| |
| |||||||
Log-Analyse und Auswertung: Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100%Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
09.08.2010, 14:11
| #1 |
 |  Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% Hallo, seit circa 1 Woche läuft mein Laptop sehr langsam. Anfangs dachte ich ein bestimmter Prozess wäre dafür verantwortlich, allerdings stellte sich heraus, dass immer verschiedene Prozesse die hohe Auslastung verursachen. Habe ich z.B. ein Programm geöffnet, dann hat dies an die 30% CPU-Auslastung. Laufen keine Programme im Vordergrund, haben andere Programme wie explorer.exe oder svchost.exe die hohe Auslastung. Dadurch ist die CPU-Auslastung stehts an die 100%. Durch das Ausmisten der Autostart-Programme ist das ganze ein kleines bisschen besser geworden. Ich habe bereits auch CCleaner und Malwarebytes' Anti-Malware verwendet. Außerdem habe ich mit Windows defragmentiert, bereinigt, Anti-Vir und SUPERAntiSpyware versucht des Rätsels Lösung zu finden. Außerdem hat mein Laptop öfters Probleme zu booten und schafft es immer nur in 50% aller Versuche. Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4331 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 20.07.2010 20:59:40 mbam-log-2010-07-20 (20-59-40).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 132382 Laufzeit: 58 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:54:28, on 09.08.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Windows\System32\mobsync.exe C:\Program Files\Defraggler\Defraggler.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\***\Downloads\RSIT.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Security Task Manager\TaskMan.exe C:\Users\***\Downloads\HiJackThis204.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Cacheman Service (CachemanService) - Unknown owner - C:\Program Files\Cacheman\CachemanServ.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - Unknown owner - C:\Windows\system\regsrv.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 2333 bytes Ich versuche gerade mit Piriform-Defraggler nocheinmal zu defragmentieren und random's system information zu starten. Vielen Dank schon einmal für die Hilfe! |
|
09.08.2010, 14:49
| #2 |
| /// Malware-holic   | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% hast du schon mal was von updates gehört? gibt ja bereits vista sp2 und du hast keines :-)
__________________ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. |
|
09.08.2010, 16:11
| #3 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 09.08.2010 15:55:11 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Naoki\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
25,00 Gb Paging File | 24,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 12,87 Gb Free Space | 17,28% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 86,66 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive E: | 583,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 73,06 Gb Total Space | 40,28 Gb Free Space | 55,13% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAX-PC
Current User Name: Naoki
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_USERS\S-1-5-21-2266231082-1302614013-3308413011-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C6CE8F-8512-41A9-A51B-FA4AA1007E50}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{17E7FF0C-4AB9-493E-A31B-ECF07CE4AA4B}" = rport=138 | protocol=17 | dir=out | app=system |
"{30F46C05-70C7-4D9E-A878-D55ADFAABD19}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{5A73F4E3-FC4E-444C-8201-98EB657894D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62D1BFF1-C2EC-48DB-967D-1F8845E56B22}" = rport=137 | protocol=17 | dir=out | app=system |
"{66CF3A7D-8CDE-4AE5-BD6C-43DCF8A7F9B4}" = lport=138 | protocol=17 | dir=in | app=system |
"{72F54026-E374-40CE-A96A-F7BD4A5C0687}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8E0E1C9F-A676-4554-9B08-D646485C588D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93B9F60F-1E88-42EB-B8B0-F7A4AA212601}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FBE1A69-4EB2-4E0D-AA6C-123E509B3797}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A1A2D6C6-BA62-4AA0-BDD8-817CA99996F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ADE43758-0AC3-4D4C-8D32-FA7B6C0A9C06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0EB4C9B-7B34-4AA6-A7E0-C54E853D128D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BE48A24F-C505-4D32-A6A8-138686AEE661}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF65B3B1-5888-42DC-83EE-ACE21966B445}" = lport=445 | protocol=6 | dir=in | app=system |
"{BF6B46DC-0D0A-4878-BD2D-6C36D6DB0F44}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C362D4C8-28E3-40AC-991D-554CB9F9E767}" = rport=139 | protocol=6 | dir=out | app=system |
"{C8F04785-9662-4410-97B3-DD4F1ED921DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D539F1EE-C0D6-4286-B313-CDBA5AC004B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7396791-C7FF-47AE-8D16-68F5010B0163}" = rport=445 | protocol=6 | dir=out | app=system |
"{FDDB6752-AE30-45E1-AFC7-694B1A4977E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018000EA-4FF3-4AD2-A7CF-BA43D0031CBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{028CEBF4-52EB-464E-91A9-8F1DB327A653}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{08A07B02-7F8F-4D9E-A398-23BE5B3E5AFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C688B4E-005E-4051-93DC-129414EB34A6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0F174E80-039F-4B78-B4F0-1145945E10A4}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{14591DDA-6173-49CB-B221-7389176FD7B5}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{16EA0F34-6720-44B2-836B-717AEDF6E947}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{17206CD7-C3FF-4D84-AFD5-CCAE70B6EA0E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1B46EF90-4942-4ECF-9F34-049CD90FD59D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B5D9DCF-C2E1-4A2A-B32C-B366FF1079AD}" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"{1F00BDE1-81C8-4873-8DCF-E7CEEF0E72AD}" = protocol=17 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{22E12B2C-956E-4629-A9FD-CE1A72164400}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2F93EB97-A11D-4A11-97BA-9CFAEAA5E50B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3C7BA5E5-BB15-457A-8B40-787395011AF6}" = protocol=6 | dir=in | app=f:\gpgnet\gpg.multiplayer.client.exe |
"{3F955648-CCD9-4C16-975D-B8D77FF0FC62}" = protocol=6 | dir=in | app=f:\world of warcraft\backgrounddownloader.exe |
"{408E0AC7-1942-43A6-9D9F-9D98B2E1487D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4321D155-33FA-458C-8EF8-AC61A7CC2D25}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 2004\system\ut2004.exe |
"{49FFFF25-EFD5-40FE-B185-C46778BD451A}" = protocol=17 | dir=in | app=f:\supreme\gpgnet\gpg.multiplayer.client.exe |
"{51E42527-DC79-47B3-9D57-EDA4E220068B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{54E9763E-53D1-4E93-8C86-108CB0BE4732}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{5A8995EA-6D2C-4365-B05C-19A3BD0E27A4}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{5D6210A9-0AB1-44FD-BA80-A1B1120EE3D3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5F6706B1-9288-4781-90A3-2258A592F18C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{609C9577-9E68-41A6-AC5D-9B09C973C534}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{652FC748-C55C-4537-9069-0A48D2F073F4}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{79138CB7-ABE5-4861-9C5D-EF2E2E5A34B8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{806E088A-B247-4643-9518-523C4E808DFC}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8328F8DD-CAF0-4B7E-ADCA-341324EA8B61}" = protocol=17 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{8725813B-1E32-45B3-817D-41CD197AFE60}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8CED7F4A-107A-4232-94A0-5FFF0FD17939}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{96A4AA7F-C294-4C96-B4BE-9CCEB8B52F5C}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{978960AB-4B23-4B3E-BE53-CD92E2F6D5DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{980992ED-4BB9-4FA6-8D7C-5B36AB496BA2}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 2004\system\ut2004.exe |
"{A03684C6-1E87-4AB3-96DC-00C5DF5400AB}" = protocol=6 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{A0AD4537-63F1-4898-A098-4A1A43BBBB5B}" = protocol=6 | dir=in | app=f:\supreme\gpgnet\gpg.multiplayer.client.exe |
"{A0DB4B47-B444-4B77-AA5D-ABDA6A173332}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A12718F9-968C-4F91-9EC6-9C56D94E8400}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{A1A7E5DD-9959-4089-ACFE-D24950372871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A36A8942-6682-40DF-A5F4-14F206B2A922}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{AA53F1EC-C2AF-4D94-8435-ACFDF83A4181}" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"{AA6211CB-E72B-47FB-BDAC-98150A6B6F12}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BB230A0F-9EF1-4C85-B6CF-2EBCD5F3BAB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BBC354FB-707E-4DE8-91B0-17C865C6F2E3}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{BC1BA202-C02D-4500-8DAA-9A31399BA8F8}" = protocol=17 | dir=in | app=f:\gpgnet\gpg.multiplayer.client.exe |
"{C247910B-E7CE-4933-ACCF-08FD8E95609B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C24DCF20-ECFE-4845-A46B-26EF0D3FFA20}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C3B1CE3C-F4EE-4303-82EC-823F3CD74CB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5D149F6-1AEB-4EB7-8487-6DF560E70E62}" = protocol=6 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{C7648C52-0105-4F27-B09F-BEB2576F4108}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CDE2DA4C-C91D-4FE1-A92D-56115B9359BC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CDFCBA83-EE61-4368-B8A6-2569AEC9D54C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{D184AA0F-6D01-42BD-9F34-834C5CDA1BD5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D3DCF893-C165-4EF9-96B6-1CDD594934AC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{D563E08F-EA07-4695-AE18-F57F8B461FC6}" = protocol=17 | dir=in | app=f:\world of warcraft\backgrounddownloader.exe |
"{D85BD07E-A6AA-4FA3-9487-3AD2663C29BB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8707D1C-065B-4E0E-8D1E-1B102946C426}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC029B63-E5DB-4AD6-A738-6571968A5563}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E0CFDC4E-0FF9-460D-8DAC-889A66FE0959}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E76F7CC9-7D52-48E0-995F-C2FAE89E1382}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{FF49D8E8-7AF4-45EB-9256-CD108EBE9279}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1A36EA21-BAC1-4E20-BC0E-0CE013FDCEBA}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{20028D3D-ED76-4D28-A5F7-6E4450502655}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe |
"TCP Query User{20961130-17F0-4341-9FB5-9883BBEC8FBD}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{24FE7EB5-0B54-40C1-AD9E-3599EDF7D2EF}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{268DAD2C-6315-4CEA-81EE-07BD02639307}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{4A44A119-C9F1-4461-B90F-4A0E8FFA59EA}C:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"TCP Query User{503464E3-9DF6-4C6B-A504-F40547425BFB}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{551B17A9-4796-4251-A3CC-6F09AA21D8E4}F:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe |
"TCP Query User{5B73BA5D-FD5A-4F79-A44D-A78251815DB6}C:\users\naoki\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\naoki\program files\dna\btdna.exe |
"TCP Query User{673B5E01-9BFC-4578-A1AE-5F4A3600AFF9}C:\program files\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
"TCP Query User{70FE54D6-B6E1-4ACC-B361-045A54C11304}C:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=6 | dir=in | app=c:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe |
"TCP Query User{8635DA01-BF85-4DA6-ABF3-980213FB919E}D:\tactical ops\system\tacticalops.exe" = protocol=6 | dir=in | app=d:\tactical ops\system\tacticalops.exe |
"TCP Query User{C2CDA1DB-15A4-4640-8662-99A99566D8F8}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"TCP Query User{E019ECF8-4251-4E92-806C-937A8C065E81}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{EBAE0A41-CAAF-4185-81DA-6BE905F6B694}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F3FF48D2-08B4-418B-A6CF-58AB729056A8}F:\call of duty\codmp.exe" = protocol=6 | dir=in | app=f:\call of duty\codmp.exe |
"TCP Query User{F580B1BA-C6AE-4746-B365-041AC6CBD57C}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{0859FDD1-A1B9-4989-9F6B-10A367EBFE4A}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{0B959D5B-535D-4499-A094-984784C7482B}C:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=17 | dir=in | app=c:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe |
"UDP Query User{24C4C46D-7442-486F-BE37-81A4B23A07AE}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{325C622E-8DBF-4344-BF20-B652A07D4BB6}F:\call of duty\codmp.exe" = protocol=17 | dir=in | app=f:\call of duty\codmp.exe |
"UDP Query User{341FD8AC-2E62-4E89-AF97-984FBBE517F2}C:\program files\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
"UDP Query User{7350E36D-F8FC-4880-B922-F1E053B78383}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{A9D1B9A8-EB96-45D1-85D2-12E170AF616A}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"UDP Query User{B3B530A2-1048-43E3-9CFB-F37E4EBD0A47}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{B9E4A308-A4A9-4A52-BB95-E402143FA12E}C:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\naoki\documents\downloads\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"UDP Query User{BCB80C7E-0D13-40CA-9055-A7D6E5CEB00B}F:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe |
"UDP Query User{DC068176-3B1F-4BD3-8F2D-B6A4FD16DF4D}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe |
"UDP Query User{DC7371E7-D56D-49FA-BFED-470B97182466}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{DCB0EAE0-37AD-4E32-A3B6-F7621875A512}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{E3903471-3C09-4DDC-8D50-77C7F7508D5F}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{E7176E9E-43CE-401B-80DF-528CBB8F7BBA}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{EE2F61CF-7290-4B35-BBE3-A7ABFB65DAA5}C:\users\naoki\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\naoki\program files\dna\btdna.exe |
"UDP Query User{FF6ED71E-9E93-4948-8DE3-1E210810406B}D:\tactical ops\system\tacticalops.exe" = protocol=17 | dir=in | app=d:\tactical ops\system\tacticalops.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B14B0C3-2D60-477C-A1FE-B88E60948854}" = OpenOffice.org 2.4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE12677C-F7D2-45A8-BBF9-0FC0B972EDC3}" = League of Legends
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AhnLab Online Security" = AhnLab Online Security
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"ImgBurn" = ImgBurn
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"RealAlt_is1" = Real Alternative 1.9.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.04.2010 17:14:02 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7582
Error - 13.04.2010 17:14:03 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.04.2010 17:14:04 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8580
Error - 13.04.2010 17:14:04 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8580
Error - 13.04.2010 17:14:05 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.04.2010 17:14:05 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10796
Error - 13.04.2010 17:14:05 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10796
Error - 13.04.2010 17:14:06 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.04.2010 17:14:06 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11856
Error - 13.04.2010 17:14:06 | Computer Name = Max-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11856
[ Media Center Events ]
Error - 12.11.2008 13:19:30 | Computer Name = Max-Pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 25.01.2009 13:36:00 | Computer Name = Max-Pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 09.08.2010 08:27:00 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 08:27:00 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 08:27:01 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 08:27:02 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 09:08:08 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 09:08:09 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 09:08:09 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 09:08:10 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 09:40:35 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
Error - 09.08.2010 09:40:37 | Computer Name = Max-Pc | Source = Service Control Manager | ID = 7001
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2010 15:55:11 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Naoki\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 25,00 Gb Paging File | 24,00 Gb Available in Paging File | 95,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 12,87 Gb Free Space | 17,28% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 86,66 Gb Free Space | 58,14% Space Free | Partition Type: NTFS Drive E: | 583,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 73,06 Gb Total Space | 40,28 Gb Free Space | 55,13% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAX-PC Current User Name: Naoki Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Naoki\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Defraggler\Defraggler.exe (Piriform Ltd) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Naoki\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WinHttpAutoProxySvc) -- File not found SRV - (PnkBstrB) -- C:\Windows\System32\PnkBstrB.exe File not found SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe File not found SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found SRV - (FLEXnet Licensing Manager) -- C:\Windows\system\regsrv.exe File not found SRV - (CachemanService) -- C:\Program Files\Cacheman\CachemanServ.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File not found SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (npkcrypt) -- C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys File not found DRV - (lredbooo) -- C:\Users\Naoki\AppData\Local\Temp\lredbooo.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GarenaPEngine) -- C:\Users\Naoki\AppData\Local\Temp\YGY8601.tmp File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nocashio) -- C:\Windows\System32\drivers\nocashio.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (Mkd2kfNt) -- C:\Windows\System32\drivers\Mkd2kfNT.sys (AhnLab, Inc.) DRV - (Mkd2Nadr) -- C:\Windows\System32\drivers\Mkd2Nadr.sys (AhnLab, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2266231082-1302614013-3308413011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-2266231082-1302614013-3308413011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2266231082-1302614013-3308413011-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.12 23:09:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.12 23:09:03 | 000,000,000 | ---D | M] [2008.11.23 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Mozilla\Extensions [2009.10.30 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Mozilla\Firefox\Profiles\sgfol3m9.Naoki\extensions [2009.10.03 14:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Naoki\AppData\Roaming\Mozilla\Firefox\Profiles\sgfol3m9.Naoki\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.30 16:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.09.28 22:17:16 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009.03.09 18:37:50 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.03.09 18:37:50 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.03.09 18:37:50 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.03.09 18:37:50 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.03.09 18:37:50 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.09 14:22:15 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Naoki\Pictures\%d8%a7%d9%8a%d9%88%d8%a8_bellmare.bmp O24 - Desktop BackupWallPaper: C:\Users\Naoki\Pictures\%d8%a7%d9%8a%d9%88%d8%a8_bellmare.bmp O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2002.03.26 03:03:42 | 000,024,576 | R--- | M] () - E:\AutoRunMorrowind.exe -- [ CDFS ] O32 - AutoRun File - [2002.04.04 03:12:04 | 000,000,150 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0bc8f57e-6e81-11de-939d-001eec01cf73}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{6224d762-90d3-11df-b89e-001eec01cf73}\Shell - "" = AutoRun O33 - MountPoints2\{6224d762-90d3-11df-b89e-001eec01cf73}\Shell\AutoRun\command - "" = H:\ANNOfinder.exe -- File not found O33 - MountPoints2\{a14661ba-1e1d-11df-886a-001eec01cf73}\Shell - "" = AutoRun O33 - MountPoints2\{a14661ba-1e1d-11df-886a-001eec01cf73}\Shell\AutoRun\command - "" = E:\AutoRunMorrowind.exe -- [2002.03.26 03:03:42 | 000,024,576 | R--- | M] () O33 - MountPoints2\{a14661ba-1e1d-11df-886a-001eec01cf73}\Shell\install\command - "" = E:\Setup.exe -- [2001.09.05 10:23:24 | 000,056,320 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: ciphient - (C:\Windows\system32\mrt_isv.dll) - C:\Windows\System32\mrt_isv.dll File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: Monitor - hkey= - key= - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NDSTray.exe - hkey= - key= - File not found MsConfig - StartUpReg: PAC207_Monitor - hkey= - key= - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - File not found MsConfig - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: TOSCDSPD - hkey= - key= - File not found MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: aux - wdmaud.drv File not found Drivers32: aux1 - wdmaud.drv File not found Drivers32: aux2 - wdmaud.drv File not found Drivers32: aux3 - wdmaud.drv File not found Drivers32: midi - wdmaud.drv File not found Drivers32: midi1 - wdmaud.drv File not found Drivers32: midi2 - wdmaud.drv File not found Drivers32: midi3 - wdmaud.drv File not found Drivers32: midimapper - midimap.dll File not found Drivers32: mixer - wdmaud.drv File not found Drivers32: mixer1 - wdmaud.drv File not found Drivers32: mixer2 - wdmaud.drv File not found Drivers32: mixer3 - wdmaud.drv File not found Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.imaadpcm - imaadp32.acm File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm File not found Drivers32: msacm.msaudio1 - msaud32.acm File not found Drivers32: msacm.msg711 - msg711.acm File not found Drivers32: msacm.msgsm610 - msgsm32.acm File not found Drivers32: msacm.siren - sirenacm.dll File not found Drivers32: msacm.vorbis - vorbis.acm File not found Drivers32: MSVideo - vfwwdm32.dll File not found Drivers32: MSVideo8 - VfWWDM32.dll File not found Drivers32: vidc.cvid - iccvid.dll File not found Drivers32: VIDC.I420 - i420vfw.dll File not found Drivers32: VIDC.IV41 - IR41_32.AX File not found Drivers32: VIDC.IYUV - iyuv_32.dll File not found Drivers32: vidc.mrle - msrle32.dll File not found Drivers32: vidc.msvc - msvidc32.dll File not found Drivers32: VIDC.UYVY - msyuv.dll File not found Drivers32: VIDC.YUY2 - msyuv.dll File not found Drivers32: VIDC.YVU9 - tsbyuv.dll File not found Drivers32: VIDC.YVYU - msyuv.dll File not found Drivers32: wave - wdmaud.drv File not found Drivers32: wave1 - wdmaud.drv File not found Drivers32: wave2 - wdmaud.drv File not found Drivers32: wave3 - wdmaud.drv File not found Drivers32: wavemapper - msacm32.drv File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.08.09 14:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.08.09 14:26:59 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.09 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Roaming\ImgBurn [2010.08.09 13:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2010.08.09 13:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean [2010.08.09 12:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2010.08.09 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Roaming\SUPERAntiSpyware.com [2010.08.09 09:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.08.09 09:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010.07.31 12:46:46 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING.DLL [2010.07.31 12:46:46 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WAVMIX16.DLL [2010.07.31 12:46:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING32.DLL [2010.07.30 19:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010.07.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.07.30 17:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.07.20 19:30:08 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Roaming\Malwarebytes [2010.07.20 19:28:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.20 19:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.20 19:28:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.20 19:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.20 16:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.07.20 16:41:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.20 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2010.07.16 18:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\1503 AD [2010.07.16 15:40:27 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Local\Google [2010.07.16 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010.07.16 15:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.07.16 15:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.15 19:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS [2010.07.10 23:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.09 15:54:27 | 004,456,448 | -HS- | M] () -- C:\Users\Naoki\ntuser.dat [2010.08.09 15:44:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.09 15:44:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.09 15:26:03 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 15:26:03 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 15:08:19 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E61C761D-A6AA-4E50-BBDF-AD7C299B71A8}.job [2010.08.09 14:22:15 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.08.09 12:55:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.09 11:25:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.09 11:11:47 | 003,739,707 | -H-- | M] () -- C:\Users\Naoki\AppData\Local\IconCache.db [2010.08.01 08:46:54 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.01 02:10:09 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.01 02:10:09 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.01 02:10:09 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.01 02:10:09 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.01 02:10:08 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.31 00:18:57 | 000,001,356 | ---- | M] () -- C:\Users\Naoki\AppData\Local\d3d9caps.dat [2010.07.30 17:57:08 | 000,005,132 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175706.reg [2010.07.30 17:56:51 | 000,003,310 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175648.reg [2010.07.30 17:56:30 | 000,014,908 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175625.reg [2010.07.30 17:55:49 | 000,321,976 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175511.reg [2010.07.20 21:49:50 | 000,000,384 | ---- | M] () -- C:\Windows\win.ini [2010.07.20 21:34:20 | 000,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache [2010.07.18 12:26:47 | 000,000,578 | ---- | M] () -- C:\Windows\eReg.dat [2010.07.16 15:43:40 | 000,001,954 | ---- | M] () -- C:\Users\Naoki\Desktop\Google Chrome.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.30 17:57:07 | 000,005,132 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175706.reg [2010.07.30 17:56:50 | 000,003,310 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175648.reg [2010.07.30 17:56:27 | 000,014,908 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175625.reg [2010.07.30 17:55:16 | 000,321,976 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175511.reg [2010.07.20 21:34:20 | 000,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache [2010.07.16 18:47:35 | 000,000,578 | ---- | C] () -- C:\Windows\eReg.dat [2010.07.16 15:43:40 | 000,001,954 | ---- | C] () -- C:\Users\Naoki\Desktop\Google Chrome.lnk [2010.07.16 15:40:51 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.16 15:40:48 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.25 21:17:37 | 000,002,645 | ---- | C] () -- C:\Windows\WAVEMIX.INI [2010.04.04 00:46:51 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.02.05 23:48:47 | 000,000,136 | ---- | C] () -- C:\Windows\wininit.ini [2010.01.03 20:02:40 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.23 15:29:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.12.18 23:50:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.02 19:57:16 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys [2009.11.02 13:50:28 | 000,000,048 | ---- | C] () -- C:\Windows\Alternity.INI [2009.11.02 13:49:30 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.10.18 00:17:38 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.18 00:17:37 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.10 02:30:02 | 000,000,077 | ---- | C] () -- C:\Windows\MemoDvx.INI [2009.07.24 21:53:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll [2009.06.01 18:25:44 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2008.12.21 22:20:45 | 000,138,512 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.07.10 16:03:57 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008.07.02 18:13:18 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008.07.02 18:13:18 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008.07.02 18:13:18 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.06.05 15:47:37 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.06.05 15:47:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.05.12 15:04:18 | 000,000,320 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.04.17 13:53:06 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.04.16 08:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.16 08:12:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.04.16 08:12:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.04.16 08:12:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.04.16 08:12:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.04.16 08:12:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.04.16 08:12:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.04.16 07:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.04.16 07:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.04.16 07:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.04.16 07:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.04.16 07:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll [2006.11.24 07:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.05.27 09:32:52 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys [2005.05.27 09:10:26 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2010.02.17 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\BinaryStudios [2010.01.03 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\DAEMON Tools Lite [2010.06.02 14:15:34 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Downloaded Installations [2009.12.15 22:56:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\EVEMon [2010.02.18 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\FOG Downloader [2009.09.28 22:17:25 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Foxit [2010.08.09 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\ImgBurn [2008.07.18 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\LimeWire [2010.05.14 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\LolClient [2009.11.06 02:28:47 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2009.04.26 15:21:25 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\My Games [2008.06.27 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Nokia [2008.06.27 19:26:17 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Nokia Multimedia Player [2010.05.02 00:24:15 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Opera [2008.06.08 15:45:43 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\PC Suite [2009.07.28 01:20:43 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Petroglyph [2010.04.17 14:58:33 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\SynthMaker [2009.06.01 18:27:03 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Toshiba [2010.08.08 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\uTorrent [2009.10.04 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1 [2010.04.03 19:09:06 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\VistaAudio [2010.08.09 11:12:16 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.09 15:08:19 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E61C761D-A6AA-4E50-BBDF-AD7C299B71A8}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.10.04 19:47:53 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Adobe [2008.05.13 19:15:22 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\AdobeUM [2010.07.31 11:15:37 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Apple Computer [2010.02.17 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\BinaryStudios [2010.01.03 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\DAEMON Tools Lite [2010.06.02 14:15:34 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Downloaded Installations [2009.12.15 22:56:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\EVEMon [2010.02.18 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\FOG Downloader [2009.09.28 22:17:25 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Foxit [2008.05.10 18:22:34 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Identities [2010.08.09 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\ImgBurn [2008.05.10 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\InstallShield [2008.07.18 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\LimeWire [2010.05.14 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\LolClient [2009.11.06 02:28:47 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2008.05.10 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Macromedia [2010.07.20 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Media Center Programs [2010.07.30 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Media Player Classic [2010.07.20 19:17:56 | 000,000,000 | --SD | M] -- C:\Users\Naoki\AppData\Roaming\Microsoft [2010.02.20 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Microsoft Games [2008.11.23 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Mozilla [2009.04.26 15:21:25 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\My Games [2008.06.27 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Nokia [2008.06.27 19:26:17 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Nokia Multimedia Player [2010.07.06 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\OpenOffice.org2 [2010.05.02 00:24:15 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Opera [2008.06.08 15:45:43 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\PC Suite [2009.07.28 01:20:43 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Petroglyph [2010.01.01 04:24:56 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Real [2010.06.28 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Skype [2010.06.28 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\skypePM [2010.08.09 09:35:20 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\SUPERAntiSpyware.com [2010.04.17 14:58:33 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\SynthMaker [2009.06.01 18:27:03 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\Toshiba [2010.08.08 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\uTorrent [2009.10.04 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1 [2010.04.03 19:09:06 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\VistaAudio [2008.06.10 22:27:41 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\vlc [2008.05.20 18:47:44 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.24 14:19:43 | 000,038,784 | ---- | M] () -- C:\Users\Naoki\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.05.11 00:17:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2008.05.11 00:17:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.05.11 00:17:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.05.11 00:17:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.02.12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.02.12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007.02.12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys [2007.02.12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys [2007.02.12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.02.12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: KR10N.SYS > [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\drivers\KR10N.sys [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_95888b8d\KR10N.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2008.05.10 19:47:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.05.10 19:47:05 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.05.10 19:47:05 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.01.03 20:02:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2007.04.13 12:11:59 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.04.13 12:11:57 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.04.13 12:11:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.04.13 12:12:07 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.04.13 12:12:08 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.05.11 00:12:26 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 14 bytes -> C:\Windows\system.ini:c1_encryption_d < End of report > |
|
09.08.2010, 16:14
| #4 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% Dazu noch die Logfiles von random's system information: info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-09 14:27:21
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
AhnLab Online Security-->C:\Program Files\AhnLab\ASP\Common\aosremove.exe
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x7
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.99\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hitman 2: Silent Assassin-->C:\PROGRA~1\EIDOSI~1\HITMAN~1\UNWISE.EXE C:\PROGRA~1\EIDOSI~1\HITMAN~1\INSTALL.LOG
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Magical Jelly Bean KeyFinder-->"C:\Program Files\Magical Jelly Bean\unins000.exe"
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Program Files\MAGIX\Online_Druck_Service\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Morrowind-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
OpenOffice.org 2.4-->MsiExec.exe /I{1B14B0C3-2D60-477C-A1FE-B88E60948854}
Opera 10.54-->MsiExec.exe /X{C441297F-C9F2-4177-9D5F-1B10F0358E32}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab for Intel-->MsiExec.exe /I{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Systemsteuerung "MobileMe"-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x7
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: Avira AntiVir PersonalEdition
AS: Windows-Defender
AS: SUPERAntiSpyware
======System event log======
Computer Name: Max-Pc
Event Code: 7001
Message: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Record Number: 231954
Source Name: Service Control Manager
Time Written: 20100809122700.000000-000
Event Type: Fehler
User:
Computer Name: Max-Pc
Event Code: 7001
Message: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Record Number: 231955
Source Name: Service Control Manager
Time Written: 20100809122700.000000-000
Event Type: Fehler
User:
Computer Name: Max-Pc
Event Code: 7001
Message: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Record Number: 231956
Source Name: Service Control Manager
Time Written: 20100809122700.000000-000
Event Type: Fehler
User:
Computer Name: Max-Pc
Event Code: 7001
Message: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Record Number: 231957
Source Name: Service Control Manager
Time Written: 20100809122701.000000-000
Event Type: Fehler
User:
Computer Name: Max-Pc
Event Code: 7001
Message: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Record Number: 231958
Source Name: Service Control Manager
Time Written: 20100809122702.000000-000
Event Type: Fehler
User:
=====Application event log=====
Computer Name: Max-Pc
Event Code: 9010
Message: Ein Prozess (Morrowind) hat eine Anforderung zum Deaktivieren des Desktopfenster-Managers gestellt.
Record Number: 60780
Source Name: Desktop Window Manager
Time Written: 20100809121754.000000-000
Event Type: Informationen
User:
Computer Name: Max-Pc
Event Code: 9003
Message: Der Desktopfenster-Manager konnte nicht gestartet werden, da kein zusammengestelltes Design verwendet wird.
Record Number: 60781
Source Name: Desktop Window Manager
Time Written: 20100809121754.000000-000
Event Type: Informationen
User:
Computer Name: Max-Pc
Event Code: 9013
Message: Der Desktopfenster-Manager konnte nicht gestartet werden, da die Zusammenstellung durch eine Anwendung, die momentan ausgeführt wird, deaktiviert wurde.
Record Number: 60782
Source Name: Desktop Window Manager
Time Written: 20100809121754.000000-000
Event Type: Informationen
User:
Computer Name: Max-Pc
Event Code: 9003
Message: Der Desktopfenster-Manager konnte nicht gestartet werden, da kein zusammengestelltes Design verwendet wird.
Record Number: 60783
Source Name: Desktop Window Manager
Time Written: 20100809121832.000000-000
Event Type: Informationen
User:
Computer Name: Max-Pc
Event Code: 9013
Message: Der Desktopfenster-Manager konnte nicht gestartet werden, da die Zusammenstellung durch eine Anwendung, die momentan ausgeführt wird, deaktiviert wurde.
Record Number: 60784
Source Name: Desktop Window Manager
Time Written: 20100809121832.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: Max-Pc
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 51748
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100809101254.943262-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Max-Pc
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys
Record Number: 51749
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100809101926.776262-000
Event Type: Überwachung gescheitert
User:
Computer Name: Max-Pc
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MAX-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x28c
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 51750
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100809112731.827462-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Max-Pc
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MAX-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x28c
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 51751
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100809112731.827462-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Max-Pc
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 51752
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100809112731.827462-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
-----------------EOF-----------------
RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Naoki at 2010-08-09 14:26:59 Microsoft® Windows Vista™ Home Premium System drive C: has 15 GB (19%) free of 76 GB Total RAM: 2038 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:27:08, on 09.08.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Windows\System32\mobsync.exe C:\Program Files\Defraggler\Defraggler.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Naoki\Downloads\RSIT.exe C:\Program Files\trend micro\Naoki.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Cacheman Service (CachemanService) - Unknown owner - C:\Program Files\Cacheman\CachemanServ.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - Unknown owner - C:\Windows\system\regsrv.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 2244 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{E61C761D-A6AA-4E50-BBDF-AD7C299B71A8}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\Windows\system32\hkcmd.exe [2008-06-12 166424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2006-11-01 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\Windows\system32\igfxtray.exe [2008-06-12 141848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] NDSTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\Windows\system32\igfxpers.exe [2008-06-12 133656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] RtHDVCpl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-14 857648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] TOSCDSPD.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-19 411768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] igfxdev.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-08-09 14:27:00 ----D---- C:\Program Files\trend micro 2010-08-09 14:26:59 ----D---- C:\rsit 2010-08-09 13:54:16 ----D---- C:\Users\Naoki\AppData\Roaming\ImgBurn 2010-08-09 13:44:02 ----D---- C:\Program Files\ImgBurn 2010-08-09 13:31:02 ----D---- C:\Program Files\Magical Jelly Bean 2010-08-09 12:57:16 ----D---- C:\Program Files\Defraggler 2010-08-09 09:35:20 ----D---- C:\Users\Naoki\AppData\Roaming\SUPERAntiSpyware.com 2010-08-09 09:35:20 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2010-08-09 09:35:16 ----D---- C:\Program Files\SUPERAntiSpyware 2010-07-31 12:46:46 ----A---- C:\Windows\system32\WING32.DLL 2010-07-31 12:46:46 ----A---- C:\Windows\system32\WING.DLL 2010-07-31 12:46:46 ----A---- C:\Windows\system32\WAVMIX16.DLL 2010-07-30 19:26:30 ----D---- C:\Program Files\DAEMON Tools Lite 2010-07-30 17:58:22 ----D---- C:\Windows\pss 2010-07-30 17:44:50 ----D---- C:\Program Files\CCleaner 2010-07-20 19:30:08 ----D---- C:\Users\Naoki\AppData\Roaming\Malwarebytes 2010-07-20 19:28:57 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-07-20 19:28:35 ----D---- C:\ProgramData\Malwarebytes 2010-07-20 19:28:33 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-07-20 19:28:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-07-20 16:42:13 ----D---- C:\ProgramData\SecTaskMan 2010-07-20 16:41:48 ----SHD---- C:\Config.Msi 2010-07-20 16:41:33 ----D---- C:\Program Files\Security Task Manager 2010-07-16 18:39:30 ----D---- C:\Program Files\1503 AD 2010-07-16 15:40:24 ----D---- C:\Program Files\Google 2010-07-16 15:40:14 ----D---- C:\Program Files\DivX 2010-07-16 15:39:52 ----D---- C:\ProgramData\DivX 2010-07-15 19:09:48 ----D---- C:\Program Files\EA SPORTS 2010-07-10 23:15:15 ----D---- C:\Program Files\Elaborate Bytes 2010-07-10 12:33:06 ----A---- C:\Windows\ipuninst.exe ======List of files/folders modified in the last 1 months====== 2010-08-09 14:27:06 ----D---- C:\Windows\Temp 2010-08-09 14:27:00 ----D---- C:\Program Files 2010-08-09 14:22:16 ----D---- C:\Windows\system32\drivers\etc 2010-08-09 13:44:24 ----D---- C:\Windows\Prefetch 2010-08-09 12:41:36 ----D---- C:\Windows 2010-08-09 12:19:57 ----D---- C:\ProgramData 2010-08-09 12:16:18 ----D---- C:\Windows\system32\LogFiles 2010-08-09 12:02:28 ----SD---- C:\Windows\Downloaded Program Files 2010-08-08 22:46:50 ----D---- C:\Windows\winsxs 2010-08-08 22:12:28 ----SHD---- C:\System Volume Information 2010-08-08 22:08:28 ----D---- C:\Program Files\SystemRequirementsLab 2010-08-08 19:46:16 ----D---- C:\Users\Naoki\AppData\Roaming\uTorrent 2010-08-08 16:59:18 ----D---- C:\Program Files\uTorrent 2010-08-01 02:10:09 ----D---- C:\Windows\System32 2010-08-01 02:10:08 ----D---- C:\Windows\inf 2010-08-01 02:10:08 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-07-31 11:59:08 ----HD---- C:\Program Files\InstallShield Installation Information 2010-07-31 11:59:03 ----D---- C:\Windows\system32\catroot2 2010-07-31 11:15:37 ----D---- C:\Users\Naoki\AppData\Roaming\Apple Computer 2010-07-30 17:53:18 ----D---- C:\Users\Naoki\AppData\Roaming\Media Player Classic 2010-07-30 17:51:43 ----D---- C:\Windows\Minidump 2010-07-30 17:51:43 ----D---- C:\Windows\Debug 2010-07-30 14:16:04 ----D---- C:\Program Files\Opera 2010-07-21 14:51:15 ----D---- C:\ProgramData\Symantec 2010-07-20 21:53:50 ----D---- C:\Windows\system32\catroot 2010-07-20 21:53:30 ----SHD---- C:\Windows\Installer 2010-07-20 21:49:50 ----A---- C:\Windows\win.ini 2010-07-20 21:49:30 ----D---- C:\Program Files\Common Files 2010-07-20 21:49:27 ----D---- C:\Windows\twain_32 2010-07-20 21:49:26 ----D---- C:\Windows\system32\drivers 2010-07-20 21:40:10 ----D---- C:\Program Files\Common Files\Symantec Shared 2010-07-20 21:36:22 ----RSD---- C:\Windows\assembly 2010-07-20 21:31:28 ----D---- C:\ProgramData\2DBoy 2010-07-20 21:30:36 ----D---- C:\Program Files\MAGIX 2010-07-20 21:30:34 ----D---- C:\Windows\system32\MAGIX 2010-07-20 21:01:46 ----D---- C:\Program Files\Logitech 2010-07-20 21:01:36 ----D---- C:\Windows\SoftwareDistribution 2010-07-20 19:17:56 ----SD---- C:\Users\Naoki\AppData\Roaming\Microsoft 2010-07-20 18:38:18 ----D---- C:\Windows\system32\Tasks 2010-07-20 18:37:06 ----D---- C:\Program Files\Image-Line 2010-07-20 18:22:07 ----D---- C:\Program Files\Basement Softworks 2010-07-20 17:25:02 ----D---- C:\Windows\system32\config 2010-07-20 17:24:52 ----D---- C:\Windows\Tasks 2010-07-20 17:24:52 ----D---- C:\Windows\system32\spool 2010-07-20 17:24:52 ----D---- C:\Windows\system32\CodeIntegrity 2010-07-20 17:24:52 ----D---- C:\ProgramData\PMB Files 2010-07-20 17:24:50 ----D---- C:\Windows\system32\wbem 2010-07-20 17:24:50 ----D---- C:\Windows\registration 2010-07-20 17:18:25 ----D---- C:\Program Files\IrfanView 2010-07-20 17:10:52 ----D---- C:\Program Files\DVDVideoSoft 2010-07-20 17:10:51 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2010-07-20 16:56:44 ----D---- C:\Program Files\Paradox Interactive 2010-07-20 16:42:47 ----D---- C:\Program Files\TOSHIBA ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-03 691696] R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-03-29 285184] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2006-10-05 16768] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-27 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-27 75096] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-18 278984] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-18 25416] R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-27 52056] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-27 1761696] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 67072] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-05-11 82432] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-14 182456] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128] S2 npkcrypt;npkcrypt; \??\C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys [] S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456] S3 axtvj3hw;axtvj3hw; C:\Windows\system32\drivers\axtvj3hw.sys [] S3 dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384] S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2006-11-02 10752] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Naoki\AppData\Local\Temp\YGY8601.tmp [] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 lredbooo;lredbooo; \??\C:\Users\Naoki\AppData\Local\Temp\lredbooo.sys [] S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2005-05-27 22016] S3 Mkd2kfNt;Mkd2kfNt; C:\Windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072] S3 Mkd2Nadr;Mkd2Nadr; C:\Windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 nocashio;nocashio; C:\Windows\system32\drivers\nocashio.sys [2009-11-02 4096] S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682] S3 QCMerced;Logitech QuickCam Communicate; C:\Windows\system32\DRIVERS\LVCM.sys [2005-05-27 1317152] S3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304] S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [] S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216] S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392] S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472] S2 CachemanService;Cacheman Service; C:\Program Files\Cacheman\CachemanServ.exe [] S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products; C:\Windows\system\regsrv.exe [] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc [] S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016] S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [] S4 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [] S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [] S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-01 87288] S4 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-03-29 114688] S4 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688] S4 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2006-12-19 428152] S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152] -----------------EOF----------------- |
|
09.08.2010, 17:21
| #5 |
| /// Malware-holic | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% avira ist ebenfalls nicht aktuell, du hast version 8, aktuell ist version 10 upgraden wir später Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL SRV - (WinHttpAutoProxySvc) -- File not found SRV - (PnkBstrB) -- C:\Windows\System32\PnkBstrB.exe File not found SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe File not found SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found SRV - (FLEXnet Licensing Manager) -- C:\Windows\system\regsrv.exe File not found SRV - (CachemanService) -- C:\Program Files\Cacheman\CachemanServ.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File not found DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (npkcrypt) -- C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys File not found DRV - (lredbooo) -- C:\Users\Naoki\AppData\Local\Temp\lredbooo.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GarenaPEngine) -- C:\Users\Naoki\AppData\Local\Temp\YGY8601.tmp File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found O29 - HKLM SecurityProviders - (credssp.dll) - File not found :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten befor wir dann weiter machen können, werden erst mal windows updates instaliert, zu erst sp1, dann servicepack 2 und dann die sonstigen fehlenden updates, so lange bis keine mehr angeboten werden. gib bescheid, wenn das erledigt ist |
|
09.08.2010, 18:12
| #6 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% All processes killed ========== OTL ========== Service WinHttpAutoProxySvc stopped successfully! Service WinHttpAutoProxySvc deleted successfully! File File not found not found. Service PnkBstrB stopped successfully! Service PnkBstrB deleted successfully! File C:\Windows\System32\PnkBstrB.exe File not found not found. Service PnkBstrA stopped successfully! Service PnkBstrA deleted successfully! File C:\Windows\System32\PnkBstrA.exe File not found not found. Error: No service named IAANTMON) Intel(R was found to stop! Service\Driver key IAANTMON) Intel(R not found. File C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File not found not found. Error: No service named gupdate) Google Update Service (gupdate was found to stop! Service\Driver key gupdate) Google Update Service (gupdate not found. File C:\Program Files\Google\Update\GoogleUpdate.exe File not found not found. Service FLEXnet Licensing Manager stopped successfully! Service FLEXnet Licensing Manager deleted successfully! File C:\Windows\system\regsrv.exe File not found not found. Service CachemanService stopped successfully! Service CachemanService deleted successfully! File C:\Program Files\Cacheman\CachemanServ.exe File not found not found. Service Apple Mobile Device stopped successfully! Service Apple Mobile Device deleted successfully! File C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File not found not found. Service TpChoice stopped successfully! Service TpChoice deleted successfully! File C:\Windows\System32\DRIVERS\TpChoice.sys File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service npkcrypt stopped successfully! Service npkcrypt deleted successfully! File C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys File not found not found. Service lredbooo stopped successfully! Service lredbooo deleted successfully! File C:\Users\Naoki\AppData\Local\Temp\lredbooo.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Service GarenaPEngine stopped successfully! Service GarenaPEngine deleted successfully! File C:\Users\Naoki\AppData\Local\Temp\YGY8601.tmp File not found not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! File C:\Windows\System32\drivers\EagleNT.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys File not found not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:credssp.dll deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Naoki ->Flash cache emptied: 53058 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Naoki ->Temp folder emptied: 22053946 bytes ->Temporary Internet Files folder emptied: 793679 bytes ->Java cache emptied: 64109197 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 112469105 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 70314 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 169634776 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 352,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 08092010_190004 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Das ist das Textdokument von OTL. Ich werde jetzt versuchen das Windows Update durchzuführen. |
|
09.08.2010, 18:48
| #7 |
| /// Malware-holic | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% ok bis dahin |
|
10.08.2010, 20:26
| #8 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% Habe jetzt alle Updates durchgeführt, was etwas länger gedauert hat, weil manche Versuche durch fehlerhaftes rebooten danebengegangen sind. |
|
11.08.2010, 11:47
| #9 |
| /// Malware-holic | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% ok nun klicke in otl auf scan und poste den inhalt von otl.txt |
|
11.08.2010, 16:54
| #10 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% Soll ich nur den Scan starten oder vorher noch die alten Einstellungen aktivieren und etwas ins Textfeld einfügen? |
|
11.08.2010, 17:13
| #11 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% OTL logfile created on: 11.08.2010 17:50:40 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Naoki\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 25,00 Gb Paging File | 25,00 Gb Available in Paging File | 98,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 13,28 Gb Free Space | 17,82% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 86,62 Gb Free Space | 58,11% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 73,06 Gb Total Space | 40,28 Gb Free Space | 55,13% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAX-PC Current User Name: Naoki Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Naoki\Downloads\stinger1010995.exe () PRC - C:\Users\Naoki\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Naoki\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (nocashio) -- C:\Windows\System32\drivers\nocashio.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (Mkd2kfNt) -- C:\Windows\System32\drivers\Mkd2kfNT.sys (AhnLab, Inc.) DRV - (Mkd2Nadr) -- C:\Windows\System32\drivers\Mkd2Nadr.sys (AhnLab, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.12 23:09:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.12 23:09:03 | 000,000,000 | ---D | M] [2008.11.23 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\mozilla\Extensions [2009.10.30 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\Naoki\AppData\Roaming\mozilla\Firefox\Profiles\sgfol3m9.Naoki\extensions [2009.10.03 14:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Naoki\AppData\Roaming\mozilla\Firefox\Profiles\sgfol3m9.Naoki\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.30 16:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.09.28 22:17:16 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009.03.09 18:37:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.03.09 18:37:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.03.09 18:37:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.03.09 18:37:50 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.03.09 18:37:50 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.09 14:22:15 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Naoki\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Naoki\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0bc8f57e-6e81-11de-939d-001eec01cf73}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{6224d762-90d3-11df-b89e-001eec01cf73}\Shell - "" = AutoRun O33 - MountPoints2\{6224d762-90d3-11df-b89e-001eec01cf73}\Shell\AutoRun\command - "" = H:\ANNOfinder.exe -- File not found O33 - MountPoints2\{a14661ba-1e1d-11df-886a-001eec01cf73}\Shell - "" = AutoRun O33 - MountPoints2\{a14661ba-1e1d-11df-886a-001eec01cf73}\Shell\AutoRun\command - "" = E:\AutoRunMorrowind.exe -- File not found O33 - MountPoints2\{a14661ba-1e1d-11df-886a-001eec01cf73}\Shell\install\command - "" = E:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /r \??\E  - File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: ciphient - (C:\Windows\system32\mrt_isv.dll) - C:\Windows\System32\mrt_isv.dll File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.11 16:09:20 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.11 16:09:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.11 16:09:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.11 16:09:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 16:09:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.11 16:09:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.11 16:09:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.11 16:09:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.11 16:09:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.11 16:09:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.11 16:09:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.11 16:09:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.11 16:09:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.11 16:09:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.11 16:09:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.11 16:06:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2010.08.11 16:06:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2010.08.11 16:06:16 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2010.08.11 16:06:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2010.08.11 16:06:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2010.08.11 16:06:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2010.08.11 16:06:14 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2010.08.11 16:06:14 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2010.08.11 16:06:12 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.08.11 16:06:12 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2010.08.11 16:06:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.08.11 16:06:11 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2010.08.11 16:06:10 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2010.08.11 16:06:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2010.08.11 16:06:10 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2010.08.11 16:06:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2010.08.11 16:06:07 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.11 16:06:06 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.08.11 16:06:06 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.08.11 16:06:05 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2010.08.11 16:06:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.08.11 16:06:02 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2010.08.11 16:06:01 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2010.08.11 16:06:01 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2010.08.11 16:06:01 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2010.08.11 16:06:01 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2010.08.11 16:06:01 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2010.08.11 15:59:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2010.08.11 15:56:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.08.11 15:56:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.08.11 15:56:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.08.11 15:56:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2010.08.11 15:56:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2010.08.11 15:56:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2010.08.11 15:56:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.08.11 15:56:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.08.11 15:56:21 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.08.11 15:56:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.08.11 15:56:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2010.08.11 15:56:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.08.11 15:56:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.08.11 15:56:08 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.08.11 15:56:08 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.08.11 15:56:08 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.08.11 15:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.08.11 14:49:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.08.11 14:49:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.08.11 14:49:55 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.08.11 14:42:11 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 14:42:09 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 14:40:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 14:40:30 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 14:40:19 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.11 14:25:03 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2010.08.11 13:25:48 | 000,000,000 | ---D | C] -- C:\Intel [2010.08.11 13:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010.08.11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2010.08.11 11:01:31 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2010.08.11 11:01:27 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2010.08.11 11:01:26 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2010.08.11 10:59:59 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2010.08.11 10:59:55 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2010.08.11 10:59:53 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2010.08.11 10:59:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2010.08.11 10:59:52 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2010.08.11 10:59:52 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.08.11 10:59:52 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2010.08.11 10:59:52 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2010.08.11 10:59:51 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll [2010.08.11 10:59:51 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2010.08.11 10:59:51 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2010.08.11 10:59:51 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2010.08.11 10:59:51 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2010.08.11 10:59:50 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2010.08.11 10:59:50 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2010.08.11 10:59:50 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2010.08.11 10:59:49 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2010.08.11 10:59:49 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2010.08.11 10:59:49 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2010.08.11 10:59:49 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2010.08.11 10:59:49 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2010.08.11 10:59:49 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2010.08.11 10:59:48 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2010.08.11 10:59:48 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2010.08.11 10:59:48 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2010.08.11 10:58:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2010.08.11 10:58:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2010.08.11 10:58:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2010.08.11 10:58:17 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2010.08.11 10:58:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2010.08.11 10:58:16 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2010.08.11 10:58:16 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2010.08.11 10:58:16 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2010.08.11 10:58:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2010.08.11 10:54:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2010.08.11 10:54:49 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2010.08.10 19:20:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2010.08.10 19:20:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2010.08.10 19:20:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2010.08.10 18:04:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2010.08.10 12:17:12 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2010.08.10 12:16:48 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll [2010.08.10 12:16:36 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll [2010.08.10 12:16:36 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe [2010.08.10 12:16:28 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2010.08.10 12:16:19 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2010.08.10 12:16:12 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys [2010.08.10 12:16:10 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2010.08.10 12:16:06 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2010.08.10 12:16:03 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll [2010.08.10 12:15:55 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll [2010.08.10 12:15:48 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll [2010.08.10 12:15:42 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll [2010.08.10 12:15:42 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll [2010.08.10 12:15:30 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2010.08.10 12:15:24 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll [2010.08.10 12:15:22 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll [2010.08.10 12:15:12 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe [2010.08.10 12:15:11 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe [2010.08.10 12:15:10 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll [2010.08.10 12:15:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll [2010.08.10 12:15:00 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2010.08.10 12:14:42 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2010.08.10 12:14:36 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL [2010.08.10 12:14:34 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2010.08.10 12:14:34 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2010.08.10 12:14:32 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll [2010.08.10 12:14:25 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2010.08.10 12:14:19 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2010.08.10 12:14:16 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL [2010.08.10 12:14:15 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll [2010.08.10 12:14:10 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll [2010.08.10 12:14:10 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2010.08.10 12:14:06 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe [2010.08.10 12:14:06 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll [2010.08.10 12:14:03 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.08.10 12:13:54 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll [2010.08.10 12:13:42 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll [2010.08.10 12:13:37 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME [2010.08.10 12:13:34 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll [2010.08.10 12:13:34 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll [2010.08.10 12:13:32 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll [2010.08.10 12:13:27 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2010.08.10 12:13:24 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2010.08.10 12:13:23 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe [2010.08.10 12:13:23 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2010.08.10 12:13:22 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll [2010.08.10 12:13:21 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe [2010.08.10 12:13:18 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll [2010.08.10 12:13:17 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll [2010.08.10 12:13:15 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll [2010.08.10 12:13:13 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2010.08.10 12:13:06 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll [2010.08.10 12:13:06 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll [2010.08.10 12:13:05 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2010.08.10 12:13:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll [2010.08.10 12:13:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2010.08.10 12:12:57 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll [2010.08.10 12:12:57 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll [2010.08.10 12:12:56 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll [2010.08.10 12:12:55 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll [2010.08.10 12:12:54 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2010.08.10 12:12:47 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe [2010.08.10 12:12:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe [2010.08.10 12:12:40 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe [2010.08.10 12:12:40 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll [2010.08.10 12:12:39 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll [2010.08.10 12:12:27 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll [2010.08.10 12:12:26 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2010.08.10 12:12:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll [2010.08.10 12:12:24 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll [2010.08.10 12:12:23 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll [2010.08.10 12:12:22 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll [2010.08.10 12:12:18 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2010.08.10 12:12:15 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll [2010.08.10 12:12:13 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll [2010.08.10 12:12:11 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl [2010.08.10 12:12:11 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll [2010.08.10 12:12:09 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2010.08.10 12:12:09 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2010.08.10 12:12:07 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe [2010.08.10 12:12:05 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.08.10 12:11:57 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll [2010.08.10 12:11:56 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll [2010.08.10 12:11:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2010.08.10 12:11:52 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll [2010.08.10 12:11:51 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2010.08.10 12:11:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll [2010.08.10 12:11:48 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll [2010.08.10 12:11:46 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll [2010.08.10 12:11:44 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll [2010.08.10 12:11:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2010.08.10 12:11:30 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll [2010.08.10 12:11:29 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2010.08.10 12:11:26 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2010.08.10 12:11:24 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll [2010.08.10 12:11:23 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll [2010.08.10 12:11:14 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll [2010.08.10 12:11:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe [2010.08.10 12:11:09 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll [2010.08.10 12:11:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2010.08.10 12:11:02 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.08.10 12:10:57 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2010.08.10 12:10:55 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe [2010.08.10 12:10:55 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll [2010.08.10 12:10:54 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll [2010.08.10 12:10:53 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll [2010.08.10 12:10:47 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.08.10 12:10:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2010.08.10 12:10:46 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2010.08.10 12:10:39 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll [2010.08.10 12:10:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe [2010.08.10 12:10:36 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2010.08.10 12:10:31 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll [2010.08.10 12:10:25 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll [2010.08.10 12:10:25 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2010.08.10 12:10:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll [2010.08.10 12:10:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll [2010.08.10 12:10:24 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll [2010.08.10 12:10:24 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll [2010.08.10 12:10:24 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll [2010.08.10 12:10:24 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2010.08.10 12:10:22 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2010.08.10 12:10:21 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll [2010.08.10 12:10:18 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL [2010.08.10 12:10:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime [2010.08.10 12:10:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime [2010.08.10 12:10:14 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime [2010.08.10 12:10:14 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime [2010.08.10 12:10:13 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime [2010.08.10 12:10:12 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe [2010.08.10 12:10:11 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll [2010.08.10 12:10:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2010.08.10 12:10:09 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll [2010.08.10 12:10:08 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2010.08.10 12:10:07 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll [2010.08.10 12:10:07 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll [2010.08.10 12:10:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll [2010.08.10 12:10:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe [2010.08.10 12:10:06 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2010.08.10 12:10:05 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2010.08.10 12:10:05 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2010.08.10 12:10:02 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2010.08.10 12:10:00 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2010.08.10 12:09:59 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr [2010.08.10 12:09:58 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll [2010.08.10 12:09:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2010.08.10 12:09:55 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2010.08.10 12:09:53 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2010.08.10 12:09:53 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll [2010.08.10 12:09:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll [2010.08.10 12:09:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2010.08.10 12:09:52 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe [2010.08.10 12:09:49 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll [2010.08.10 12:09:49 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll [2010.08.10 12:09:48 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll [2010.08.10 12:09:47 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2010.08.10 12:09:46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2010.08.10 12:09:45 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.08.10 12:09:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll [2010.08.10 12:09:37 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys [2010.08.10 12:09:36 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll [2010.08.10 12:09:35 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2010.08.10 12:09:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax [2010.08.10 12:09:32 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll [2010.08.10 12:09:30 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll [2010.08.10 12:09:29 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe [2010.08.10 12:09:29 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2010.08.10 12:09:27 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys [2010.08.10 12:09:26 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL [2010.08.10 12:09:25 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys [2010.08.10 12:09:25 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2010.08.10 12:09:24 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll [2010.08.10 12:09:24 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll [2010.08.10 12:09:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll [2010.08.10 12:09:19 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll [2010.08.10 12:09:18 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.08.10 12:09:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx [2010.08.10 12:09:17 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll [2010.08.10 12:09:11 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll [2010.08.10 12:09:11 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll [2010.08.10 12:09:09 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe [2010.08.10 12:09:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2010.08.10 12:09:09 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2010.08.10 12:09:08 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll [2010.08.10 12:09:07 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll [2010.08.10 12:09:07 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2010.08.10 12:09:06 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime [2010.08.10 12:09:06 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe [2010.08.10 12:09:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.08.10 12:09:05 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2010.08.10 12:09:04 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2010.08.10 12:09:03 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll [2010.08.10 12:09:00 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe [2010.08.10 12:08:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2010.08.10 12:08:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2010.08.10 12:08:58 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys [2010.08.10 12:08:58 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll [2010.08.10 12:08:57 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll [2010.08.10 12:08:57 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll [2010.08.10 12:08:56 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2010.08.10 12:08:55 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll [2010.08.10 12:08:55 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe [2010.08.10 12:08:51 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll [2010.08.10 12:08:51 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll [2010.08.10 12:08:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll [2010.08.10 12:08:50 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2010.08.10 12:08:49 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll [2010.08.10 12:08:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll [2010.08.10 12:08:48 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe [2010.08.10 12:08:48 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2010.08.10 12:08:44 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe [2010.08.10 12:08:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe [2010.08.10 12:08:43 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2010.08.10 12:08:43 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2010.08.10 12:08:42 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe [2010.08.10 12:08:41 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2010.08.10 12:08:41 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe [2010.08.10 12:08:40 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll [2010.08.10 12:08:40 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2010.08.10 12:08:39 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll [2010.08.10 12:08:39 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll [2010.08.10 12:08:39 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll [2010.08.10 12:08:38 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2010.08.10 12:08:37 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2010.08.10 12:08:36 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll [2010.08.10 12:08:35 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll [2010.08.10 12:08:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL [2010.08.10 12:08:29 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll [2010.08.10 12:08:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll [2010.08.10 12:08:28 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll [2010.08.10 12:08:28 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll [2010.08.10 12:08:27 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll [2010.08.10 12:08:26 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll [2010.08.10 12:08:25 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll [2010.08.10 12:08:24 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe [2010.08.10 12:08:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll [2010.08.10 12:08:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll [2010.08.10 12:08:23 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll [2010.08.10 12:08:22 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL [2010.08.10 12:08:22 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe [2010.08.10 12:08:21 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll [2010.08.10 12:08:20 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll [2010.08.10 12:08:18 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2010.08.10 12:08:18 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe [2010.08.10 12:08:17 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll [2010.08.10 12:08:16 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe [2010.08.10 12:08:15 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll [2010.08.10 12:08:14 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll [2010.08.10 12:08:11 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll [2010.08.10 12:08:10 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2010.08.10 12:08:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll [2010.08.10 12:08:09 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll [2010.08.10 12:08:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll [2010.08.10 12:08:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2010.08.10 12:08:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2010.08.10 12:08:04 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll [2010.08.10 12:08:04 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll [2010.08.10 12:08:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2010.08.10 12:08:03 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll [2010.08.10 12:08:03 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll [2010.08.10 12:08:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.08.10 12:08:02 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll [2010.08.10 12:08:01 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll [2010.08.10 12:08:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll [2010.08.10 12:07:59 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll [2010.08.10 12:07:59 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll [2010.08.10 12:07:54 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2010.08.10 12:07:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe [2010.08.10 12:07:52 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll [2010.08.10 12:07:50 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2010.08.10 12:07:49 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll [2010.08.10 12:07:47 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll [2010.08.10 12:07:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll [2010.08.10 12:07:44 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll [2010.08.10 12:07:44 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll [2010.08.10 12:07:43 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2010.08.10 12:07:42 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll [2010.08.10 12:07:42 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll [2010.08.10 12:07:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime [2010.08.10 12:07:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll [2010.08.10 12:07:40 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll [2010.08.10 12:07:40 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe [2010.08.10 12:07:40 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll [2010.08.10 12:07:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll [2010.08.10 12:07:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll [2010.08.10 12:07:36 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll [2010.08.10 12:07:35 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.08.10 12:07:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2010.08.10 12:07:35 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll [2010.08.10 12:07:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2010.08.10 12:07:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll [2010.08.10 12:07:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe [2010.08.10 12:07:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll [2010.08.10 12:07:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll [2010.08.10 12:07:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe [2010.08.10 12:07:30 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl [2010.08.10 12:07:30 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.08.10 12:07:30 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe [2010.08.10 12:07:29 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll [2010.08.10 12:07:29 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2010.08.10 12:07:29 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll [2010.08.10 12:07:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll [2010.08.10 12:07:28 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll [2010.08.10 12:07:28 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe [2010.08.10 12:07:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe [2010.08.10 12:07:27 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll [2010.08.10 12:07:26 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2010.08.10 12:07:26 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll [2010.08.10 12:07:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys [2010.08.10 12:07:25 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2010.08.10 12:07:25 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe [2010.08.10 12:07:24 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll [2010.08.10 12:07:22 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2010.08.10 12:07:22 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2010.08.10 12:07:22 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe [2010.08.10 12:07:22 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe [2010.08.10 12:07:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll [2010.08.10 12:07:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll [2010.08.10 12:07:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll [2010.08.10 12:07:19 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2010.08.10 12:07:19 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys [2010.08.10 12:07:19 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys [2010.08.10 12:07:18 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll [2010.08.10 12:07:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe [2010.08.10 12:07:15 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2010.08.10 12:07:15 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe [2010.08.10 12:07:12 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll [2010.08.10 12:07:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp [2010.08.10 12:07:09 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll [2010.08.10 12:07:08 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL [2010.08.10 12:07:08 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll [2010.08.10 12:07:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe [2010.08.10 12:07:07 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll [2010.08.10 12:07:06 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll [2010.08.10 12:07:04 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll [2010.08.10 12:07:02 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll [2010.08.10 12:06:57 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll [2010.08.10 12:06:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll [2010.08.10 12:06:54 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll [2010.08.10 12:06:54 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll [2010.08.10 12:06:52 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2010.08.10 12:06:50 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2010.08.10 12:06:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2010.08.10 12:06:47 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll [2010.08.10 12:06:46 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2010.08.10 12:06:46 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2010.08.10 12:06:44 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll [2010.08.10 12:06:43 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2010.08.10 12:06:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll [2010.08.10 12:06:41 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2010.08.10 12:06:40 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll [2010.08.10 12:06:38 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2010.08.10 12:06:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2010.08.10 12:06:38 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe [2010.08.10 12:06:38 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll [2010.08.10 12:06:37 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll [2010.08.10 12:06:36 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe [2010.08.10 12:06:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2010.08.10 12:06:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll [2010.08.10 12:06:35 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2010.08.10 12:06:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll [2010.08.10 12:06:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys [2010.08.10 12:06:33 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2010.08.10 12:06:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll [2010.08.10 12:06:31 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll [2010.08.10 12:06:30 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2010.08.10 12:06:29 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.08.10 12:06:29 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll [2010.08.10 12:06:28 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll [2010.08.10 12:06:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2010.08.10 12:06:27 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll [2010.08.10 12:06:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe [2010.08.10 12:06:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll [2010.08.10 12:06:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe [2010.08.10 12:06:24 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.08.10 12:06:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll [2010.08.10 12:06:22 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll [2010.08.10 12:06:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll [2010.08.10 12:06:21 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll [2010.08.10 12:06:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime [2010.08.10 12:06:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll [2010.08.10 12:06:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll [2010.08.10 12:06:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll [2010.08.10 12:06:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe [2010.08.10 12:06:18 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll [2010.08.10 12:06:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll [2010.08.10 12:06:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll [2010.08.10 12:06:17 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll [2010.08.10 12:06:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll [2010.08.10 12:06:17 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe [2010.08.10 12:06:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe [2010.08.10 12:06:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll [2010.08.10 12:06:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll [2010.08.10 12:06:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll [2010.08.10 12:06:15 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe [2010.08.10 12:06:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll [2010.08.10 12:06:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe [2010.08.10 12:06:14 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe [2010.08.10 12:06:14 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll [2010.08.10 12:06:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll [2010.08.10 12:06:13 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll [2010.08.10 12:06:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2010.08.10 12:06:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe [2010.08.10 12:06:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2010.08.10 12:06:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll [2010.08.10 12:06:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll [2010.08.10 12:06:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll [2010.08.10 12:06:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll [2010.08.10 12:06:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe [2010.08.10 12:06:07 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe [2010.08.10 12:06:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe [2010.08.10 12:06:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll [2010.08.10 12:06:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll [2010.08.10 12:06:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll [2010.08.10 12:06:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll [2010.08.10 12:06:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys [2010.08.10 12:06:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll [2010.08.10 12:06:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.08.10 12:06:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2010.08.10 12:06:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll [2010.08.10 12:05:55 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys [2010.08.10 12:05:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2010.08.10 12:05:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2010.08.10 12:05:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2010.08.10 12:05:45 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2010.08.10 12:04:02 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll [2010.08.10 12:03:55 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll [2010.08.10 12:03:55 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe [2010.08.10 12:03:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll [2010.08.10 11:23:55 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2010.08.10 10:53:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.08.10 10:52:59 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.08.10 10:52:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.08.10 10:52:56 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.08.10 10:51:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.08.10 10:50:53 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.08.10 10:50:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.08.10 09:59:29 | 000,000,000 | ---D | C] -- C:\PerfLogs [2010.08.09 19:00:04 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.09 14:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.08.09 14:26:59 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.09 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Roaming\ImgBurn [2010.08.09 13:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2010.08.09 13:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean [2010.08.09 12:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2010.08.09 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Roaming\SUPERAntiSpyware.com [2010.08.09 09:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.08.09 09:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010.07.31 12:46:46 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING.DLL [2010.07.31 12:46:46 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WAVMIX16.DLL [2010.07.31 12:46:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING32.DLL [2010.07.30 19:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010.07.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.07.30 17:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.07.20 19:30:08 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Roaming\Malwarebytes [2010.07.20 19:28:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.20 19:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.20 19:28:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.20 19:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.20 16:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.07.20 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2010.07.16 18:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\1503 AD [2010.07.16 15:40:27 | 000,000,000 | ---D | C] -- C:\Users\Naoki\AppData\Local\Google [2010.07.16 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010.07.16 15:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.07.16 15:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.15 19:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] |
|
11.08.2010, 17:15
| #12 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% ========== Files - Modified Within 30 Days ========== [2010.08.11 17:53:44 | 004,456,448 | -HS- | M] () -- C:\Users\Naoki\ntuser.dat [2010.08.11 17:22:33 | 001,472,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.11 17:22:33 | 000,637,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.11 17:22:33 | 000,603,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.11 17:22:33 | 000,130,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.11 17:22:33 | 000,107,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.11 16:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.11 16:13:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.11 16:13:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.11 16:13:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.11 16:12:46 | 000,524,288 | -HS- | M] () -- C:\Users\Naoki\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.11 16:12:46 | 000,065,536 | -HS- | M] () -- C:\Users\Naoki\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.11 16:12:42 | 001,847,810 | -H-- | M] () -- C:\Users\Naoki\AppData\Local\IconCache.db [2010.08.11 16:05:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf [2010.08.11 16:05:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E61C761D-A6AA-4E50-BBDF-AD7C299B71A8}.job [2010.08.11 15:45:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.11 15:45:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.11 15:13:45 | 000,287,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.11 12:13:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.08.10 15:43:52 | 000,001,536 | ---- | M] () -- C:\Windows\System32\drivers\GameNT.sys [2010.08.10 12:46:59 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.10 12:22:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2010.08.10 10:14:04 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2010.08.10 00:04:21 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2010.08.10 00:04:09 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2010.08.09 14:22:15 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.07.31 00:18:57 | 000,001,356 | ---- | M] () -- C:\Users\Naoki\AppData\Local\d3d9caps.dat [2010.07.30 17:57:08 | 000,005,132 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175706.reg [2010.07.30 17:56:51 | 000,003,310 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175648.reg [2010.07.30 17:56:30 | 000,014,908 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175625.reg [2010.07.30 17:55:49 | 000,321,976 | ---- | M] () -- C:\Users\Naoki\Documents\cc_20100730_175511.reg [2010.07.20 21:49:50 | 000,000,384 | ---- | M] () -- C:\Windows\win.ini [2010.07.20 21:34:20 | 000,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache [2010.07.18 12:26:47 | 000,000,578 | ---- | M] () -- C:\Windows\eReg.dat [2010.07.16 15:43:40 | 000,001,954 | ---- | M] () -- C:\Users\Naoki\Desktop\Google Chrome.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.11 16:09:11 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.08.11 16:05:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf [2010.08.11 15:56:12 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.08.11 15:56:12 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.08.11 15:56:12 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.08.11 12:13:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.08.10 15:43:52 | 000,001,536 | ---- | C] () -- C:\Windows\System32\drivers\GameNT.sys [2010.08.10 12:22:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2010.08.10 12:17:05 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2010.08.10 12:13:15 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2010.08.10 12:13:04 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2010.08.10 12:12:05 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2010.08.10 12:11:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.08.10 12:11:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.10 12:11:32 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls [2010.08.10 12:11:26 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2010.08.10 12:10:55 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2010.08.10 12:09:38 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2010.08.10 12:09:25 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2010.08.10 12:07:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.08.10 12:06:01 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2010.08.10 12:05:30 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2010.07.30 17:57:07 | 000,005,132 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175706.reg [2010.07.30 17:56:50 | 000,003,310 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175648.reg [2010.07.30 17:56:27 | 000,014,908 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175625.reg [2010.07.30 17:55:16 | 000,321,976 | ---- | C] () -- C:\Users\Naoki\Documents\cc_20100730_175511.reg [2010.07.20 21:34:20 | 000,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache [2010.07.16 18:47:35 | 000,000,578 | ---- | C] () -- C:\Windows\eReg.dat [2010.07.16 15:43:40 | 000,001,954 | ---- | C] () -- C:\Users\Naoki\Desktop\Google Chrome.lnk [2010.07.16 15:40:51 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.16 15:40:48 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.25 21:17:37 | 000,002,645 | ---- | C] () -- C:\Windows\WAVEMIX.INI [2010.04.04 00:46:51 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.02.05 23:48:47 | 000,000,136 | ---- | C] () -- C:\Windows\wininit.ini [2009.12.23 15:29:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.12.18 23:50:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.02 19:57:16 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys [2009.11.02 13:50:28 | 000,000,048 | ---- | C] () -- C:\Windows\Alternity.INI [2009.11.02 13:49:30 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.10.18 00:17:38 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.18 00:17:37 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.10 02:30:02 | 000,000,077 | ---- | C] () -- C:\Windows\MemoDvx.INI [2009.07.24 21:53:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll [2009.06.01 18:25:44 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2008.12.21 22:20:45 | 000,138,512 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.07.10 16:03:57 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008.07.02 18:13:18 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008.07.02 18:13:18 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008.07.02 18:13:18 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.06.05 15:47:37 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.06.05 15:47:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.05.12 15:04:18 | 000,000,320 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.04.17 13:53:06 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.04.16 08:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.16 08:12:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.04.16 08:12:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.04.16 08:12:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.04.16 08:12:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.04.16 08:12:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.04.16 08:12:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.04.16 07:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.04.16 07:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.04.16 07:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.04.16 07:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.04.16 07:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll [2006.11.24 07:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.05.27 09:32:52 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys [2005.05.27 09:10:26 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 14 bytes -> C:\Windows\system.ini:c1_encryption_d < End of report > Musste das ganze in 2 Teile stecken. Das ist jetzt OTL.txt ohne irgendwelchen Einstellungen oder Befehlen in der OTL-Textbox. |
|
11.08.2010, 17:50
| #13 |
| /// Malware-holic | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
11.08.2010, 22:11
| #14 |
| | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% Combofix Logfile: Code:
ATTFilter ComboFix 10-08-11.02 - Naoki 11.08.2010 21:38:19.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.1280 [GMT 2:00]
ausgeführt von:: c:\users\Naoki\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Naoki\AppData\Roaming\Microsoft\Windows\Recent\DeSmuME.com.URL
c:\users\Naoki\Documents\cc_20100730_175511.reg
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-11 bis 2010-08-11 ))))))))))))))))))))))))))))))
.
2010-08-11 19:52 . 2010-08-11 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 19:52 . 2010-08-11 19:53 -------- d-----w- c:\users\Naoki\AppData\Local\temp
2010-08-11 13:43 . 2010-08-11 13:43 -------- d-----w- c:\program files\Microsoft.NET
2010-08-11 12:49 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-11 12:49 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-11 12:49 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-11 12:49 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-11 12:49 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-11 12:42 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 12:42 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 12:42 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 12:42 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 12:40 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 12:40 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 12:40 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 12:40 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 12:40 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 12:39 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 12:25 . 2010-03-02 14:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-08-11 11:25 . 2010-08-11 11:25 -------- d-----w- C:\Intel
2010-08-11 11:17 . 2010-08-11 11:17 -------- d-----w- c:\program files\Lavalys
2010-08-11 10:13 . 2010-08-11 10:13 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-11 09:01 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-08-11 09:01 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-08-11 09:01 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-08-11 08:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-08-11 08:58 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-08-11 08:58 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-08-11 08:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-08-11 08:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-08-11 08:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-08-11 08:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-08-11 08:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-08-11 08:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-08-11 08:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-08-11 08:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-08-11 08:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-11 08:54 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-11 08:54 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-11 08:54 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-10 17:20 . 2010-08-10 17:22 -------- d-----w- c:\windows\system32\ca-ES
2010-08-10 17:20 . 2010-08-10 17:22 -------- d-----w- c:\windows\system32\eu-ES
2010-08-10 17:20 . 2010-08-10 17:22 -------- d-----w- c:\windows\system32\vi-VN
2010-08-10 16:04 . 2010-08-10 16:04 -------- d-----w- c:\windows\system32\EventProviders
2010-08-10 13:43 . 2010-08-10 13:43 1536 ----a-w- c:\windows\system32\drivers\GameNT.sys
2010-08-10 10:17 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-08-10 10:16 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-08-10 10:16 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-08-10 10:16 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-08-10 10:16 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-08-10 10:16 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-08-10 10:16 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-08-10 10:16 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2010-08-10 10:16 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-08-10 10:16 . 2009-02-18 18:39 779136 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-08-10 10:16 . 2009-04-11 04:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-08-10 10:16 . 2009-04-11 06:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-08-10 10:14 . 2009-04-11 06:28 644608 ----a-w- c:\windows\system32\p2psvc.dll
2010-08-10 10:13 . 2009-04-11 06:28 1589248 ----a-w- c:\windows\system32\msjet40.dll
2010-08-10 10:12 . 2009-04-11 06:28 290816 ----a-w- c:\windows\system32\msjtes40.dll
2010-08-10 10:11 . 2009-04-11 06:28 368640 ----a-w- c:\windows\system32\mspbde40.dll
2010-08-10 10:10 . 2009-04-11 06:28 302592 ----a-w- c:\windows\system32\QAGENTRT.DLL
2010-08-10 10:09 . 2009-04-11 06:28 364032 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-08-10 10:08 . 2009-04-11 06:28 375808 ----a-w- c:\windows\system32\winsrv.dll
2010-08-10 10:07 . 2009-04-11 06:28 723968 ----a-w- c:\windows\system32\powercpl.dll
2010-08-10 10:06 . 2009-04-11 04:45 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-08-10 10:05 . 2009-04-11 04:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2010-08-10 10:05 . 2009-04-11 04:39 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-10 10:05 . 2009-04-11 04:46 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2010-08-10 10:05 . 2009-04-11 05:42 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2010-08-10 10:05 . 2009-04-11 04:46 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2010-08-10 10:05 . 2009-04-11 04:46 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2010-08-10 10:05 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2010-08-10 10:05 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll
2010-08-10 10:04 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-08-10 10:04 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-08-10 10:04 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-08-10 10:04 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-08-10 10:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-08-10 10:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-08-10 10:04 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-08-10 10:04 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-08-10 10:03 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-08-10 10:03 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-08-10 10:03 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-08-10 09:23 . 2010-08-10 09:24 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-10 08:53 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-10 08:53 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-10 08:52 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-08-10 08:52 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-10 08:52 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-10 08:51 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-10 08:50 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-10 08:50 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-10 07:59 . 2010-08-10 07:59 -------- d-----w- C:\PerfLogs
2010-08-09 17:00 . 2010-08-09 17:00 -------- d-----w- C:\_OTL
2010-08-09 12:27 . 2010-08-09 12:27 -------- d-----w- c:\program files\trend micro
2010-08-09 12:26 . 2010-08-09 12:27 -------- d-----w- C:\rsit
2010-08-09 11:54 . 2010-08-09 11:54 -------- d-----w- c:\users\Naoki\AppData\Roaming\ImgBurn
2010-08-09 11:44 . 2010-08-09 11:44 -------- d-----w- c:\program files\ImgBurn
2010-08-09 11:31 . 2010-08-09 11:31 -------- d-----w- c:\program files\Magical Jelly Bean
2010-08-09 10:57 . 2010-08-09 10:57 -------- d-----w- c:\program files\Defraggler
2010-08-09 07:36 . 2010-08-09 07:36 63488 ----a-w- c:\users\Naoki\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-09 07:36 . 2010-08-09 07:36 52224 ----a-w- c:\users\Naoki\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-09 07:36 . 2010-08-09 07:36 117760 ----a-w- c:\users\Naoki\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-09 07:35 . 2010-08-09 07:35 -------- d-----w- c:\users\Naoki\AppData\Roaming\SUPERAntiSpyware.com
2010-08-09 07:35 . 2010-08-09 07:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-09 07:35 . 2010-08-11 19:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 10:46 . 1994-10-05 22:00 27136 ----a-w- c:\windows\system32\WAVMIX16.DLL
2010-07-31 10:46 . 1994-09-20 22:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-07-31 10:46 . 1994-09-20 22:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-07-30 17:26 . 2010-07-30 17:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-30 15:44 . 2010-07-30 15:44 -------- d-----w- c:\program files\CCleaner
2010-07-20 17:30 . 2010-07-20 17:30 -------- d-----w- c:\users\Naoki\AppData\Roaming\Malwarebytes
2010-07-20 17:28 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 17:28 . 2010-07-20 17:28 -------- d-----w- c:\programdata\Malwarebytes
2010-07-20 17:28 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 17:28 . 2010-07-20 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 14:41 . 2010-07-20 15:26 -------- d-----w- c:\program files\Security Task Manager
2010-07-16 16:47 . 2010-07-18 10:26 578 ----a-w- c:\windows\eReg.dat
2010-07-16 16:39 . 2010-07-18 17:16 -------- d-----w- c:\program files\1503 AD
2010-07-16 15:18 . 2010-07-20 14:45 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-16 13:40 . 2010-07-16 15:18 -------- d-----w- c:\users\Naoki\AppData\Local\Google
2010-07-16 13:40 . 2010-07-16 13:44 -------- d-----w- c:\program files\Google
2010-07-16 13:40 . 2010-07-20 14:44 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 15:22 . 2006-11-02 15:33 637762 ----a-w- c:\windows\system32\perfh007.dat
2010-08-11 15:22 . 2006-11-02 15:33 130084 ----a-w- c:\windows\system32\perfc007.dat
2010-08-11 14:37 . 2010-02-26 20:03 -------- d-----w- c:\program files\Diablo
2010-08-11 14:05 . 2010-08-11 14:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-08-11 11:31 . 2009-01-17 19:20 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-11 10:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-11 10:13 . 2010-08-11 10:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-11 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 17:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-10 17:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-10 17:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-08-10 17:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-08-10 17:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-10 17:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-10 16:25 . 2008-06-09 16:27 -------- d-----w- c:\users\Naoki\AppData\Roaming\OpenOffice.org2
2010-08-10 16:23 . 2008-06-09 16:28 1 ----a-w- c:\users\Naoki\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-10 10:22 . 2010-08-10 10:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-09 22:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-09 22:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-09 12:49 . 2010-07-20 14:42 -------- d-----w- c:\programdata\SecTaskMan
2010-08-08 17:46 . 2008-07-08 18:41 -------- d-----w- c:\users\Naoki\AppData\Roaming\uTorrent
2010-08-08 14:59 . 2008-07-08 18:42 -------- d-----w- c:\program files\uTorrent
2010-07-31 09:59 . 2007-04-16 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-31 09:15 . 2008-05-10 18:04 -------- d-----w- c:\users\Naoki\AppData\Roaming\Apple Computer
2010-07-30 22:18 . 2008-09-28 12:33 1356 ----a-w- c:\users\Naoki\AppData\Local\d3d9caps.dat
2010-07-30 15:53 . 2009-07-13 22:50 -------- d-----w- c:\users\Naoki\AppData\Roaming\Media Player Classic
2010-07-30 12:16 . 2009-11-01 18:58 -------- d-----w- c:\program files\Opera
2010-07-21 12:51 . 2007-04-16 06:23 -------- d-----w- c:\programdata\Symantec
2010-07-20 19:40 . 2007-04-16 06:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-20 19:31 . 2009-01-10 20:20 -------- d-----w- c:\programdata\2DBoy
2010-07-20 19:30 . 2007-04-16 06:35 -------- d-----w- c:\program files\MAGIX
2010-07-20 19:01 . 2008-06-30 16:29 -------- d-----w- c:\program files\Logitech
2010-07-20 16:37 . 2010-04-17 12:35 -------- d-----w- c:\program files\Image-Line
2010-07-20 16:22 . 2009-01-21 18:36 -------- d-----w- c:\program files\Basement Softworks
2010-07-20 15:24 . 2010-04-22 17:23 -------- d-----w- c:\programdata\PMB Files
2010-07-20 15:18 . 2010-02-07 10:49 -------- d-----w- c:\program files\IrfanView
2010-07-20 15:10 . 2008-07-18 18:46 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-20 15:10 . 2010-04-19 19:52 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-20 14:56 . 2010-03-26 15:10 -------- d-----w- c:\program files\Paradox Interactive
2010-07-10 21:15 . 2010-07-10 21:15 -------- d-----w- c:\program files\Elaborate Bytes
2010-07-10 10:33 . 2010-07-10 10:33 52736 ----a-w- c:\windows\ipuninst.exe
2010-07-06 17:11 . 2010-07-07 18:10 1335674 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aescript.dll
2010-07-06 17:11 . 2010-07-07 18:10 201081 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aeoffice.dll
2010-07-06 17:11 . 2010-07-07 18:10 381300 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aegen.dll
2010-07-04 07:53 . 2010-07-04 07:53 -------- d-----w- c:\program files\Black Isle
2010-06-28 19:35 . 2008-05-13 17:09 -------- d-----w- c:\users\Naoki\AppData\Roaming\Skype
2010-06-28 19:33 . 2008-05-13 17:10 -------- d-----w- c:\users\Naoki\AppData\Roaming\skypePM
2010-06-26 08:50 . 2010-06-26 08:50 -------- d-----w- c:\program files\Navigo
2010-06-26 06:05 . 2010-08-11 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 14:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 14:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 14:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 19:08 . 2010-06-25 18:20 -------- d-----w- c:\program files\DOSBox-0.74
2010-06-25 14:04 . 2010-06-19 16:52 -------- d-----w- c:\program files\NetstormLaunch
2010-06-24 17:20 . 2010-07-07 18:10 430453 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aepack.dll
2010-06-24 17:20 . 2010-07-07 18:10 2724214 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aeheur.dll
2010-06-24 17:20 . 2010-07-07 18:10 242038 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aehelp.dll
2010-06-21 19:27 . 2010-06-21 19:27 108988 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-18 14:22 . 2010-06-18 14:20 -------- d-----w- c:\program files\iTunes
2010-06-18 14:21 . 2010-06-18 14:21 -------- d-----w- c:\program files\iPod
2010-06-18 14:20 . 2008-05-10 18:01 -------- d-----w- c:\program files\Common Files\Apple
2010-06-18 14:11 . 2010-06-18 14:11 -------- d-----w- c:\program files\Bonjour
2010-06-18 14:04 . 2010-06-18 14:04 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 13:55 . 2010-06-15 13:55 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-31 17:12 . 2008-07-02 16:13 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-05-31 17:12 . 2008-07-02 16:13 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-05-31 17:12 . 2008-07-02 16:13 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-05-26 13:56 . 2008-05-10 16:18 70752 ----a-w- c:\users\Naoki\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 12:14 . 2009-10-03 08:09 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-15 13:44 . 2010-07-07 18:10 127347 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aescn.dll
2010-05-15 13:44 . 2010-07-07 18:10 192886 ----a-w- c:\programdata\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c34c202\validationdir\aecore.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\E:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-12 08:39 166424 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 06:06 413696 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 12:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-12 08:39 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 14:55 323584 ------w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 14:55 323584 ------w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-12 08:39 133656 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-24 08:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-03-22 19:42 438272 ----a-w- c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 05:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-19 21:16 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a3,9e,3b,5c,b7,38,cb,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-03 691696]
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-08-11 c:\windows\Tasks\User_Feed_Synchronization-{0AED19F4-F381-48F1-A7F8-1C6B4F6FC597}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
AddRemove-Veoh Web Player Beta - c:\program files\Veoh Networks\VeohWebPlayer\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-11 21:53
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-08-11 22:01:42
ComboFix-quarantined-files.txt 2010-08-11 20:01
Vor Suchlauf: 13 Verzeichnis(se), 14.102.433.792 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 14.044.590.080 Bytes frei
- - End Of File - - 72588BD5EFD27EE2423ADC8BEABA3C8D
|
|
12.08.2010, 09:55
| #15 |
| /// Malware-holic | Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% avira avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
| Themen zu Aktive Prozesse verbrauchen zu viel CPU, CPU-Auslastung bei 100% |
| 100%, adobe, antivir, antivirus, auslastung, ausmisten, avira, booten, cpu, cpu auslastung knapp 100%, defender, google, hijack, hijackthis, keine programme, monitor, programm, prozess, prozesse, security, software, superantispyware, svchost.exe, system, tiere, vista, windows |
Linear-Darstellung
