| Mc Toffi | 26.04.2011 22:35 |
Trojaner TR/Kazy.mekml.1 und auch bei mir...
Hallo Ihr Helfer;)
hab mir nun auch den Virus eingefangen (TR/Kazy.mekml.1) und noch den hier
TR/ATRAPS.Gen2
hab Vista.
und nun das gleiche Probleme wie bei den anderen hier.
Please help me
OTL.TxtOTL Logfile: Code:
OTL logfile created on: 26.04.2011 23:33:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ASUS\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 40,49 Gb Free Space | 34,77% Space Free | Partition Type: NTFS
Drive D: | 109,60 Gb Total Space | 105,13 Gb Free Space | 95,92% Space Free | Partition Type: NTFS
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\ASUS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\RSxWcWRakP.exe (WinTrust)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MouseDriver\OfficeMouse.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\facemgr.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
========== Modules (SafeList) ==========
MOD - C:\Users\ASUS\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (spmgr) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (nhcDriverDevice) -- C:\Windows\system32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-985781421-3582190388-3317434361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKU\S-1-5-21-985781421-3582190388-3317434361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ASUSTeK Computer
IE - HKU\S-1-5-21-985781421-3582190388-3317434361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-985781421-3582190388-3317434361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Oryte Games 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2644243&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 13:41:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 13:41:31 | 000,000,000 | ---D | M]
[2009.12.29 18:11:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2011.04.26 23:31:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\a6l10i1d.default\extensions
[2010.05.31 21:49:35 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\a6l10i1d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.20 18:15:16 | 000,000,000 | -H-D | M] (Green Fox) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\a6l10i1d.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010.11.23 22:03:06 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\a6l10i1d.default\extensions\vshare@toolbar
[2010.09.12 17:33:40 | 000,000,935 | -H-- | M] () -- C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\a6l10i1d.default\searchplugins\conduit.xml
[2011.03.01 21:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.12.14 14:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.25 16:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.01 21:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.28 16:29:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.28 16:29:10 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.28 16:29:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.28 16:29:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.28 16:29:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [iWareV3] C:\Program Files\MouseDriver\OfficeMouse.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-985781421-3582190388-3317434361-1000..\Run: [RSxWcWRakP] C:\ProgramData\RSxWcWRakP.exe (WinTrust)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{184b16de-f48f-11de-ac4b-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{184b16de-f48f-11de-ac4b-0023546b40f4}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{184b16ea-f48f-11de-ac4b-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{184b16ea-f48f-11de-ac4b-0023546b40f4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{2774f6e7-e657-11df-a3cf-9b3754b50fe0}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler library_1.htm
O33 - MountPoints2\{5cbe1f80-aa2a-11df-a907-c0e9cdef3766}\Shell\AutoRun\command - "" = K:\Install.exe
O33 - MountPoints2\{5cbe1f80-aa2a-11df-a907-c0e9cdef3766}\Shell\menu1\command - "" = K:\Install.exe
O33 - MountPoints2\{60908d7d-ff97-11de-87f1-0023546b40f4}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\{7bdb5453-2233-11df-89da-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdb5453-2233-11df-89da-0023546b40f4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9057e5a2-305c-11df-a7ce-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{9057e5a2-305c-11df-a7ce-0023546b40f4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{abcb529c-f942-11de-aff3-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{abcb529c-f942-11de-aff3-0023546b40f4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{abcb52b0-f942-11de-aff3-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{abcb52b0-f942-11de-aff3-0023546b40f4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{b1df12c9-0dcc-11df-a722-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b1df12c9-0dcc-11df-a722-0023546b40f4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{b1df12cb-0dcc-11df-a722-0023546b40f4}\Shell\AutoRun\command - "" = L:\Launcher.exe
O33 - MountPoints2\{b3fa7c99-01e5-11df-a41e-0023546b40f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3fa7c99-01e5-11df-a41e-0023546b40f4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{b8b6efa8-64db-11df-87f7-90a2c2e9f01b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8b6efa8-64db-11df-87f7-90a2c2e9f01b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^Users^ASUS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Aquarium Desktop 2007.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^ASUS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe ()
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe ()
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: MobileConnect - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - File not found
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.04.26 21:11:28 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\RSxWcWRakP.exe
[2011.04.26 20:53:40 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{2B1A2790-DF73-486E-AA55-A93645DC54A4}
[2011.04.26 08:53:25 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{04208B1A-6E0E-4C5A-827B-E922292A4E2E}
[2011.04.25 19:44:34 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{5154EBD5-680F-4CBF-A4D9-2543044DAE3F}
[2011.04.25 07:44:13 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{F995C976-0E47-48C9-8F63-9DCB3C1BA1A2}
[2011.04.24 12:04:05 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{D38A7FFB-CA44-4B53-B802-7F059B0B87EA}
[2011.04.23 08:46:35 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{43EAB927-03E3-45C4-81C5-BBD0B4ACD310}
[2011.04.22 11:13:13 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{F325E644-3BF0-4410-8881-0B244637F927}
[2011.04.21 17:38:33 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{9F8BA9B1-0DB7-4C12-BBEF-50C48C8B3501}
[2011.04.20 20:15:19 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{133D4322-6B2B-4CA8-8FF6-F85C1286A7DB}
[2011.04.20 07:23:16 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{A6A972BF-EA35-4614-AA6E-BFF77D0B089D}
[2011.04.19 22:45:24 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\Desktop\Honda
[2011.04.19 22:45:17 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\Desktop\AQ
[2011.04.19 16:24:18 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{188FBC9F-6696-46C1-9775-04B913116AA1}
[2011.04.19 04:24:01 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{3D963CD6-298C-4FBA-B59F-410AADF72D9A}
[2011.04.18 16:20:08 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{E0EEF808-DE36-4C4E-AE1F-DC4671CE242D}
[2011.04.18 13:21:53 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{006AFBDB-7E92-4852-B22B-549AB8DA17E1}
[2011.04.17 15:25:31 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{7F286A48-BFD3-479A-B48E-95C07C3EC542}
[2011.04.16 22:13:49 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{7F64730A-8259-404A-8372-A180107032D6}
[2011.04.16 14:35:38 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{CC0B782D-4109-4CB2-AC9F-35AA4A1BDAE9}
[2011.04.15 15:49:55 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:49:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:49:50 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:49:49 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:49:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:49:38 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:49:38 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:49:38 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:49:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:49:37 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 15:49:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 15:49:29 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:49:24 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:49:24 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.15 15:29:18 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{E745903A-6D4B-4EA2-A3B4-6827B36A4318}
[2011.04.14 17:58:30 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{93FC5C39-AEE7-4392-AE68-1C5058C08C9A}
[2011.04.13 20:35:23 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{9487F174-187A-4757-86CA-5CD76C4C5612}
[2011.04.13 07:08:34 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{11479C6B-BC6F-4D42-8806-54C521C1AC62}
[2011.04.12 17:30:33 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{B551AF9A-8173-4D6B-BD8F-4C4F9005B6D6}
[2011.04.12 11:51:25 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{19E7AB32-549A-420A-BA33-69618DD5D6C9}
[2011.04.12 07:06:04 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{4C47C64D-C4BA-4A4C-8F7A-93483585B9DE}
[2011.04.11 20:40:14 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{3BD10045-A13F-4005-A239-7BD076000ED0}
[2011.04.10 11:44:13 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{711049CF-95E9-40E4-9A3D-EDB714E7A9D5}
[2011.04.09 21:54:42 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{06040D7D-588D-4497-92FD-700556497DA6}
[2011.04.09 09:30:28 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{5B4B071E-9D80-4CF8-8A98-4EEC8755CA07}
[2011.04.08 21:48:14 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{08ECB6A7-B315-4873-AC7D-34371F8CC34A}
[2011.04.08 09:47:57 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{1375290B-F9CE-419D-AE7D-B0AD5B3AC494}
[2011.04.07 07:12:11 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{31E77F89-437B-41FF-8C8D-216F695292A2}
[2011.04.06 19:02:50 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{3ACB5504-328E-4667-8AE9-112BEF713321}
[2011.04.06 07:20:53 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{FD1342E6-E0C1-42AA-977D-FAAFD980A84B}
[2011.04.05 18:53:23 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{03398FB6-412E-4E53-962B-5DEF466F79B9}
[2011.04.05 07:14:46 | 000,000,000 | RH-D | C] -- C:\Users\ASUS\root
[2011.04.05 07:09:52 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{F3526DEB-F8C8-4DFC-B7F7-BAAAAAC9BC72}
[2011.04.04 19:19:55 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{4BC2C41E-9F58-49DF-A494-6A0D10257D71}
[2011.04.04 12:06:03 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{148C09BC-96AC-4C6B-9EF3-DC545392B1A2}
[2011.04.03 12:35:22 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{FB3979CE-1769-48DF-BBE7-62BAD9920EA4}
[2011.04.03 00:35:07 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{CBAA244A-9354-4D0F-B203-0CB622E6D259}
[2011.04.02 10:41:22 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{7406B6E1-D096-482F-8853-0D5073548E1E}
[2011.04.02 01:37:44 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\Chris Brown - F.A.M.E (2011)
[2011.04.01 23:55:53 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{6BE0EB81-2F4C-422C-9776-D45E7A83A3BC}
[2011.04.01 11:55:55 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{5ECE9995-EC7E-40C5-81FE-D0804FFC6255}
[2011.04.01 08:02:36 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{C4C42F07-70FE-42AC-B40D-BB33D2B53B38}
[2011.03.31 20:00:49 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{B43B5747-A871-4DBC-BC6F-E66FC19445EB}
[2011.03.31 08:00:37 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{2166833C-91FC-431C-8D87-BB91872D8116}
[2011.03.30 19:58:50 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{1AD4E3D2-0E64-4A32-9F67-C0C12C859E6C}
[2011.03.30 07:32:18 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{906219D5-5884-4015-B658-E0AD3E06D6C0}
[2011.03.29 19:32:01 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{4BE5AF42-CA5F-4187-BF0C-726A91C38AA1}
[2011.03.29 16:10:32 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\Abudtone- Lost in Nirvana
[2011.03.29 07:29:39 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{997D1789-C8E9-4D00-BB8A-C0FD97CAD817}
[2011.03.28 18:42:12 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{7636D89D-E118-49DF-A816-DDBA6E8F3C79}
[2011.03.28 11:43:18 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\{8FF4A9EB-52EA-4E7A-94A9-D4A5DE6C7922}
[2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2008.05.22 01:38:59 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
========== Files - Modified Within 30 Days ==========
[2011.04.26 23:36:14 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 23:36:14 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 23:36:14 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 23:36:14 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 23:30:18 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.04.26 23:30:11 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.26 23:28:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:28:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:27:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 23:27:17 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 23:26:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.26 22:27:32 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.26 21:11:28 | 000,573,440 | -H-- | M] (WinTrust) -- C:\ProgramData\RSxWcWRakP.exe
[2011.04.25 22:46:54 | 000,726,389 | -H-- | M] () -- C:\Users\ASUS\Desktop\posnaniaik1forum.jpg
[2011.04.25 22:44:35 | 000,078,522 | -H-- | M] () -- C:\Users\ASUS\Desktop\PreludeRaman48.jpg
[2011.04.25 22:43:09 | 000,420,265 | -H-- | M] () -- C:\Users\ASUS\Desktop\19357DSC-V3C_257.jpg
[2011.04.25 21:07:11 | 000,785,599 | -H-- | M] () -- C:\Users\ASUS\Desktop\dsc7447p.jpg
[2011.04.25 21:06:17 | 001,190,445 | -H-- | M] () -- C:\Users\ASUS\Desktop\0iupu.jpg
[2011.04.25 21:05:49 | 000,105,745 | -H-- | M] () -- C:\Users\ASUS\Desktop\lude.jpg
[2011.04.25 21:05:14 | 000,132,809 | -H-- | M] () -- C:\Users\ASUS\Desktop\IMG_0071.jpg
[2011.04.25 07:37:54 | 268,843,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.20 22:09:45 | 000,025,157 | -H-- | M] () -- C:\Users\ASUS\Desktop\130576.jpg
[2011.04.20 08:21:53 | 000,033,673 | -H-- | M] () -- C:\Users\ASUS\1178336288.jpg
[2011.04.17 03:24:08 | 000,247,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.04 19:53:32 | 000,704,161 | -H-- | M] () -- C:\Users\ASUS\koh_tao_map_big_size.jpg
[2011.04.04 19:50:00 | 000,085,071 | -H-- | M] () -- C:\Users\ASUS\_MG_6196-1.jpg
[2011.04.04 19:46:06 | 000,306,404 | -H-- | M] () -- C:\Users\ASUS\DSC00772.jpg
[2011.03.31 21:24:00 | 000,043,603 | -H-- | M] () -- C:\Users\ASUS\matte_black_honda_cr_z_ts_1x_10-800-600.jpg
[2011.03.31 20:48:24 | 000,230,573 | -H-- | M] () -- C:\Users\ASUS\DSC02124.JPG
[2011.03.31 11:40:30 | 000,369,427 | -H-- | M] () -- C:\Users\ASUS\DSC02145.JPG
[2011.03.31 11:39:14 | 000,336,911 | -H-- | M] () -- C:\Users\ASUS\DSC02144.JPG
[2011.03.31 11:39:06 | 000,308,443 | -H-- | M] () -- C:\Users\ASUS\DSC02143.JPG
[2011.03.31 11:28:48 | 000,374,734 | -H-- | M] () -- C:\Users\ASUS\DSC02141.JPG
[2011.03.31 11:28:44 | 000,343,119 | -H-- | M] () -- C:\Users\ASUS\DSC02140.JPG
[2011.03.30 22:09:13 | 000,005,917 | -H-- | M] () -- C:\Users\ASUS\hag230908-021753_V1_BLACK.jpg
[2011.03.30 22:07:26 | 000,006,357 | -H-- | M] () -- C:\Users\ASUS\hag230908-021751_REV.jpg
[2011.03.30 21:12:25 | 000,025,540 | -H-- | M] () -- C:\Users\ASUS\19811.jpg
[2011.03.30 21:12:04 | 000,006,106 | -H-- | M] () -- C:\Users\ASUS\nano-aquarium-fuers-foto-bild-48287256.270.jpg
[2011.03.30 09:10:20 | 000,132,328 | -H-- | M] () -- C:\Users\ASUS\DSC02139.JPG
[2011.03.29 04:13:56 | 000,222,584 | -H-- | M] () -- C:\Users\ASUS\DSC02136.JPG
[2011.03.28 13:52:00 | 000,194,100 | -H-- | M] () -- C:\Users\ASUS\DSC02135.JPG
[2011.03.28 13:51:50 | 000,246,867 | -H-- | M] () -- C:\Users\ASUS\DSC02134.JPG
========== Files Created - No Company Name ==========
[2011.04.26 21:54:37 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.25 22:46:53 | 000,726,389 | -H-- | C] () -- C:\Users\ASUS\Desktop\posnaniaik1forum.jpg
[2011.04.25 22:44:34 | 000,078,522 | -H-- | C] () -- C:\Users\ASUS\Desktop\PreludeRaman48.jpg
[2011.04.25 22:43:08 | 000,420,265 | -H-- | C] () -- C:\Users\ASUS\Desktop\19357DSC-V3C_257.jpg
[2011.04.25 21:07:11 | 000,785,599 | -H-- | C] () -- C:\Users\ASUS\Desktop\dsc7447p.jpg
[2011.04.25 21:06:16 | 001,190,445 | -H-- | C] () -- C:\Users\ASUS\Desktop\0iupu.jpg
[2011.04.25 21:05:48 | 000,105,745 | -H-- | C] () -- C:\Users\ASUS\Desktop\lude.jpg
[2011.04.25 21:05:13 | 000,132,809 | -H-- | C] () -- C:\Users\ASUS\Desktop\IMG_0071.jpg
[2011.04.20 22:09:44 | 000,025,157 | -H-- | C] () -- C:\Users\ASUS\Desktop\130576.jpg
[2011.04.20 08:21:53 | 000,033,673 | -H-- | C] () -- C:\Users\ASUS\1178336288.jpg
[2011.04.04 19:53:31 | 000,704,161 | -H-- | C] () -- C:\Users\ASUS\koh_tao_map_big_size.jpg
[2011.04.04 19:50:00 | 000,085,071 | -H-- | C] () -- C:\Users\ASUS\_MG_6196-1.jpg
[2011.04.04 19:46:05 | 000,306,404 | -H-- | C] () -- C:\Users\ASUS\DSC00772.jpg
[2011.03.31 21:23:59 | 000,043,603 | -H-- | C] () -- C:\Users\ASUS\matte_black_honda_cr_z_ts_1x_10-800-600.jpg
[2011.03.31 20:39:33 | 000,952,850 | -H-- | C] () -- C:\Users\ASUS\MOV02123.3GP
[2011.03.31 20:39:33 | 000,374,734 | -H-- | C] () -- C:\Users\ASUS\DSC02141.JPG
[2011.03.31 20:39:33 | 000,369,427 | -H-- | C] () -- C:\Users\ASUS\DSC02145.JPG
[2011.03.31 20:39:33 | 000,343,119 | -H-- | C] () -- C:\Users\ASUS\DSC02140.JPG
[2011.03.31 20:39:33 | 000,336,911 | -H-- | C] () -- C:\Users\ASUS\DSC02144.JPG
[2011.03.31 20:39:33 | 000,308,443 | -H-- | C] () -- C:\Users\ASUS\DSC02143.JPG
[2011.03.31 20:39:33 | 000,293,441 | -H-- | C] () -- C:\Users\ASUS\DSC02126.JPG
[2011.03.31 20:39:33 | 000,288,343 | -H-- | C] () -- C:\Users\ASUS\DSC02130.JPG
[2011.03.31 20:39:33 | 000,276,698 | -H-- | C] () -- C:\Users\ASUS\DSC02129.JPG
[2011.03.31 20:39:33 | 000,257,987 | -H-- | C] () -- C:\Users\ASUS\DSC02128.JPG
[2011.03.31 20:39:33 | 000,246,867 | -H-- | C] () -- C:\Users\ASUS\DSC02134.JPG
[2011.03.31 20:39:33 | 000,233,407 | -H-- | C] () -- C:\Users\ASUS\DSC02127.JPG
[2011.03.31 20:39:33 | 000,230,573 | -H-- | C] () -- C:\Users\ASUS\DSC02124.JPG
[2011.03.31 20:39:33 | 000,222,584 | -H-- | C] () -- C:\Users\ASUS\DSC02136.JPG
[2011.03.31 20:39:33 | 000,194,100 | -H-- | C] () -- C:\Users\ASUS\DSC02135.JPG
[2011.03.31 20:39:33 | 000,173,530 | -H-- | C] () -- C:\Users\ASUS\DSC02121.JPG
[2011.03.31 20:39:33 | 000,151,982 | -H-- | C] () -- C:\Users\ASUS\MOV02108.3GP
[2011.03.31 20:39:33 | 000,132,328 | -H-- | C] () -- C:\Users\ASUS\DSC02139.JPG
[2011.03.31 20:39:31 | 000,953,760 | -H-- | C] () -- C:\Users\ASUS\MOV02133.3GP
[2011.03.31 20:39:30 | 000,529,552 | -H-- | C] () -- C:\Users\ASUS\MOV02132.3GP
[2011.03.31 20:39:29 | 000,930,898 | -H-- | C] () -- C:\Users\ASUS\MOV02125.3GP
[2011.03.30 22:09:12 | 000,005,917 | -H-- | C] () -- C:\Users\ASUS\hag230908-021753_V1_BLACK.jpg
[2011.03.30 22:07:25 | 000,006,357 | -H-- | C] () -- C:\Users\ASUS\hag230908-021751_REV.jpg
[2011.03.30 21:12:24 | 000,025,540 | -H-- | C] () -- C:\Users\ASUS\19811.jpg
[2011.03.30 21:12:04 | 000,006,106 | -H-- | C] () -- C:\Users\ASUS\nano-aquarium-fuers-foto-bild-48287256.270.jpg
[2010.12.13 12:59:38 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.13 12:59:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.12.13 12:59:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2010.12.13 12:55:18 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.03.30 16:48:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.02.25 21:10:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.25 21:10:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.25 21:09:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.02 21:40:56 | 000,001,356 | -H-- | C] () -- C:\Users\ASUS\AppData\Local\d3d9caps.dat
[2009.12.29 17:48:01 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.12.29 17:46:24 | 000,222,208 | -H-- | C] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.10 01:23:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.04.10 01:17:52 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009.04.10 01:17:42 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009.04.10 00:42:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.06.10 16:13:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 15:38:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 11:50:17 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.05.22 01:40:59 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.05.22 01:38:59 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.05.22 01:38:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.04.16 13:11:34 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.03.05 14:38:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,247,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2010.11.21 20:45:10 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Electronic Arts
[2009.12.31 10:28:50 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\gtk-2.0
[2010.10.11 20:33:03 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Leadertech
[2011.01.04 21:07:56 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Notebook Hardware Control
[2011.01.26 16:36:32 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\ProtectDisc
[2009.12.29 17:56:40 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Vodafone
[2011.04.26 23:26:13 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.01.02 12:26:15 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Adobe
[2009.12.25 11:18:42 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\ATI
[2010.01.13 20:20:37 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\AVS4YOU
[2010.12.14 15:13:34 | 000,000,000 | RH-D | M] -- C:\Users\ASUS\AppData\Roaming\Brother
[2010.08.17 23:04:07 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\CyberLink
[2010.05.23 23:30:41 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\dvdcss
[2010.11.21 20:45:10 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Electronic Arts
[2009.12.31 10:28:50 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\gtk-2.0
[2009.12.25 11:17:13 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Identities
[2010.09.19 17:12:01 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\InstallShield
[2010.10.11 20:33:03 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Leadertech
[2009.12.25 11:18:28 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Media Center Programs
[2010.11.01 18:46:18 | 000,000,000 | --SD | M] -- C:\Users\ASUS\AppData\Roaming\Microsoft
[2009.12.29 18:11:13 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Mozilla
[2011.01.04 21:07:56 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Notebook Hardware Control
[2011.04.20 13:26:33 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\OpenOffice.org2
[2011.01.26 16:36:32 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\ProtectDisc
[2010.01.19 07:01:34 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Skype
[2010.02.26 00:51:09 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\U3
[2011.01.12 23:10:05 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\vlc
[2009.12.29 17:56:40 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\Vodafone
[2010.01.13 20:05:30 | 000,000,000 | -H-D | M] -- C:\Users\ASUS\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010.11.21 20:45:14 | 000,041,100 | -H-- | M] (Electronic Arts) -- C:\Users\ASUS\AppData\Roaming\Electronic Arts\Game Face\uninstall.exe
[2007.10.23 10:27:20 | 000,110,592 | -H-- | M] () -- C:\Users\ASUS\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\ASUS\AppData\Roaming\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
--- --- ---
----------------------------------------
Extras.TxtOTL Logfile: Code:
OTL Extras logfile created on: 26.04.2011 23:33:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ASUS\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 40,49 Gb Free Space | 34,77% Space Free | Partition Type: NTFS
Drive D: | 109,60 Gb Total Space | 105,13 Gb Free Space | 95,92% Space Free | Partition Type: NTFS
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-985781421-3582190388-3317434361-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02114C35-A760-490B-B7AB-01FD7ABDE39A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{0211ACB8-6CFC-42B2-971A-778D5957E0C8}" = rport=138 | protocol=17 | dir=out | app=system |
"{025C8BC0-418B-407E-9DA0-C3B30D74F06F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{033414E7-E94A-4CE0-ABBF-8B70CBBF0804}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{071C3C07-BEC5-4CD5-AAF9-A1E85FEC5351}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09041034-C574-435C-9F41-80DE495F09F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{09387A7D-3E33-4B4B-94DB-FE94AD43538A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0B8FD6A5-4279-4552-AFDB-00AE78D4B5BB}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0D1DC549-C186-4D8C-8B4B-7426E12D5A60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FDF0B91-7C70-4953-BA8C-B6EA0DF84ECE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{133749DC-A5E6-413D-861F-1B9FD5420A49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{137026FE-EEDB-4DC1-B1CA-84AED7AE09F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14AEA14D-01C4-41EA-8494-39AC74E89B5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17B4B9B2-E6B1-4FD4-B7D2-2E687A7CBBB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19CEA936-91AE-4810-8038-5DD2306F68B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C30F73E-51F3-48E9-BEDC-34C1F0665E97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{330CC641-0842-4B61-8E6E-4A2464F49763}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{36671C74-0144-4C83-A217-03E93815088A}" = lport=139 | protocol=6 | dir=in | app=system |
"{3AEC1B07-6731-4890-BCB3-BDBC1DA38C80}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3B7F6DB6-F658-423B-9AE1-09F507C0EF1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CB2426F-9DB0-42EA-8345-082B521A9264}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4828CD8D-C118-4DBC-BEF6-59AFD2DEC70F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55074082-624A-4B84-9085-062AEC300E08}" = lport=445 | protocol=6 | dir=in | app=system |
"{56256F0E-001C-4161-9D00-805DD0957DBD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{56F7531B-01C2-44A2-80B6-11103E27D700}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{598ADBB7-9C63-42A6-8C3E-AE680E2D57FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{655CE17A-4659-41BD-A207-35967B3BC308}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FA65F37-E694-42BA-8CB7-FD86A67D279D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71ED3C15-E8F7-4A29-8BED-F0E2EE5049B6}" = lport=138 | protocol=17 | dir=in | app=system |
"{73CD7652-5949-4120-A2BA-8515CD2A0B9C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AE143A3-3092-4BF8-9477-E49BBCBDCA2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E536EA9-7497-4D04-8A56-F31CC7A4B802}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7F3AEB69-51D4-46B0-A6A0-DA5FD227E0DB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{823CCB00-BDDA-4D77-A152-F2F181D98530}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B4954A8-0A48-49C5-80AF-C1B8497C8D25}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8B788113-8CD4-4720-B6A4-411D4A9139C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B7A66D1-A825-47A2-9EC9-35621BCEF9DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96F37D9A-25FC-4D3A-89AB-D3BC2750FC2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97E1EC6A-6EAF-45BC-B50E-1996BCDA7D15}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{99E2E4EB-3249-45B8-89BC-FFC8C639100B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A51C5749-509A-4B53-85D4-1EF1EA9BA298}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AAC8347B-5AB3-4DBE-B6C4-B0E289710788}" = lport=10244 | protocol=6 | dir=in | app=system |
"{ADF93163-5768-4F2B-B8B9-20FB0C42EF1F}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFCBDA33-0C63-40D5-BEC5-DBECC207A539}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9F07758-8B05-4506-A3CC-5E6D587AB51D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BA3C1033-8C93-4146-B8D4-4CBFCFA2438C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C16B5224-77E0-41C2-9607-9A48303C3518}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C88DEE39-FC15-440F-A40D-670C4509323D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EA53A215-5879-4F0A-AA0C-494047177B7C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EB676A91-1076-4D74-BA96-DE1AF48420E2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EE802E08-6D76-41EA-9C7D-05DE3E10F353}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F648C420-43C7-40C2-BA1E-563E06A85094}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FAED79B3-60C0-472C-AB95-276B0AF59582}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055ADD3A-B746-4F56-9101-FD78845ABFAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0702B460-AB5F-4C72-933D-7ABFF1DA58DD}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{088A623E-73F6-44DF-8299-1491A1274C0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DC4EE76-35B8-4205-B5C6-26EA8B0C0250}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26605F9C-727E-4CB1-BD20-BC6B5AE90611}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{275AD858-16BE-4F68-A5A6-2421033FFC38}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2AE0AD77-2B31-4E33-93B1-9F1906B80671}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FDCA761-5762-4564-B232-85288F25EFF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{310B1714-0502-41D7-AE1F-05D0B9D4AC1D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{33C8C1E8-5AF2-423B-A03D-CC06A55452E5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4494D78B-3DAC-469E-9813-9EC73D6F6251}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{469D5B22-25B6-4C97-B334-606475316306}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48C16736-79EA-4679-BA13-09AA4792B101}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4B84DC35-EF3B-4457-91E7-1FD9F147816A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5009D7F8-91CC-421B-ADFC-584337B24209}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7747980E-2611-4E36-95FC-C09875977CA3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8156EFBF-471F-4476-AF2C-CFB8F917285F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8524C56D-242D-466D-B709-A5BF060AA60B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8D45D31C-08EF-4411-B708-46F2D61FFDBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A31A0B9-6CB9-4342-9B8E-4D9476371933}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A62A02A5-81C0-4DC9-870B-CCA966B63680}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8734948-51D0-43A1-9404-7043F74727A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6D1CC61-9AF8-4629-907B-D384FB6A1834}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C92AB2EB-1649-497E-915D-1FDE0936BF86}" = protocol=6 | dir=out | app=system |
"{E0A1986D-1ECE-44E9-90E1-2C50A8ACA847}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EC83D8E3-6295-4DAD-94B4-FA3A4953F6F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F923D414-C590-4CE4-AEA3-7D2AE8FD5DB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{117102D7-9C4D-42D4-9CE9-E03CEC2C30A8}C:\users\asus\appdata\local\temp\rar$ex02.656\volley.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\local\temp\rar$ex02.656\volley.exe |
"TCP Query User{6177DE32-0D22-424B-95CC-00C09DD33BE9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B69C3226-6930-4CA3-A98C-AFD3215A6DBC}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{BC83DBDD-346E-4C1C-9661-9EDE6AC95375}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C202A3FC-C4CA-4ABE-84F8-C784B00A12E7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C7A46A8B-7E29-47CA-A76A-DA9BB0BBB425}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{E8376706-6C1C-469A-8151-CFF5EDCE2693}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F566DF68-7521-4812-8634-AA9CE331547C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{76068E8F-FB86-44FA-9512-1109FDAC7F25}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{AAE9874E-A9A4-487A-9676-15F47F690EBF}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{AB6CD25D-67D4-40BA-8547-BFD9A8541788}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B1403A72-CA5E-4B96-8786-BCF7FAF92F5F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BCD86C7D-2262-4D51-BE16-2FD8FAFEE2E9}C:\users\asus\appdata\local\temp\rar$ex02.656\volley.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\local\temp\rar$ex02.656\volley.exe |
"UDP Query User{CCEA40D8-67AB-4270-88A3-1BCF197411E5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E1E08DD3-A524-4B0A-A67B-D162F8FD7413}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E89498BC-A2CD-424D-8D36-9506EA947A01}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{096EB4FC-E110-8426-4295-CE869349527C}" = Catalyst Control Center Localization Turkish
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C7D5C27-49E4-3273-5B83-EE608FFD7FA8}" = Catalyst Control Center Localization Swedish
"{0D37C7F0-2C9B-692C-4657-3A1BDD9F67C8}" = CCC Help French
"{11D9CBD3-17FF-1456-47DA-0817FD09816B}" = CCC Help Spanish
"{18C8C1F6-A36A-A42E-1FB2-D9B3ECF538AD}" = CCC Help Finnish
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28F332E8-7A90-512B-E222-67013949139E}" = ccc-utility
"{29A1D086-A174-485A-1577-ED3E98CEB391}" = Catalyst Control Center Localization Polish
"{29DCE677-70BB-A83C-F7B3-D2E5C31748B9}" = CCC Help Russian
"{2A1598E3-4CB4-545A-A824-F7921E31167E}" = Catalyst Control Center Localization Greek
"{32EC3CBE-4A4A-2BB7-2BB6-F5A49902A6EE}" = Skins
"{336DA7E1-35FC-67C7-2A6A-1E048D661B35}" = Catalyst Control Center Localization Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3BDAD4E1-5A70-E9BF-CA71-05C9DA49040B}" = CCC Help Hungarian
"{3C4DE09E-C4E8-4C89-A438-FF6AB8E9E650}" = OpenOffice.org 2.4
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4583D057-A120-6B48-7BCE-FDFC86556C4C}" = Catalyst Control Center Localization Czech
"{484E9C72-90B3-0E72-69FB-02826E25EDF3}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5D72D0-CDFE-3952-C813-FA2F52FB2C87}" = CCC Help Greek
"{4F5D7C1B-6CB0-F45C-F83E-A1FC98FA2C0B}" = CCC Help Italian
"{54E77B08-4375-4584-7363-ECE88A784013}" = Catalyst Control Center Localization German
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61A55572-0E51-F389-583C-55EBAA4ED575}" = CCC Help Japanese
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{643E1970-324F-474C-8610-55F3F053BC01}" = MouseDriver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{66433C66-28B6-7E2B-9B77-66D10E5E055F}" = CCC Help Polish
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB9A96D-C554-E68F-FD7A-8991C99AA497}" = Catalyst Control Center Graphics Previews Vista
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CF61AF4-F808-9114-E34A-72831AC7660E}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EABC0D-94EB-E569-877E-7BC634A67F0D}" = Catalyst Control Center Localization Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81042C93-7A00-71BC-51E9-768A6F849DA2}" = CCC Help Czech
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86520F07-CEA2-5681-39CA-DF844C659E16}" = CCC Help Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D4BD33B-0429-A9D3-B4B8-68D956F8EE95}" = Catalyst Control Center Localization Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E50189D-A1B3-3929-5D2F-EC405F7C8A3D}" = CCC Help Chinese Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9D38CCB7-DE05-A447-8651-8231BC2656BC}" = Catalyst Control Center Graphics Full New
"{9D77BA02-5C15-BA02-B338-FA9351D4140D}" = CCC Help Turkish
"{9E18CB28-70FE-F6F6-9ED9-A661FF87C1AB}" = ccc-core-static
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A5D74142-6C1B-5CE3-0D76-A41504FBDC47}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA7D6DB6-9D3F-4CB9-31C0-B4794E0D75D5}" = Catalyst Control Center Localization Danish
"{AB75B59E-07C8-084F-5C7F-E3567ABB4248}" = Catalyst Control Center Localization Japanese
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE6370D7-4926-E5C2-705C-9B98B4600C09}" = CCC Help German
"{B1DA213E-4EE2-19F4-277E-81C0E0487076}" = CCC Help Chinese Traditional
"{B85A4462-E53C-932E-42EF-2506755EC9A1}" = Catalyst Control Center Localization Thai
"{BE426BC1-F401-1E0A-1334-FED883491077}" = Catalyst Control Center InstallProxy
"{BEDB89F5-DF1A-D1E3-A99F-8E64C3BFB934}" = CCC Help Korean
"{BFD373DA-A54D-C040-AD6C-3A1A7FFDA880}" = Catalyst Control Center Localization Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E314F1-A53F-D3D7-D7C2-7D0345D6C5D6}" = Catalyst Control Center Graphics Previews Common
"{CBCF8E27-A027-CBBD-0F01-58DB1D0E8CF1}" = Catalyst Control Center Localization Chinese Standard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE560B9B-2991-FE0A-3A78-E053CF94B3DC}" = Catalyst Control Center Localization Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5E038B-B6FF-A325-A448-1A02AF57340A}" = CCC Help Portuguese
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D1F23CD0-D2B0-FEA3-E015-2F50BC64B1F4}" = Catalyst Control Center Graphics Full Existing
"{D3224046-1642-9CA4-0908-86EA5F76EBDC}" = Catalyst Control Center Localization Portuguese
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D700ADD4-F389-3EE6-9B9E-2EEFF23B68A2}" = Catalyst Control Center Localization French
"{D7DACC88-5011-78D1-5AB8-8967AC37C190}" = Catalyst Control Center Localization Hungarian
"{DA96BC7A-8208-73CB-CDFB-6B07CC6033D5}" = Catalyst Control Center Localization Finnish
"{DB1384E7-B98E-7482-4FF5-401A8F852D84}" = CCC Help Thai
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B05228-9CC4-2702-E106-76D70B4BDDFA}" = Catalyst Control Center Core Implementation
"{E1EC5742-3B54-3E4A-3EEA-DA779ED38FE1}" = CCC Help Norwegian
"{E3A5DDF7-17BD-43F1-9EBA-BB136EEB17DC}" = Catalyst Control Center - Branding
"{E635F30D-FA08-C46B-0BB8-903A1EA04342}" = Catalyst Control Center Graphics Light
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC977620-330D-EC0B-A937-EEFF183AE912}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F596720A-C838-3830-703A-5B3906E277AB}" = Catalyst Control Center Localization Korean
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F99A4B91-B160-B60D-876E-0CF895E15E06}" = Catalyst Control Center Localization Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-985781421-3582190388-3317434361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.0.0
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.04.2011 21:24:41 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.04.2011 21:31:21 | Computer Name = ASUS-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 17.04.2011 09:24:15 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.04.2011 13:05:01 | Computer Name = ASUS-PC | Source = Windows Backup | ID = 4104
Description =
Error - 18.04.2011 07:21:33 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.04.2011 10:19:42 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.04.2011 12:59:21 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2011 01:17:38 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2011 13:09:34 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.04.2011 01:22:59 | Computer Name = ASUS-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 01.11.2010 12:50:00 | Computer Name = ASUS-PC | Source = Mcx2Dvcs | ID = 401
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- --- |
