX control {E6F480FC-BD44-4CBA-B74A-89AF7842937D}
C:\Windows\Downloaded Program Files\SystemRequirementsLab.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E6F480FC-BD44-4CBA-B74A-89AF7842937D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6F480FC-BD44-4CBA-B74A-89AF7842937D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E6F480FC-BD44-4CBA-B74A-89AF7842937D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6F480FC-BD44-4CBA-B74A-89AF7842937D}\ not found.
C:\Windows\ufa folder moved successfully.
C:\Windows\phoenix\kernels\poclbm folder moved successfully.
C:\Windows\phoenix\kernels\phatk folder moved successfully.
C:\Windows\phoenix\kernels folder moved successfully.
C:\Windows\phoenix folder moved successfully.
C:\Windows\update.2 folder moved successfully.
C:\Windows\update.5.0 folder moved successfully.
C:\Windows\av_ico folder moved successfully.
C:\Windows\update.1 folder moved successfully.
C:\Windows\update.tray-8-0-lnk folder moved successfully.
C:\Windows\update.tray-8-0 folder moved successfully.
C:\Windows\phoenix.rar moved successfully.
C:\Windows\rpcminer.rar moved successfully.
C:\Windows\unrar.exe moved successfully.
C:\Windows\ufa.rar moved successfully.
C:\Windows\loader2.exe_ok moved successfully.
C:\Windows\geoiplist.rar moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
========== FILES ==========
C:\Windows\iecheck_iplist.txt moved successfully.
C:\Windows\btc_client_iplist.txt moved successfully.
C:\Windows\iplist.txt moved successfully.
C:\Windows\proc_list1.log moved successfully.
C:\Windows\front_ip_list.txt moved successfully.
C:\Windows\geoiplist moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ASUS
->Temp folder emptied: 134500014 bytes
->Temporary Internet Files folder emptied: 1326514875 bytes
->Java cache emptied: 242831 bytes
->FireFox cache emptied: 30522283 bytes
->Google Chrome cache emptied: 19851888 bytes
->Flash cache emptied: 568 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 406919683 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53388 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,830.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 07292011_134328

Files\Folders moved on Reboot...
C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

Registry entries deleted on Reboot...

Drumming · 29.07.2011, 14:02

OTL Log:

Code:

ATTFilter

OTL logfile created on: 7/29/2011 2:41:52 PM - Run 4
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 64.13% Memory free
8.00 Gb Paging File | 6.29 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 74.27 Gb Free Space | 63.78% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/28 10:18:45 | 000,398,064 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe
PRC - [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
PRC - [2011/07/06 21:42:40 | 000,124,216 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/12/03 09:58:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/25 19:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 01:59:10 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/07/19 05:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/09 11:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/10/02 05:38:17 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/22 11:37:45 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/08/22 11:37:45 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 12:42:05 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/09/15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/07/30 19:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 19:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 19:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/02 06:11:13 | 006,182,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/22 11:38:33 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:11 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:11 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/12 13:41:55 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/05/23 00:52:29 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
[2011/07/21 22:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2011/07/27 21:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions
[2011/07/27 20:28:24 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/07/27 21:36:53 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\r8bx6l3v.default\extensions\cacaoweb@cacaoweb.org
File not found (No name found) -- 
 
O1 HOSTS File: ([2011/07/29 13:46:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107071805\ICQToolBar.dll (ICQ)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cacaoweb] C:\Users\ASUS\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/29 13:43:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/28 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Tracing
[2011/07/28 20:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/07/28 12:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/28 12:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/28 12:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/28 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2011/07/28 10:50:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/28 10:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/28 10:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/28 10:50:35 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/28 10:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/28 00:44:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2011/07/28 00:25:19 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/07/27 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\ICQ
[2011/07/27 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2011/07/27 20:28:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Minibar
[2011/07/27 20:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hyperionics DB Toolbar
[2011/07/27 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2011/07/26 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\AMD
[2011/07/26 15:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/26 15:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/26 15:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/26 15:00:38 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/07/26 15:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/26 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/07/26 14:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/26 14:48:11 | 000,000,000 | ---D | C] -- C:\ATI
[2011/07/26 14:46:50 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/07/22 14:08:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\cacaoweb
[2011/07/22 13:58:47 | 000,000,000 | ---D | C] -- C:\FirefoxPortable
[2011/07/21 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Mozilla
[2011/07/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2011/07/21 16:26:35 | 593,954,668 | ---- | C] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe
[2011/07/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\ElevatedDiagnostics
[2011/07/16 14:17:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/16 01:45:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\.minecraft
[2011/07/06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011/07/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mozilla
[2011/07/06 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011/07/06 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ICQ
[2011/07/06 21:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011/07/06 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Fiesta
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\texturepacks
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\saves
[2011/07/01 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\resources
[2011/07/01 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\stats
[2011/07/01 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\bin
[2011/06/30 18:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/30 17:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011/06/30 17:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/30 17:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/06/29 18:10:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ts3overlay
[2011/06/29 18:09:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\TS3Client
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\WinRAR
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/29 18:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/29 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/06/29 18:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/06/29 18:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2011/06/29 17:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/29 17:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/29 17:54:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/29 17:54:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/29 17:54:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/29 17:54:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/29 17:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/06/29 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\LogMeIn Hamachi
[2011/06/29 17:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/06/29 17:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/29 14:47:08 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/07/29 14:46:23 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 14:46:23 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 14:45:01 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/07/29 14:38:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 14:37:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/29 14:37:14 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/29 13:57:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 13:53:27 | 000,094,788 | ---- | M] () -- C:\Users\ASUS\Documents\cc_20110729_135317.reg
[2011/07/29 13:46:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/28 16:14:31 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/28 16:14:31 | 000,647,376 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/07/28 16:14:31 | 000,610,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/28 16:14:31 | 000,127,404 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/07/28 16:14:31 | 000,104,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/28 12:57:49 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/28 12:57:44 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/28 11:53:18 | 000,002,158 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/07/28 11:53:18 | 000,001,453 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/07/28 10:50:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 10:17:30 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/28 10:16:42 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011/07/28 00:44:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2011/07/28 00:17:04 | 000,203,160 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/07/27 23:36:21 | 1175,199,286 | ---- | M] () -- C:\Users\ASUS\Documents\clip0006.avi
[2011/07/27 22:31:33 | 3802,291,915 | ---- | M] () -- C:\Users\ASUS\Documents\clip0005.avi
[2011/07/27 21:51:18 | 012,707,496 | ---- | M] () -- C:\Users\ASUS\Documents\clip0004.avi
[2011/07/27 21:50:57 | 026,040,586 | ---- | M] () -- C:\Users\ASUS\Documents\clip0003.avi
[2011/07/27 20:38:59 | 214,771,614 | ---- | M] () -- C:\Users\ASUS\Documents\clip0002.avi
[2011/07/27 20:31:43 | 041,177,758 | ---- | M] () -- C:\Users\ASUS\Documents\clip0001.avi
[2011/07/27 20:28:51 | 000,000,937 | ---- | M] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk
[2011/07/27 20:10:10 | 000,000,155 | ---- | M] () -- C:\Windows\info1
[2011/07/26 14:02:29 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/07/26 14:02:29 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/07/22 18:32:29 | 000,001,971 | ---- | M] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png
[2011/07/21 22:07:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/07/21 17:00:29 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/07/21 16:41:04 | 593,954,668 | ---- | M] (InstallShield Software Corporation) -- C:\Users\ASUS\Desktop\S4League.exe
[2011/07/16 13:54:11 | 000,270,142 | ---- | M] () -- C:\Users\ASUS\Minecraft.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/02 15:01:11 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2}
[2011/07/01 09:54:42 | 049,089,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/06/29 18:07:37 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/29 17:54:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/29 17:54:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/29 17:54:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/29 17:54:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Users\ASUS\AppData\Local\*.tmp files -> C:\Users\ASUS\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/07/29 13:53:25 | 000,094,788 | ---- | C] () -- C:\Users\ASUS\Documents\cc_20110729_135317.reg
[2011/07/28 16:14:31 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/28 12:57:49 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/28 12:57:44 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/28 12:32:14 | 000,030,259 | ---- | C] () -- C:\Users\ASUS\Desktop\hjtscanlist.bat
[2011/07/28 10:50:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/27 23:29:11 | 1175,199,286 | ---- | C] () -- C:\Users\ASUS\Documents\clip0006.avi
[2011/07/27 21:51:46 | 3802,291,915 | ---- | C] () -- C:\Users\ASUS\Documents\clip0005.avi
[2011/07/27 21:51:11 | 012,707,496 | ---- | C] () -- C:\Users\ASUS\Documents\clip0004.avi
[2011/07/27 21:50:47 | 026,040,586 | ---- | C] () -- C:\Users\ASUS\Documents\clip0003.avi
[2011/07/27 20:31:53 | 214,771,614 | ---- | C] () -- C:\Users\ASUS\Documents\clip0002.avi
[2011/07/27 20:30:16 | 041,177,758 | ---- | C] () -- C:\Users\ASUS\Documents\clip0001.avi
[2011/07/27 20:28:11 | 000,000,937 | ---- | C] () -- C:\Users\ASUS\Desktop\HyperCam 2.lnk
[2011/07/26 14:40:05 | 000,000,155 | ---- | C] () -- C:\Windows\info1
[2011/07/22 18:32:29 | 000,001,971 | ---- | C] () -- C:\Users\ASUS\Desktop\He_Fights_all_Knight.png
[2011/07/21 22:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/21 17:00:29 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/07/16 13:54:07 | 000,270,142 | ---- | C] () -- C:\Users\ASUS\Minecraft.exe
[2011/07/02 15:01:11 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BFA1C75D-2684-4A9E-AFDD-FA8B59E089D2}
[2011/06/29 18:07:37 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/15 14:04:13 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2009/12/03 09:58:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/12/03 09:58:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 09:38:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/03 09:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 22:08:27 | 000,001,016 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/19 10:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 10:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/05/19 13:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
 
========== LOP Check ==========
 
[2011/06/03 13:17:11 | 000,000,000 | -HSD | M] -- C:\Users\ASUS\AppData\Roaming\.#
[2011/07/22 11:20:47 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\.minecraft
[2011/05/19 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Asus WebStorage
[2011/06/14 19:16:43 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\bin
[2011/07/25 07:46:14 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\cacaoweb
[2011/06/03 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\GameConsole
[2011/07/29 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ICQ
[2011/06/14 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\resources
[2011/06/14 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\saves
[2011/06/14 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\stats
[2011/06/14 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\texturepacks
[2011/07/29 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TS3Client
[2011/06/29 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ts3overlay
[2011/07/19 12:32:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Drumming · 29.07.2011, 14:05

Extra OTL log:

Code:

ATTFilter

OTL Extras logfile created on: 7/29/2011 2:41:52 PM - Run 4
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 64.13% Memory free
8.00 Gb Paging File | 6.29 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 74.27 Gb Free Space | 63.78% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 334.57 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"Asus WebStorage" = Asus WebStorage
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"HyperCam 2" = HyperCam 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE78D9-2859-A192-F416-1D3E93370ACA}" = Catalyst Control Center InstallProxy
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = AMD VISION Engine Control Center
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8966D069-C05A-4B8C-9287-F52DE631A6C0}" = S4 League_EU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ASUS AP Bank_is1" = ASUS AP Bank
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"PROHYBRIDR" = 2007 Microsoft Office system
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/16/2011 8:53:51 AM | Computer Name = ASUS-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1100    Startzeit: 01cc43a239dd52d5    Endzeit: 10    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 9c5c10c6-afaa-11e0-a674-e0cb4e2e159e

 
Error - 7/16/2011 9:07:12 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0x1c24  Startzeit der fehlerhaften Anwendung: 0x01cc43b76ffa2e4a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 849a1e4d-afac-11e0-a674-e0cb4e2e159e
 
Error - 7/16/2011 6:56:50 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0xd44  Startzeit der fehlerhaften Anwendung: 0x01cc440752e5623f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e3b62082-affe-11e0-8433-e0cb4e2e159e
 
Error - 7/17/2011 6:02:33 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0xa30  Startzeit der fehlerhaften Anwendung: 0x01cc44cd3a696435  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 78db8167-b0c0-11e0-a777-e0cb4e2e159e
 
Error - 7/17/2011 6:46:57 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0xeec  Startzeit der fehlerhaften Anwendung: 0x01cc44cd5c5937a5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ac6ec2f7-b0c6-11e0-a777-e0cb4e2e159e
 
Error - 7/18/2011 9:22:11 AM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0x954  Startzeit der fehlerhaften Anwendung: 0x01cc454a12aad679  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f13b4d0b-b140-11e0-877a-e0cb4e2e159e
 
Error - 7/18/2011 2:49:21 PM | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf33fcb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2  ID des fehlerhaften
 Prozesses: 0x262c  Startzeit der fehlerhaften Anwendung: 0x01cc4571461d6640  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a5bc2728-b16e-11e0-8408-e0cb4e2e159e
 
Error - 7/18/2011 3:15:01 PM | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 7/18/2011 3:18:01 PM | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 7/18/2011 3:20:39 PM | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 7/28/2011 4:16:07 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 7/28/2011 4:18:02 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 7/28/2011 5:50:30 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "srvsysdriver32" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 7/28/2011 5:50:30 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "wxpdrivers" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 7/28/2011 5:50:31 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "srviecheck" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 7/28/2011 5:50:31 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "srvbtcclient" wurde unerwartet beendet. Dies ist bereits 1
 Mal passiert.
 
Error - 7/28/2011 5:52:49 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 7/28/2011 5:52:51 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund 
folgenden Fehlers nicht gestartet:   %%183
 
Error - 7/28/2011 5:52:51 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%183
 
Error - 7/28/2011 5:52:56 AM | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
 
< End of report >

Drumming · 29.07.2011, 14:08

Nun noch die hjtscanlist:

Code:

ATTFilter

 
	Code: 

 ATTFilter

  
	 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

  29.07.2011 13:52     C:\Windows --------- 40960   
       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  29.07.2011 13:43     C:\_OTL --------- 0   
  28.07.2011 20:31     C:\Program Files (x86) --------- 20480   
  28.07.2011 20:24     C:\ProgramData --------- 8192   
  28.07.2011 12:57     C:\Program Files --------- 8192   
  28.07.2011 00:54     C:\System Volume Information --------- 4096   
  26.07.2011 14:48     C:\ATI --------- 0   
  22.07.2011 13:58     C:\FirefoxPortable --------- 4096   
  15.06.2011 23:24     C:\ProcasterInstaller.log --------- 388652   
  03.06.2011 17:09     C:\Fraps --------- 4096   
  19.05.2011 12:02     C:\asus.dat --------- 4096   
  19.05.2011 12:01     C:\$Recycle.Bin --------- 0   
  19.05.2011 11:46     C:\Users --------- 4096   
  19.05.2011 11:44     C:\Recovery --------- 0   
  03.12.2009 10:02     C:\devlist.txt --------- 13444   
  03.12.2009 10:01     C:\Finish.log --------- 9   
  03.12.2009 09:58     C:\setup.log --------- 90   
  03.12.2009 09:52     C:\inject.log.txt --------- 743079   
  03.12.2009 09:51     C:\Temp --------- 8192   
  03.12.2009 09:18     C:\SumHidd.txt --------- 170   
  03.12.2009 09:16     C:\SumOS.txt --------- 98   
  03.12.2009 09:05     C:\MSOCache --------- 0   
  02.12.2009 19:27     C:\Pass.txt --------- 146   
  10.11.2009 05:02     C:\Patch_Win7.log --------- 196   
  30.10.2009 08:40     C:\K40AB_K50AB_K40AD_K50AD_WIN7.30 --------- 19   
  30.10.2009 04:01     C:\K50ADAS.BIN --------- 1048576   
  30.10.2009 03:17     C:\K40ADAS.BIN --------- 1048576   
  27.10.2009 03:58     C:\K50ABAS.BIN --------- 1048576   
  27.10.2009 03:20     C:\K40ABAS.BIN --------- 1048576   
  16.09.2009 20:04     C:\v82.txt --------- 24   
  25.08.2009 02:10     C:\RECOVERY.DAT --------- 26   
  29.07.2009 08:03     C:\BOOTSECT.BAK --------- 8192   
  29.07.2009 08:03     C:\Boot --------- 4096   
  14.07.2009 07:08     C:\Documents and Settings --------- 0   
  14.07.2009 05:20     C:\PerfLogs --------- 0   
  14.07.2009 03:38     C:\bootmgr --------- 383562   
  02.07.2009 09:17     C:\Nero.Log --------- 37   
  15.06.2009 13:11     C:\AdobeReader.log --------- 54   
  12.06.2009 03:32     C:\OFFICE2007_L.TXT --------- 57   
----------------------------------------

 
C:\Windows

  29.07.2011 14:22     C:\Windows\bootstat.dat --------- 67584   
  29.07.2011 14:22     C:\Windows\WindowsUpdate.log --------- 595200   
  27.07.2011 20:10     C:\Windows\info1 --------- 155   
  26.07.2011 14:23     C:\Windows\winlog-ids.txt --------- 5   
  26.07.2011 14:23     C:\Windows\winlog-dirs.txt --------- 52   
  21.07.2011 22:07     C:\Windows\nsreg.dat --------- 0   
  15.06.2011 14:04     C:\Windows\ODBCINST.INI --------- 244   
  19.05.2011 12:04     C:\Windows\win.ini --------- 640   
  19.05.2011 11:53     C:\Windows\0”z --------- 20   
  03.12.2009 10:01     C:\Windows\AsChkDev.txt --------- 61126   
  03.12.2009 09:58     C:\Windows\AsScrProlog.exe --------- 47672   
  03.12.2009 09:58     C:\Windows\ASUS Camera ScreenSaver.exe --------- 4814371   
  03.12.2009 09:58     C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe --------- 281144   
  03.12.2009 09:58     C:\Windows\AsScrPro.exe --------- 3054136   
  03.12.2009 09:49     C:\Windows\explorer.exe --------- 2868224   
  03.12.2009 09:00     C:\Windows\ativpsrm.bin --------- 0   
  11.11.2009 11:34     C:\Windows\csup.txt --------- 10   
  02.11.2009 13:33     C:\Windows\OOBEPlayer.exe --------- 18944   
  22.09.2009 11:27     C:\Windows\OOBEPlayer.ini --------- 35   
  07.08.2009 09:31     C:\Windows\atiogl.xml --------- 18618   
  29.07.2009 20:37     C:\Windows\FullScreen.wmv --------- 26541350   
  14.07.2009 06:54     C:\Windows\WindowsShell.Manifest --------- 749   
  14.07.2009 03:39     C:\Windows\write.exe --------- 10240   
  14.07.2009 03:39     C:\Windows\splwow64.exe --------- 61952   
  14.07.2009 03:39     C:\Windows\regedit.exe --------- 427008   
  14.07.2009 03:39     C:\Windows\notepad.exe --------- 193536   
  14.07.2009 03:39     C:\Windows\hh.exe --------- 16896   
  14.07.2009 03:39     C:\Windows\HelpPane.exe --------- 733696   
  14.07.2009 03:39     C:\Windows\fveupdate.exe --------- 15360   
  14.07.2009 03:38     C:\Windows\bfsvc.exe --------- 71168   
  14.07.2009 03:16     C:\Windows\twain_32.dll --------- 51200   
  14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
  14.07.2009 01:06     C:\Windows\mib.bin --------- 43131   
  01.07.2009 10:10     C:\Windows\explorer.exe.config --------- 176   
  10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
  10.06.2009 23:08     C:\Windows\system.ini --------- 219   
  10.06.2009 22:52     C:\Windows\WMSysPr9.prx --------- 316640   
  10.06.2009 22:36     C:\Windows\msdfmap.ini --------- 1405   
  10.06.2009 22:31     C:\Windows\Starter.xml --------- 48201   
  10.06.2009 22:30     C:\Windows\HomePremium.xml --------- 48265   
  05.12.2008 00:19     C:\Windows\WLXPGSS.SCR --------- 308584   
  11.04.2007 09:34     C:\Windows\difxapi.dll --------- 414632   
  19.05.2006 13:53     C:\Windows\snp2uvc.src --------- 13022   
  19.05.2006 13:39     C:\Windows\snp2uvc.ini --------- 15497   
  22.02.2003 06:42     C:\Windows\msvcr71.dll --------- 348160   
  15.07.2000 10:00     C:\Windows\MSVCRTD.DLL --------- 434252   
  23.06.2000 22:46     C:\Windows\WMPrfPtg.prx --------- 35916   
  23.06.2000 22:46     C:\Windows\WMPrfKor.prx --------- 22338   
  23.06.2000 22:46     C:\Windows\WMPrfJpn.prx --------- 23304   
  23.06.2000 22:46     C:\Windows\WMPrfIta.prx --------- 35680   
  23.06.2000 22:46     C:\Windows\WMPrfFra.prx --------- 37916   
  23.06.2000 22:46     C:\Windows\WMPrfEsp.prx --------- 35590   
  23.06.2000 22:46     C:\Windows\WMPrfDeu.prx --------- 33820   
  23.06.2000 22:46     C:\Windows\WMPrfCht.prx --------- 18804   
  23.06.2000 22:46     C:\Windows\WMPrfChs.prx --------- 19492   
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 29.07.2011 13:59     C:\Windows\system32\config --------- 49152  
 29.07.2011 13:56     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 10016  
 29.07.2011 13:56     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 10016  
 28.07.2011 16:14     C:\Windows\system32\perfh009.dat --------- 610094  
 28.07.2011 16:14     C:\Windows\system32\perfc009.dat --------- 104412  
 28.07.2011 16:14     C:\Windows\system32\perfc007.dat --------- 127404  
 28.07.2011 16:14     C:\Windows\system32\perfh007.dat --------- 647376  
 28.07.2011 13:58     C:\Windows\system32\NDF --------- 4096  
 28.07.2011 11:53     C:\Windows\system32\AutoRunFilter.ini --------- 2158  
 28.07.2011 11:53     C:\Windows\system32\ServiceFilter.ini --------- 1453  
 28.07.2011 10:50     C:\Windows\system32\drivers --------- 65536  
 26.07.2011 23:56     C:\Windows\system32\catroot2 --------- 20480  
 26.07.2011 15:00     C:\Windows\system32\catroot --------- 4096  
 26.07.2011 15:00     C:\Windows\system32\DriverStore --------- 4096  
 22.07.2011 15:07     C:\Windows\system32\Tasks --------- 4096  
 09.07.2011 23:32     C:\Windows\system32\Service --------- 4096  
 01.07.2011 16:19     C:\Windows\system32\wdi --------- 4096  
 01.07.2011 10:31     C:\Windows\system32\MRT.exe --------- 50867144  
 20.06.2011 14:51     C:\Windows\system32\winrm --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\oobe --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\migwiz --------- 8192  
 20.06.2011 14:51     C:\Windows\system32\Boot --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\slmgr --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\sysprep --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\Setup --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\migration --------- 8192  
 20.06.2011 14:51     C:\Windows\system32\WCN --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\Dism --------- 4096  
 20.06.2011 14:51     C:\Windows\system32\MUI --------- 4096  
 20.06.2011 14:50     C:\Windows\system32\Printing_Admin_Scripts --------- 4096  
 20.06.2011 14:50     C:\Windows\system32\wbem --------- 65536  
 20.06.2011 14:50     C:\Windows\system32\es-ES --------- 307200  
 20.06.2011 14:48     C:\Windows\system32\com --------- 4096  
 20.06.2011 14:41     C:\Windows\system32\pt-PT --------- 327680  
 20.06.2011 14:39     C:\Windows\system32\en-US --------- 192512  
 20.06.2011 14:36     C:\Windows\system32\nl-NL --------- 307200  
 20.06.2011 14:35     C:\Windows\system32\it-IT --------- 307200  
 20.06.2011 14:34     C:\Windows\system32\he-IL --------- 172032  
 20.06.2011 14:33     C:\Windows\system32\el-GR --------- 327680  
 20.06.2011 14:33     C:\Windows\system32\fr-FR --------- 307200  
 20.06.2011 14:31     C:\Windows\system32\zh-TW --------- 327680  
 12.06.2011 20:51     C:\Windows\system32\LogFiles --------- 4096  
 09.06.2011 19:14     C:\Windows\system32\PerfStringBackup.INI --------- 7024528  
 28.05.2011 14:56     C:\Windows\system32\frapsv64.dll --------- 71680  
 24.05.2011 23:44     C:\Windows\system32\OVDecode64.dll --------- 61952  
 24.05.2011 23:44     C:\Windows\system32\OpenCL.dll --------- 53760  
 24.05.2011 23:44     C:\Windows\system32\amdocl64.dll --------- 16672768  
 24.05.2011 19:14     C:\Windows\system32\MpSigStub.exe --------- 270720  
 23.05.2011 12:47     C:\Windows\system32\Defrag.ini --------- 80  
 23.05.2011 12:29     C:\Windows\system32\FNTCACHE.DAT --------- 452688  
 19.05.2011 20:43     C:\Windows\system32\license.rtf --------- 52953  
 19.05.2011 11:55     C:\Windows\system32\DRVSTORE --------- 0  
 19.05.2011 11:44     C:\Windows\system32\log --------- 0  
 19.05.2011 11:44     C:\Windows\system32\Recovery --------- 0  
 24.10.2010 00:56     C:\Windows\system32\CamCodec.dll --------- 49664  
 18.03.2010 09:36     C:\Windows\system32\mfc100fra.dll --------- 64336  
 18.03.2010 09:36     C:\Windows\system32\msvcp100.dll --------- 607568  
 18.03.2010 09:36     C:\Windows\system32\msvcr100.dll --------- 827728  
 18.03.2010 09:36     C:\Windows\system32\mfcm100u.dll --------- 91472  
 18.03.2010 09:36     C:\Windows\system32\mfcm100.dll --------- 91472  
 18.03.2010 09:36     C:\Windows\system32\mfc100u.dll --------- 5522768  
 18.03.2010 09:36     C:\Windows\system32\vcomp100.dll --------- 57168  
 18.03.2010 09:36     C:\Windows\system32\atl100.dll --------- 158536  
 18.03.2010 09:36     C:\Windows\system32\mfc100.dll --------- 5493576  
 18.03.2010 09:36     C:\Windows\system32\mfc100chs.dll --------- 36176  
 18.03.2010 09:36     C:\Windows\system32\mfc100cht.dll --------- 36176  
 18.03.2010 09:36     C:\Windows\system32\mfc100deu.dll --------- 64336  
 18.03.2010 09:36     C:\Windows\system32\mfc100enu.dll --------- 55120  
 18.03.2010 09:36     C:\Windows\system32\mfc100esn.dll --------- 63824  
 18.03.2010 09:36     C:\Windows\system32\mfc100rus.dll --------- 60752  
 18.03.2010 09:36     C:\Windows\system32\mfc100kor.dll --------- 43344  
 18.03.2010 09:36     C:\Windows\system32\mfc100ita.dll --------- 62288  
 18.03.2010 09:36     C:\Windows\system32\mfc100jpn.dll --------- 43856  
 03.12.2009 09:51     C:\Windows\system32\SRSLabs --------- 0  
 03.12.2009 09:51     C:\Windows\system32\msv1_0.dll --------- 311808  
 03.12.2009 09:51     C:\Windows\system32\msasn1.dll --------- 46592  
 03.12.2009 09:50     C:\Windows\system32\mshtml.dll --------- 9272320  
 03.12.2009 09:50     C:\Windows\system32\msfeedsbs.dll --------- 82944  
 03.12.2009 09:49     C:\Windows\system32\wmploc.DLL --------- 12625920  
 03.12.2009 09:49     C:\Windows\system32\wmp.dll --------- 14629376  
 03.12.2009 09:49     C:\Windows\system32\fontsub.dll --------- 100864  
 03.12.2009 09:49     C:\Windows\system32\atmfd.dll --------- 366080  
 03.12.2009 09:49     C:\Windows\system32\CertEnroll.dll --------- 1975296  
 03.12.2009 09:49     C:\Windows\system32\t2embed.dll --------- 148480  
 03.12.2009 09:45     C:\Windows\system32\OEM --------- 0  
 03.12.2009 09:05     C:\Windows\system32\restore --------- 0  
 02.10.2009 05:39     C:\Windows\system32\ATIDEMGX.dll --------- 446464  
 02.10.2009 05:38     C:\Windows\system32\atieclxx.exe --------- 439296  
 02.10.2009 05:38     C:\Windows\system32\atiesrxx.exe --------- 202752  
 02.10.2009 05:36     C:\Windows\system32\atitmm64.dll --------- 120320  
 02.10.2009 05:36     C:\Windows\system32\atipdl64.dll --------- 421376  
 02.10.2009 05:36     C:\Windows\system32\atimuixx.dll --------- 12288  
 02.10.2009 05:36     C:\Windows\system32\atiedu64.dll --------- 59392  
 02.10.2009 05:24     C:\Windows\system32\atidxx64.dll --------- 3599360  
 02.10.2009 05:17     C:\Windows\system32\atio6axx.dll --------- 16681984  
 02.10.2009 05:10     C:\Windows\system32\atiumd64.dll --------- 4649472  
 02.10.2009 05:02     C:\Windows\system32\atiumd6a.dll --------- 2519040  
 02.10.2009 05:00     C:\Windows\system32\atiumd6a.cap --------- 333904  
 02.10.2009 04:40     C:\Windows\system32\atimpc64.dll --------- 53248  
 02.10.2009 04:40     C:\Windows\system32\amdpcom64.dll --------- 53248  
----------------------------------------

 
C:\Windows\Prefetch

 23.05.2011 13:35     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 338851  
 23.05.2011 13:35     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 357203  
 23.05.2011 13:35     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 1297268  
 23.05.2011 13:35     C:\Windows\Prefetch\AgRobust.db --------- 66384  
 23.05.2011 13:35     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584  
 23.05.2011 13:05     C:\Windows\Prefetch\ReadyBoot --------- 0  
 19.05.2011 11:47     C:\Windows\Prefetch\AgAppLaunch.db --------- 334168  
----------------------------------------

 
C:\Windows\Tasks

 29.07.2011 13:57     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1106  
 29.07.2011 13:48     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1102  
 29.07.2011 13:47     C:\Windows\Tasks\SA.DAT --------- 6  
 19.07.2011 12:32     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632  
----------------------------------------

 
C:\Windows\Temp

 29.07.2011 14:10     C:\Windows\Temp\fwtsqmfile01.sqm --------- 608  
 29.07.2011 13:57     C:\Windows\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb --------- 3596  
 29.07.2011 13:49     C:\Windows\Temp\lpksetup-20110729-134918-0.log --------- 2650  
 29.07.2011 13:49     C:\Windows\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb --------- 3596  
 29.07.2011 13:46     C:\Windows\Temp\fwtsqmfile00.sqm --------- 608  
----------------------------------------

 
C:\Users\ASUS\AppData\Local\Temp

 29.07.2011 13:54     C:\Users\ASUS\AppData\Local\Temp\jusched.log --------- 767  
 29.07.2011 13:51     C:\Users\ASUS\AppData\Local\Temp\~DF7662ED510D4E7F3D.TMP --------- 16384  
 29.07.2011 13:50     C:\Users\ASUS\AppData\Local\Temp\StructuredQuery.log --------- 707  
 29.07.2011 13:50     C:\Users\ASUS\AppData\Local\Temp\~DFDA51C10D0C92AE39.TMP --------- 16384  
 29.07.2011 13:50     C:\Users\ASUS\AppData\Local\Temp\Low --------- 0  
 29.07.2011 13:49     C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb --------- 3596  
 29.07.2011 13:49     C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 29.07.2011 13:48     C:\Users\ASUS\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb --------- 3596  
----------------------------------------

 
C:\Program Files

 28.07.2011 12:57     C:\Program Files\CCleaner --------- 0  
 27.07.2011 20:28     C:\Program Files\HyperCam 2 --------- 4096  
 26.07.2011 15:00     C:\Program Files\ATI Technologies --------- 0  
 20.06.2011 14:53     C:\Program Files\Windows Mail --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Sidebar --------- 4096  
 20.06.2011 14:53     C:\Program Files\Internet Explorer --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Media Player --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Journal --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Photo Viewer --------- 4096  
 20.06.2011 14:53     C:\Program Files\Windows Defender --------- 4096  
 20.06.2011 14:32     C:\Program Files\DVD Maker --------- 4096  
 12.06.2011 12:11     C:\Program Files\Google --------- 0  
 19.05.2011 11:55     C:\Program Files\Windows Live --------- 0  
 03.12.2009 09:58     C:\Program Files\ASUS --------- 0  
 03.12.2009 09:56     C:\Program Files\P4G --------- 4096  
 03.12.2009 09:53     C:\Program Files\Elantech --------- 4096  
 03.12.2009 09:52     C:\Program Files\SRS Labs --------- 0  
 03.12.2009 09:51     C:\Program Files\DIFX --------- 0  
 03.12.2009 09:51     C:\Program Files\ATKGFNEX --------- 4096  
 03.12.2009 09:47     C:\Program Files\ATI --------- 0  
 03.12.2009 09:46     C:\Program Files\Trend Micro --------- 0  
 03.12.2009 09:11     C:\Program Files\Microsoft Office --------- 0  
 14.07.2009 09:45     C:\Program Files\Microsoft Games --------- 4096  
 14.07.2009 07:32     C:\Program Files\Windows Portable Devices --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:32     C:\Program Files\Windows NT --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
 14.07.2009 05:20     C:\Program Files\Common Files --------- 4096  
----------------------------------------

 
C:\ProgramData\.. 

ASUS    
Public    
Default    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0           996 K
smss.exe                       252 Services                   0         1.032 K
csrss.exe                      340 Services                   0         6.160 K
csrss.exe                      420 Console                    1        14.988 K
wininit.exe                    428 Services                   0         6.060 K
services.exe                   480 Services                   0        10.960 K
winlogon.exe                   512 Console                    1         6.884 K
lsass.exe                      548 Services                   0        12.544 K
lsm.exe                        560 Services                   0         4.276 K
svchost.exe                    664 Services                   0         9.064 K
svchost.exe                    776 Services                   0         9.132 K
atiesrxx.exe                   868 Services                   0         3.972 K
svchost.exe                    920 Services                   0        29.552 K
svchost.exe                    964 Services                   0        18.084 K
svchost.exe                    988 Services                   0        38.000 K
svchost.exe                    296 Services                   0        14.076 K
svchost.exe                    268 Services                   0        15.740 K
FBAgent.exe                   1148 Services                   0        12.704 K
AsLdrSrv.exe                  1188 Services                   0         3.660 K
atieclxx.exe                  1216 Console                    1         5.400 K
GFNEXSrv.exe                  1380 Services                   0         3.088 K
spoolsv.exe                   1540 Services                   0        11.748 K
taskhost.exe                  1600 Console                    1         9.632 K
dwm.exe                       1648 Console                    1        38.588 K
explorer.exe                  1668 Console                    1        70.476 K
HControl.exe                  1744 Console                    1         6.376 K
svchost.exe                   1772 Services                   0        20.996 K
ATKOSD.exe                    1836 Console                    1         5.528 K
taskeng.exe                   1848 Console                    1         6.268 K
BatteryLife.exe               1924 Console                    1         4.252 K
sensorsrv.exe                 1932 Console                    1         4.256 K
ACMON.exe                     1940 Console                    1         5.552 K
ALU.exe                       1948 Console                    1         4.272 K
wcourier.exe                  1960 Console                    1         4.260 K
ASPG.exe                      1968 Console                    1         4.272 K
ControlDeckStartUp.exe        1992 Console                    1         3.240 K
svchost.exe                   2012 Services                   0        14.636 K
Fuel.Service.exe              2032 Services                   0         9.140 K
hamachi-2.exe                 1232 Services                   0         9.940 K
KBFiltr.exe                   1348 Console                    1         3.780 K
WDC.exe                       1352 Console                    1         5.000 K
ICQ Service.exe               1792 Services                   0         6.684 K
hamachi-2-ui.exe              2064 Console                    1         7.548 K
OberonGameConsoleService.     2176 Services                   0        23.332 K
SeaPort.exe                   2300 Services                   0        10.212 K
SfCtlCom.exe                  2340 Services                   0        11.900 K
svchost.exe                   2372 Services                   0         5.424 K
UfSeAgnt.exe                  2616 Console                    1         1.540 K
svchost.exe                   2716 Services                   0         6.340 K
svchost.exe                   2920 Services                   0        14.572 K
TmProxy.exe                   2700 Services                   0        21.044 K
ADSMSrv.exe                   3248 Services                   0         3.816 K
SearchIndexer.exe             3356 Services                   0        29.324 K
AsScrPro.exe                  3524 Console                    1         7.844 K
CLMLSvc.exe                   3604 Console                    1         7.392 K
BackupService.exe             3816 Console                    1        44.796 K
ETDCtrl.exe                   3824 Console                    1         8.236 K
AmIcoSinglun64.exe            3832 Console                    1         6.036 K
ICQ.exe                       3868 Console                    1        40.220 K
cacaoweb.exe                  3892 Console                    1         8.012 K
HControlUser.exe              4012 Console                    1         3.164 K
ATKOSD2.exe                   4020 Console                    1        10.448 K
VDECK.EXE                     4028 Console                    1        31.092 K
DMedia.exe                    4036 Console                    1         3.912 K
jusched.exe                   4052 Console                    1         4.248 K
mbamgui.exe                   4088 Console                    1         7.264 K
SRSPremiumPanel_64.exe         316 Console                    1        18.220 K
MOM.exe                        324 Console                    1         4.664 K
ACEngSvr.exe                  3132 Console                    1         6.272 K
CCC.exe                       2904 Console                    1        10.012 K
wmpnetwk.exe                  4464 Services                   0        13.192 K
svchost.exe                   4508 Services                   0        15.364 K
iexplore.exe                  3172 Console                    1        23.312 K
iexplore.exe                  5164 Console                    1        47.448 K
GoogleToolbarUser_32.exe      5428 Console                    1        11.224 K
mbamservice.exe               5620 Services                   0        35.696 K
svchost.exe                   4736 Services                   0        26.580 K
TMBMSRV.exe                   5872 Services                   0         9.008 K
PresentationFontCache.exe     6228 Services                   0        16.512 K
notepad.exe                   3120 Console                    1         6.048 K
audiodg.exe                   1888 Services                   0        16.484 K
SearchProtocolHost.exe        5548 Services                   0         7.980 K
SearchFilterHost.exe          1516 Services                   0         6.188 K
cmd.exe                       6036 Console                    1         3.560 K
conhost.exe                   5952 Console                    1         6.284 K
tasklist.exe                  5716 Console                    1         5.164 K
WmiPrvSE.exe                   816 Services                   0         5.896 K

 
***** Ende des Scans 29.07.2011 um 14:24:30,60 ***

Schuldigung für die vielen Beiträge, wenn es zu lang dauert einen Beitrag zu schreiben (wegen zu vielen Zeichen) kommt Error.

Drumming · 29.07.2011, 14:10

Außerdem möcht ich mich an dieser Stelle Bedanken.
Gute Arbeit.
Dankeschoen

kira · 30.07.2011, 08:32

1.
Ich denke, geht durch einfaches Löschen:

Zitat:

C:\Windows\info1
C:\Windows\winlog-ids.txt
C:\Windows\winlog-dirs.txt

Danach gleich den Papierkorb leeren!

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Drumming · 30.07.2011, 17:17

So habe die Dateien gelöscht.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7324

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.07.2011 13:06:31
mbam-log-2011-07-30 (13-06-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 300606
Laufzeit: 51 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Bei SUPERAntiSpyware Free Edition habe ich kein Protokoll bekommen

Dann noch der Eset Log:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e5968c5260b46042ac199fd1ee612b0a
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-30 12:35:14
# local_time=2011-07-30 02:35:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode=513 16777085 100 97 10492 61099975 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 343094 63659126 0 0
# compatibility_mode=8192 67108863 100 0 149 149 0 0
# scanned=569
# found=0
# cleaned=0
# scan_time=37
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e5968c5260b46042ac199fd1ee612b0a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-30 02:26:06
# local_time=2011-07-30 04:26:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode=513 16777085 100 97 10648 61100131 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 343250 63659282 0 0
# compatibility_mode=8192 67108863 100 0 305 305 0 0
# scanned=153472
# found=3
# cleaned=3
# scan_time=6534
C:\Windows\system64\consrv.dll	Win64/Agent.AC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)	00000000000000000000000000000000	C
C:\Windows\system64\drivers\etc\hosts.bak	Win32/Qhost Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07292011_134328\C_Windows\System32\drivers\etc\hosts	Win32/Qhost Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)	00000000000000000000000000000000	C