| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein email Account schickt SpammailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.09.2010, 19:31
| #3 |
| |  Mein email Account schickt Spammails danke fur die schnelle antwort
__________________ Tower PC Info von Rsit [code] info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-09-14 08:10:38
======Uninstall list======
-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Activision(R)-->MsiExec.exe /X{3FAD68D9-1FA1-4871-9ADF-9151D969E943}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Alpha Protocol-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}\setup.exe" -l0x9 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield Vietnam(TM)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Call of Duty Modern Warfare 2-->"C:\Games\CoDmw2\Call of Duty Modern Warfare 2\unins000.exe"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dungeon Keeper 2-->C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\Uninstall.exe
King’s Bounty: The Legend (Nur entfernen)-->"C:\Program Files (x86)\Nobilis\King's Bounty\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly
NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
Rapture3D 2.3.22 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Risen-->"C:\Program Files (x86)\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Serious Sam: The Second Encounter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x9
Singularity(TM)-->"C:\Program Files (x86)\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe" -runfromtemp -l0x0409 -removeonly
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
The Lord of the Rings - Conquest™-->MsiExec.exe /X{628C3D50-F524-4C49-A958-672CE7953756}
TP-LINK Wireless Client Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{7A2A107B-9695-423F-9462-8F17C178BD35}\setup.exe" -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
WG111 Smart Wizard-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\SETUP.EXE" -uninst
======System event log======
Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 535
Source Name: Disk
Time Written: 20100125222712.159179-000
Event Type: Error
User:
Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 532
Source Name: Disk
Time Written: 20100125222711.659179-000
Event Type: Error
User:
Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 531
Source Name: Disk
Time Written: 20100125222711.159179-000
Event Type: Error
User:
Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 530
Source Name: Disk
Time Written: 20100125222710.659179-000
Event Type: Error
User:
Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 528
Source Name: Disk
Time Written: 20100125222710.159179-000
Event Type: Error
User:
=====Application event log=====
Computer Name: MeinPc
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0432e3b3-ba37-4004-9bea-29fb5262f16b}
Record Number: 358
Source Name: VSS
Time Written: 20100126051803.000000-000
Event Type: Error
User:
Computer Name: MeinPc
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-104217597-776977384-866917408-1000:
Process 436 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-104217597-776977384-866917408-1000
Record Number: 200
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100125221439.668070-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: MeinPc
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
Record Number: 182
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100125221035.280375-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: MeinPc
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=RFQ43
ACID=?
Detailed Error[?]
Record Number: 170
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100125220922.000000-000
Event Type: Error
User:
Computer Name: MeinPc
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 115
Source Name: Microsoft-Windows-Search
Time Written: 20100125220846.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Changed Attributes:
SAM Account Name: -
SID History: -
Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.828125-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7
New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Attributes:
SAM Account Name: Backup Operators
SID History: -
Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.828125-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0x3096c
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.453125-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170918.812500-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170918.671875-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
-----------------EOF-----------------
Log von rsit [code] RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by XXXXXX at 2010-09-14 08:10:01 Microsoft Windows 7 Ultimate System drive C: has 7 GB (5%) free of 131 GB Total RAM: 2047 MB (49% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:10:37 AM, on 9/14/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Users\Will SPliff\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Will SPliff.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6514 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-09-09 328568] "SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-09-14 08:10:01 ----D---- C:\rsit 2010-09-14 08:10:01 ----D---- C:\Program Files (x86)\trend micro 2010-09-13 23:12:28 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-09-13 23:12:28 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2010-09-13 06:54:48 ----D---- C:\ProgramData\SEGA Corporation 2010-09-13 06:13:02 ----D---- C:\Program Files (x86)\SEGA 2010-09-11 05:27:36 ----D---- C:\Program Files (x86)\Common Files\DivX Shared 2010-09-11 05:27:28 ----D---- C:\Program Files (x86)\DivX 2010-09-11 05:06:48 ----D---- C:\ProgramData\DivX 2010-09-10 16:38:21 ----D---- C:\Users\Will SPliff\AppData\Roaming\ProtectDISC 2010-09-10 16:16:13 ----D---- C:\Program Files (x86)\Kalypso 2010-09-10 13:54:06 ----D---- C:\Program Files (x86)\Activision 2010-09-10 10:42:47 ----D---- C:\Program Files (x86)\Pidgin 2010-09-09 20:17:55 ----D---- C:\Windows\pss 2010-09-09 02:40:05 ----D---- C:\Program Files (x86)\uTorrent 2010-09-09 02:39:51 ----D---- C:\Users\Will SPliff\AppData\Roaming\uTorrent 2010-09-09 02:22:33 ----D---- C:\Users\Will SPliff\AppData\Roaming\Avira 2010-09-09 02:05:13 ----D---- C:\ProgramData\Avira 2010-09-09 02:05:13 ----D---- C:\Program Files (x86)\Avira 2010-09-09 02:05:13 ----A---- C:\Windows\SysWOW64\drivers\avgntmgr.sys 2010-09-09 02:05:13 ----A---- C:\Windows\SysWOW64\drivers\avgntdd.sys 2010-09-09 01:37:13 ----D---- C:\Users\Will SPliff\AppData\Roaming\Macromedia 2010-09-09 01:37:13 ----D---- C:\Users\Will SPliff\AppData\Roaming\Adobe 2010-09-09 01:35:50 ----D---- C:\Users\Will SPliff\AppData\Roaming\Mozilla 2010-09-09 01:35:05 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-09-09 01:31:13 ----D---- C:\Windows\Options 2010-09-09 00:39:21 ----D---- C:\ProgramData\TP-LINK 2010-08-24 02:32:58 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP 2010-08-24 01:42:16 ----D---- C:\Program Files (x86)\Nobilis 2010-08-24 00:02:56 ----D---- C:\Program Files (x86)\Bethesda Softworks 2010-08-24 00:01:44 ----RHD---- C:\Users\Will SPliff\AppData\Roaming\SecuROM 2010-08-24 00:01:44 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll 2010-08-20 22:53:39 ----D---- C:\Program Files (x86)\Bullfrog ======List of files/folders modified in the last 1 months====== 2010-09-14 08:10:02 ----D---- C:\Windows\Temp 2010-09-14 08:10:01 ----RD---- C:\Program Files (x86) 2010-09-14 07:26:10 ----D---- C:\Windows\System32 2010-09-14 07:26:10 ----D---- C:\Windows\inf 2010-09-14 07:20:07 ----D---- C:\ProgramData\NVIDIA 2010-09-13 23:39:44 ----SHD---- C:\System Volume Information 2010-09-13 23:14:25 ----SD---- C:\Users\Will SPliff\AppData\Roaming\Microsoft 2010-09-13 23:12:28 ----HD---- C:\ProgramData 2010-09-13 06:13:16 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-09-13 06:13:02 ----SHD---- C:\Windows\Installer 2010-09-13 06:11:54 ----RSD---- C:\Windows\assembly 2010-09-13 06:05:01 ----D---- C:\Windows\Prefetch 2010-09-12 07:15:01 ----D---- C:\Windows\Logs 2010-09-11 05:27:57 ----RD---- C:\Program Files 2010-09-11 05:27:54 ----D---- C:\Windows\SysWOW64 2010-09-11 05:27:36 ----D---- C:\Program Files (x86)\Common Files 2010-09-10 16:15:21 ----D---- C:\Games 2010-09-10 14:15:24 ----D---- C:\Windows\winsxs 2010-09-10 14:04:47 ----D---- C:\Windows 2010-09-09 20:16:44 ----D---- C:\Windows\Downloaded Program Files 2010-09-09 02:05:13 ----D---- C:\Windows\SysWOW64\drivers 2010-09-09 01:40:02 ----D---- C:\ProgramData\Codemasters 2010-09-09 01:32:14 ----SD---- C:\ProgramData\Microsoft 2010-08-25 02:40:40 ----D---- C:\Windows\LiveKernelReports 2010-08-24 02:32:54 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2010-08-24 00:01:13 ----D---- C:\Program Files (x86)\DAEMON Tools Lite ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 SCMNdisP;General NDIS Protocol Driver; C:\Windows\system32\DRIVERS\scmndisp.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [] S3 aoy52uyb;aoy52uyb; C:\Windows\SysWOW64\drivers\aoy52uyb.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 SCM_Service;SCM_Service; C:\Windows\SysWOW64\WinService.exe [2007-07-18 180224] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF----------------- hjtscanlist [code] Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
09/14/2010 08:10 AM C:\rsit --------- 0
09/14/2010 08:10 AM C:\Program Files (x86) --------- 8192
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
09/13/2010 11:39 PM C:\System Volume Information --------- 20480
09/13/2010 11:12 PM C:\ProgramData --------- 4096
09/11/2010 05:27 AM C:\Program Files --------- 4096
09/10/2010 04:15 PM C:\Games --------- 12288
09/10/2010 02:04 PM C:\Windows --------- 20480
02/11/2010 03:59 AM C:\Users --------- 4096
01/26/2010 01:05 AM C:\OEMSettings --------- 0
01/26/2010 12:45 AM C:\NVIDIA --------- 0
01/26/2010 12:10 AM C:\$Recycle.Bin --------- 0
01/26/2010 12:10 AM C:\Recovery --------- 0
07/14/2009 07:08 AM C:\Documents and Settings --------- 0
07/14/2009 05:20 AM C:\PerfLogs --------- 0
11/07/2007 08:12 AM C:\VC_RED.MSI --------- 232960
11/07/2007 08:09 AM C:\VC_RED.cab --------- 1442522
11/07/2007 08:03 AM C:\install.res.1036.dll --------- 97296
11/07/2007 08:03 AM C:\install.res.1033.dll --------- 91152
11/07/2007 08:03 AM C:\install.res.1031.dll --------- 96272
11/07/2007 08:03 AM C:\install.res.1041.dll --------- 81424
11/07/2007 08:03 AM C:\install.res.1042.dll --------- 79888
11/07/2007 08:03 AM C:\install.res.2052.dll --------- 75792
11/07/2007 08:03 AM C:\install.res.3082.dll --------- 96272
11/07/2007 08:03 AM C:\install.exe --------- 562688
11/07/2007 08:03 AM C:\install.res.1040.dll --------- 95248
11/07/2007 08:03 AM C:\install.res.1028.dll --------- 76304
11/07/2007 08:00 AM C:\eula.1041.txt --------- 118
11/07/2007 08:00 AM C:\eula.1040.txt --------- 17734
11/07/2007 08:00 AM C:\eula.1036.txt --------- 17734
11/07/2007 08:00 AM C:\eula.1033.txt --------- 10134
11/07/2007 08:00 AM C:\eula.2052.txt --------- 17734
11/07/2007 08:00 AM C:\eula.1031.txt --------- 17734
11/07/2007 08:00 AM C:\eula.1028.txt --------- 17734
11/07/2007 08:00 AM C:\eula.3082.txt --------- 17734
11/07/2007 08:00 AM C:\vcredist.bmp --------- 5686
11/07/2007 08:00 AM C:\install.ini --------- 843
11/07/2007 08:00 AM C:\eula.1042.txt --------- 17734
11/07/2007 08:00 AM C:\globdata.ini --------- 1110
----------------------------------------
C:\Windows
09/14/2010 07:30 AM C:\Windows\WindowsUpdate.log --------- 878719
09/14/2010 07:20 AM C:\Windows\setupact.log --------- 24445
09/14/2010 07:20 AM C:\Windows\bootstat.dat --------- 67584
09/13/2010 06:12 AM C:\Windows\DirectX.log --------- 395571
08/24/2010 02:56 AM C:\Windows\PFRO.log --------- 1754
02/11/2010 07:24 AM C:\Windows\eReg.dat --------- 767
01/26/2010 01:21 AM C:\Windows\RtlExUpd.dll --------- 838176
01/25/2010 07:11 PM C:\Windows\DtcInstall.log --------- 1774
01/25/2010 07:11 PM C:\Windows\TSSysprep.log --------- 1313
07/14/2009 07:09 AM C:\Windows\win.ini --------- 403
07/14/2009 06:54 AM C:\Windows\WindowsShell.Manifest --------- 749
07/14/2009 06:51 AM C:\Windows\setuperr.log --------- 0
07/14/2009 03:39 AM C:\Windows\write.exe --------- 10240
07/14/2009 03:39 AM C:\Windows\splwow64.exe --------- 61952
07/14/2009 03:39 AM C:\Windows\regedit.exe --------- 427008
07/14/2009 03:39 AM C:\Windows\notepad.exe --------- 193536
07/14/2009 03:39 AM C:\Windows\HelpPane.exe --------- 733696
07/14/2009 03:39 AM C:\Windows\hh.exe --------- 16896
07/14/2009 03:39 AM C:\Windows\fveupdate.exe --------- 15360
07/14/2009 03:39 AM C:\Windows\explorer.exe --------- 2868224
07/14/2009 03:38 AM C:\Windows\bfsvc.exe --------- 71168
07/14/2009 03:16 AM C:\Windows\twain_32.dll --------- 51200
07/14/2009 03:14 AM C:\Windows\winhlp32.exe --------- 9728
07/14/2009 03:14 AM C:\Windows\twunk_32.exe --------- 31232
07/14/2009 01:06 AM C:\Windows\mib.bin --------- 43131
06/10/2009 11:41 PM C:\Windows\twunk_16.exe --------- 49680
06/10/2009 11:41 PM C:\Windows\twain.dll --------- 94784
06/10/2009 11:08 PM C:\Windows\system.ini --------- 219
06/10/2009 10:52 PM C:\Windows\WMSysPr9.prx --------- 316640
06/10/2009 10:36 PM C:\Windows\msdfmap.ini --------- 1405
06/10/2009 10:31 PM C:\Windows\Ultimate.xml --------- 51867
06/10/2009 10:31 PM C:\Windows\Starter.xml --------- 48201
----------------------------------------
C:\Windows\System
----------------------------------------
C:\Windows\System32
09/14/2010 07:26 AM C:\Windows\system32\perfh009.dat --------- 615122
09/14/2010 07:26 AM C:\Windows\system32\perfc009.dat --------- 103496
09/14/2010 07:26 AM C:\Windows\system32\PerfStringBackup.INI --------- 713888
09/14/2010 07:25 AM C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 18000
09/14/2010 07:25 AM C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 18000
09/13/2010 10:57 PM C:\Windows\system32\catroot2 --------- 4096
09/12/2010 02:56 AM C:\Windows\system32\config --------- 12288
09/09/2010 02:05 AM C:\Windows\system32\catroot --------- 0
09/09/2010 02:05 AM C:\Windows\system32\drivers --------- 65536
09/09/2010 01:31 AM C:\Windows\system32\DriverStore --------- 4096
09/09/2010 12:43 AM C:\Windows\system32\wdi --------- 4096
05/21/2010 11:14 PM C:\Windows\system32\MpSigStub.exe --------- 270208
05/13/2010 06:58 PM C:\Windows\system32\athurextx.cat --------- 7484
04/09/2010 10:51 PM C:\Windows\system32\en-US --------- 327680
04/09/2010 10:51 PM C:\Windows\system32\slwga.dll --------- 14848
04/09/2010 10:51 PM C:\Windows\system32\systemcpl.dll --------- 419840
02/11/2010 12:00 PM C:\Windows\system32\LogFiles --------- 4096
02/11/2010 04:38 AM C:\Windows\system32\wrap_oal.dll --------- 466520
02/11/2010 04:38 AM C:\Windows\system32\OpenAL32.dll --------- 122968
02/11/2010 03:59 AM C:\Windows\system32\NDF --------- 0
02/04/2010 07:01 PM C:\Windows\system32\XAPOFX1_4.dll --------- 78680
02/04/2010 07:01 PM C:\Windows\system32\XAudio2_6.dll --------- 530776
02/04/2010 07:01 PM C:\Windows\system32\xactengine3_6.dll --------- 176984
02/04/2010 07:01 PM C:\Windows\system32\X3DAudio1_7.dll --------- 24920
01/26/2010 07:51 AM C:\Windows\system32\Tasks --------- 4096
01/26/2010 01:21 AM C:\Windows\system32\WavesGUILib.dll --------- 2719504
01/26/2010 01:21 AM C:\Windows\system32\SRSWOW64.dll --------- 155888
01/26/2010 01:21 AM C:\Windows\system32\SRSTSX64.dll --------- 518896
01/26/2010 01:21 AM C:\Windows\system32\SRSTSH64.dll --------- 211184
01/26/2010 01:21 AM C:\Windows\system32\SRSHP64.dll --------- 198896
01/26/2010 01:21 AM C:\Windows\system32\RTSnMg64.cpl --------- 612384
01/26/2010 01:21 AM C:\Windows\system32\RtPgEx64.dll --------- 1694240
01/26/2010 01:21 AM C:\Windows\system32\RtlCPAPI64.dll --------- 332320
01/26/2010 01:21 AM C:\Windows\system32\RtkCfg64.dll --------- 149536
01/26/2010 01:21 AM C:\Windows\system32\RtkAPO64.dll --------- 1638944
01/26/2010 01:21 AM C:\Windows\system32\RtkApi64.dll --------- 477216
01/26/2010 01:21 AM C:\Windows\system32\RTCOM64.dll --------- 1201184
01/26/2010 01:21 AM C:\Windows\system32\RP3DHT64.dll --------- 307920
01/26/2010 01:21 AM C:\Windows\system32\RP3DAA64.dll --------- 307920
01/26/2010 01:21 AM C:\Windows\system32\RCoInst64.dll --------- 68640
01/26/2010 01:21 AM C:\Windows\system32\MaxxAudioEQ.dll --------- 2197264
01/26/2010 01:21 AM C:\Windows\system32\MaxxAudioAPO20.dll --------- 325904
01/26/2010 01:21 AM C:\Windows\system32\FMAPO64.dll --------- 328096
01/26/2010 01:21 AM C:\Windows\system32\DTSVoiceClarityDLL64.dll --------- 463632
01/26/2010 01:21 AM C:\Windows\system32\DTSS2SpeakerDLL64.dll --------- 1312016
01/26/2010 01:21 AM C:\Windows\system32\DTSS2HeadphoneDLL64.dll --------- 1164560
01/26/2010 01:21 AM C:\Windows\system32\DTSNeoPCDLL64.dll --------- 303888
01/26/2010 01:21 AM C:\Windows\system32\DTSLimiterDLL64.dll --------- 257296
01/26/2010 01:21 AM C:\Windows\system32\DTSLFXAPO64.dll --------- 123664
01/26/2010 01:21 AM C:\Windows\system32\DTSGFXAPO64.dll --------- 121104
01/26/2010 01:21 AM C:\Windows\system32\DTSGainCompensatorDLL64.dll --------- 256784
01/26/2010 01:21 AM C:\Windows\system32\DTSBoostDLL64.dll --------- 1098512
01/26/2010 01:21 AM C:\Windows\system32\DTSBassEnhancementDLL64.dll --------- 491792
01/26/2010 01:21 AM C:\Windows\system32\AERTAC64.dll --------- 168864
01/26/2010 01:21 AM C:\Windows\system32\AERTAR64.dll --------- 108960
01/26/2010 12:27 AM C:\Windows\system32\restore --------- 0
01/26/2010 12:10 AM C:\Windows\system32\Recovery --------- 0
01/25/2010 07:23 PM C:\Windows\system32\CodeIntegrity --------- 0
01/25/2010 07:13 PM C:\Windows\system32\FNTCACHE.DAT --------- 274320
01/25/2010 07:12 PM C:\Windows\system32\license.rtf --------- 42045
01/25/2010 07:11 PM C:\Windows\system32\sysprep --------- 0
01/21/2010 07:16 AM C:\Windows\system32\netathurx.inf --------- 17326
01/12/2010 09:19 AM C:\Windows\system32\nvshext.dll --------- 61032
01/12/2010 06:03 AM C:\Windows\system32\nvcompiler.dll --------- 16051304
01/12/2010 06:03 AM C:\Windows\system32\nvcod189.dll --------- 202344
01/12/2010 06:03 AM C:\Windows\system32\nvudisp.exe --------- 645736
01/12/2010 06:03 AM C:\Windows\system32\OpenCL.dll --------- 65640
01/12/2010 06:03 AM C:\Windows\system32\dpinst.exe --------- 930272
01/12/2010 06:03 AM C:\Windows\system32\nvinfo.pb --------- 9163
01/06/2010 04:23 AM C:\Windows\system32\athurx.sys --------- 1847296
12/16/2009 04:26 AM C:\Windows\system32\RTEEP64A.dll --------- 372936
12/16/2009 04:26 AM C:\Windows\system32\RTEEG64A.dll --------- 76488
12/16/2009 04:26 AM C:\Windows\system32\RTEEL64A.dll --------- 99016
12/16/2009 04:26 AM C:\Windows\system32\RTEED64A.dll --------- 201928
09/28/2009 03:24 AM C:\Windows\system32\nvcpl.cpl --------- 410728
09/28/2009 03:24 AM C:\Windows\system32\nvcplui.exe --------- 3778664
09/28/2009 03:23 AM C:\Windows\system32\nvwss.dll --------- 3746920
09/28/2009 03:23 AM C:\Windows\system32\nvsvs.dll --------- 1646696
09/28/2009 03:23 AM C:\Windows\system32\nvvitvs.dll --------- 4546152
09/28/2009 03:23 AM C:\Windows\system32\nvmobls.dll --------- 1647720
09/28/2009 03:23 AM C:\Windows\system32\nvmccss.dll --------- 289896
09/28/2009 03:22 AM C:\Windows\system32\NvwsApps.xml --------- 68587
09/28/2009 03:22 AM C:\Windows\system32\NvApps.xml --------- 253738
09/28/2009 03:22 AM C:\Windows\system32\nvdisps.dll --------- 5426792
09/28/2009 03:22 AM C:\Windows\system32\nvmctray.dll --------- 82536
09/28/2009 03:22 AM C:\Windows\system32\nvvsvc.exe --------- 383592
09/28/2009 03:22 AM C:\Windows\system32\nvgames.dll --------- 5208168
09/28/2009 03:22 AM C:\Windows\system32\nvcpl.dll --------- 16666728
09/28/2009 03:22 AM C:\Windows\system32\nvsvc64.dll --------- 991848
09/28/2009 01:12 AM C:\Windows\system32\nvcuda.dll --------- 2633320
09/28/2009 01:12 AM C:\Windows\system32\nvencodemft.dll --------- 2152552
09/28/2009 01:12 AM C:\Windows\system32\nvcod.dll --------- 183912
09/28/2009 01:12 AM C:\Windows\system32\nvcod167.dll --------- 183912
09/28/2009 01:12 AM C:\Windows\system32\nvd3dumx.dll --------- 9441384
09/28/2009 01:12 AM C:\Windows\system32\nvdecodemft.dll --------- 335464
09/28/2009 01:12 AM C:\Windows\system32\nvwgf2umx.dll --------- 4599912
09/28/2009 01:12 AM C:\Windows\system32\nvcuvenc.dll --------- 1734248
09/28/2009 01:12 AM C:\Windows\system32\nvoglv64.dll --------- 15387752
09/28/2009 01:12 AM C:\Windows\system32\nvdisp.nvu --------- 14646
09/28/2009 01:12 AM C:\Windows\system32\nvapi64.dll --------- 1322088
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
09/14/2010 07:20 AM C:\Windows\Tasks\SA.DAT --------- 6
07/14/2009 07:08 AM C:\Windows\Tasks\SCHEDLGU.TXT --------- 17108
----------------------------------------
C:\Windows\Temp
----------------------------------------
C:\Users\WILLSP~1\AppData\Local\Temp
09/14/2010 08:12 AM C:\Users\WILLSP~1\AppData\Local\Temp\Rar$DI00.676 --------- 0
09/14/2010 07:56 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-3 --------- 0
09/14/2010 07:20 AM C:\Users\WILLSP~1\AppData\Local\Temp\WPDNSE --------- 0
09/14/2010 07:20 AM C:\Users\WILLSP~1\AppData\Local\Temp\divAAF5.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{EEDB4D36-1D07-4BF0-A8EC-C061B0315371} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{E09E42F6-62D2-4D57-AF97-558287C7923C} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{DA1C0664-7E0A-4A43-8E6F-846FECA80946} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{9EB614AC-FEAD-44E9-932E-0D952B38C605} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{91839B6C-B26E-4778-A4B1-7EF34AFDD844} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{90FA6AD2-EEEA-4ACF-AC97-95B788DED9D8} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{70FF7DF1-E69E-47df-9AA6-F062FADD6146} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{6CD8DBC8-3F21-49ED-BDAF-1DA0F166C8C7} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{65DEDEC7-688C-4459-9BC2-0888A5597016} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{5D3661B2-F687-4148-A748-8D4DA81AE6D7} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{5007060A-8B71-4A48-B103-0603370CF84E} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{4E248BBA-54B1-4662-9D47-879A746B4A17} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\Temp2_wg111v2_3_4_0.zip --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\{4BC5C943-F14F-4991-A909-CED8E96A4C7D} --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\Temp1_wg111v2_3_4_0.zip --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\ispF64C.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\ispDD9E.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\isp814C.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\isp3ABC.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\divF4A1.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\isp3600.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\divF1A3.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\divDEB9.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\divCB66.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\divB92E.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\divB6CC.tmp --------- 0
09/13/2010 11:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\ckz_A1DR --------- 0
09/13/2010 07:58 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-2 --------- 0
09/13/2010 06:42 AM C:\Users\WILLSP~1\AppData\Local\Temp\{9F7558F6-3929-4452-8527-EC843CA0736B} --------- 0
09/12/2010 07:58 PM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-1 --------- 0
09/10/2010 02:10 PM C:\Users\WILLSP~1\AppData\Local\Temp\UCDebugger --------- 0
09/09/2010 05:30 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp --------- 0
09/09/2010 01:40 AM C:\Users\WILLSP~1\AppData\Local\Temp\{03380CD1-9E95-4B37-89C3-BCF6539C30A1} --------- 0
09/09/2010 01:35 AM C:\Users\WILLSP~1\AppData\Local\Temp\Low --------- 0
09/09/2010 01:31 AM C:\Users\WILLSP~1\AppData\Local\Temp\{E368AB75-F39E-44A2-906C-75D0724B50F1} --------- 0
09/09/2010 12:39 AM C:\Users\WILLSP~1\AppData\Local\Temp\{C34F19B0-ABE3-4E61-ADED-83AB3A5E8ACB} --------- 0
09/09/2010 12:39 AM C:\Users\WILLSP~1\AppData\Local\Temp\{AFED87D1-74BF-4851-8D10-A5EC217FAB17} --------- 0
09/09/2010 12:39 AM C:\Users\WILLSP~1\AppData\Local\Temp\{370FB9C0-76BC-4144-B279-7958D5A2E575} --------- 0
08/24/2010 02:33 AM C:\Users\WILLSP~1\AppData\Local\Temp\{EEAE0423-29D9-4B17-99F0-AA52CAA5ED0B} --------- 0
08/24/2010 02:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\{14EF48BB-4241-4149-925D-6ADE89F02996} --------- 0
08/24/2010 02:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\pftE903.tmp --------- 0
08/24/2010 01:56 AM C:\Users\WILLSP~1\AppData\Local\Temp\Testaware --------- 0
08/24/2010 12:22 AM C:\Users\WILLSP~1\AppData\Local\Temp\bye2C57.tmp --------- 0
08/24/2010 12:22 AM C:\Users\WILLSP~1\AppData\Local\Temp\byeDD1D.tmp --------- 0
08/24/2010 12:21 AM C:\Users\WILLSP~1\AppData\Local\Temp\bye6E27.tmp --------- 0
08/24/2010 12:21 AM C:\Users\WILLSP~1\AppData\Local\Temp\byeF5AB.tmp --------- 0
08/24/2010 12:20 AM C:\Users\WILLSP~1\AppData\Local\Temp\bye8B78.tmp --------- 0
08/24/2010 12:20 AM C:\Users\WILLSP~1\AppData\Local\Temp\bye3A5A.tmp --------- 0
08/24/2010 12:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\AUG2005DXREDIST --------- 0
08/20/2010 10:55 PM C:\Users\WILLSP~1\AppData\Local\Temp\{1c19395b-2972-4a0b-bb06-f149c800a3dc} --------- 0
04/09/2010 03:10 AM C:\Users\WILLSP~1\AppData\Local\Temp\{b0105f35-87a0-4a51-8cd4-46aafa96998e} --------- 0
02/25/2010 03:06 PM C:\Users\WILLSP~1\AppData\Local\Temp\Metro 2033_disk1.sim --------- 8974
02/11/2010 12:36 PM C:\Users\WILLSP~1\AppData\Local\Temp\{b96489d4-a438-4ab5-bb54-4e9ea7eb24bf} --------- 0
02/11/2010 08:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\{d862a78b-bb85-47f2-9af6-bc93ff955f5a} --------- 0
02/11/2010 07:24 AM C:\Users\WILLSP~1\AppData\Local\Temp\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65} --------- 0
02/11/2010 07:08 AM C:\Users\WILLSP~1\AppData\Local\Temp\{E35B3C63-E958-4E31-A178-95D22024109A} --------- 0
02/11/2010 06:15 AM C:\Users\WILLSP~1\AppData\Local\Temp\dirt2_Data_DFE --------- 0
02/11/2010 03:59 AM C:\Users\WILLSP~1\AppData\Local\Temp\msdtadmin --------- 0
02/11/2010 03:59 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp1704.tmp --------- 0
01/28/2010 03:52 AM C:\Users\WILLSP~1\AppData\Local\Temp\{8d3c4155-d076-4d0c-9d5e-89d6bb88fdf6} --------- 0
01/28/2010 03:41 AM C:\Users\WILLSP~1\AppData\Local\Temp\{a995864b-3323-486f-8649-62fc21e8cb28} --------- 0
01/28/2010 03:41 AM C:\Users\WILLSP~1\AppData\Local\Temp\{533d32a0-40f8-4538-97d4-88cdce6fdd00} --------- 0
01/28/2010 03:19 AM C:\Users\WILLSP~1\AppData\Local\Temp\{50f47146-63bc-4a82-ab42-2712be4a2576} --------- 0
01/28/2010 01:40 AM C:\Users\WILLSP~1\AppData\Local\Temp\{19ACC836-2708-4E5A-86BC-86406636E6D8} --------- 0
01/26/2010 01:05 AM C:\Users\WILLSP~1\AppData\Local\Temp\{0FC5201A-EF90-42E8-97ED-E6D69F4328C2} --------- 0
01/26/2010 01:04 AM C:\Users\WILLSP~1\AppData\Local\Temp\{6cf3fd45-c042-489b-aa24-b2abc80344d8} --------- 0
01/26/2010 01:03 AM C:\Users\WILLSP~1\AppData\Local\Temp\{2FB54804-F368-49B1-B185-20762D0B34D7} --------- 0
01/26/2010 01:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\{06BC3F63-1C0A-444F-94C2-1BCDF8226A44} --------- 0
01/26/2010 01:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\{1a4834e2-ccb8-4756-9b9e-424f9f43c73b} --------- 0
01/26/2010 01:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\{F0787494-9620-4B86-A40D-C67A3246853D} --------- 0
01/26/2010 01:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\{3A6D79D7-DD8B-468C-AB0E-1B5CB3CD6767} --------- 0
01/26/2010 12:53 AM C:\Users\WILLSP~1\AppData\Local\Temp\pft361B.tmp --------- 0
01/26/2010 12:53 AM C:\Users\WILLSP~1\AppData\Local\Temp\{74aba1d9-6f77-4a7e-8c10-62ce19ad5c65} --------- 0
01/26/2010 12:50 AM C:\Users\WILLSP~1\AppData\Local\Temp\{5D96625A-3AE2-4E9F-8AD4-9935A2177B0B} --------- 0
01/26/2010 12:46 AM C:\Users\WILLSP~1\AppData\Local\Temp\{664830F8-C0F6-4296-AAC2-F39369F5EF03} --------- 0
01/26/2010 12:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\{7ce60f85-c90a-4cfa-bcc0-10ae812958b3} --------- 0
01/26/2010 12:11 AM C:\Users\WILLSP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
04/30/2009 04:04 AM C:\Users\WILLSP~1\AppData\Local\Temp\msvcr80.dll --------- 626688
04/30/2009 04:04 AM C:\Users\WILLSP~1\AppData\Local\Temp\zlib1.dll --------- 75264
04/30/2009 04:04 AM C:\Users\WILLSP~1\AppData\Local\Temp\SimPack.exe --------- 81408
07/25/2007 10:51 PM C:\Users\WILLSP~1\AppData\Local\Temp\set6F19.tmp --------- 4493032
07/25/2007 10:51 PM C:\Users\WILLSP~1\AppData\Local\Temp\set2479.tmp --------- 4493032
----------------------------------------
C:\Program Files
09/11/2010 05:27 AM C:\Program Files\DivX --------- 0
01/28/2010 12:28 AM C:\Program Files\WinRAR --------- 4096
01/26/2010 01:22 AM C:\Program Files\Realtek --------- 0
01/26/2010 12:50 AM C:\Program Files\NVIDIA Corporation --------- 0
07/14/2009 09:47 AM C:\Program Files\DVD Maker --------- 4096
07/14/2009 09:46 AM C:\Program Files\Windows Journal --------- 4096
07/14/2009 09:46 AM C:\Program Files\Microsoft Games --------- 4096
07/14/2009 07:37 AM C:\Program Files\Windows Sidebar --------- 4096
07/14/2009 07:37 AM C:\Program Files\Windows Mail --------- 4096
07/14/2009 07:37 AM C:\Program Files\Internet Explorer --------- 4096
07/14/2009 07:37 AM C:\Program Files\Windows Media Player --------- 4096
07/14/2009 07:37 AM C:\Program Files\Windows Defender --------- 4096
07/14/2009 07:37 AM C:\Program Files\Windows Photo Viewer --------- 4096
07/14/2009 07:32 AM C:\Program Files\Windows Portable Devices --------- 0
07/14/2009 07:32 AM C:\Program Files\Windows NT --------- 0
07/14/2009 07:32 AM C:\Program Files\MSBuild --------- 0
07/14/2009 07:32 AM C:\Program Files\Reference Assemblies --------- 0
07/14/2009 07:09 AM C:\Program Files\Uninstall Information --------- 0
07/14/2009 06:54 AM C:\Program Files\desktop.ini --------- 174
07/14/2009 05:20 AM C:\Program Files\Common Files --------- 4096
----------------------------------------
C:\ProgramData\..
Will
Will SPliff
Administrator
Public
Default
Default User
All Users
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
----------------------------------------
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 1,712 K
smss.exe 276 Services 0 756 K
csrss.exe 408 Services 0 3,176 K
wininit.exe 476 Services 0 3,280 K
csrss.exe 508 Console 1 8,240 K
services.exe 532 Services 0 6,736 K
lsass.exe 556 Services 0 8,536 K
lsm.exe 564 Services 0 3,188 K
winlogon.exe 624 Console 1 5,044 K
svchost.exe 704 Services 0 6,912 K
nvvsvc.exe 780 Services 0 3,012 K
svchost.exe 820 Services 0 6,068 K
svchost.exe 868 Services 0 19,328 K
svchost.exe 960 Services 0 81,644 K
svchost.exe 1012 Services 0 27,732 K
audiodg.exe 304 Services 0 33,388 K
svchost.exe 404 Services 0 11,468 K
nvvsvc.exe 1128 Console 1 6,128 K
svchost.exe 1200 Services 0 11,576 K
spoolsv.exe 1428 Services 0 6,552 K
sched.exe 1464 Services 0 2,000 K
svchost.exe 1484 Services 0 8,892 K
avguard.exe 1612 Services 0 14,056 K
WinService.exe 1680 Services 0 3,492 K
nvSCPAPISvr.exe 1780 Services 0 3,664 K
SDWinSec.exe 2000 Services 0 7,220 K
avshadow.exe 1176 Services 0 2,524 K
conhost.exe 1236 Services 0 1,780 K
svchost.exe 2228 Services 0 4,092 K
taskhost.exe 2400 Console 1 6,120 K
dwm.exe 2472 Console 1 20,292 K
explorer.exe 2516 Console 1 47,940 K
RAVCpl64.exe 2688 Console 1 7,000 K
DTLite.exe 2700 Console 1 5,188 K
uTorrent.exe 2756 Console 1 8,580 K
TeaTimer.exe 2804 Console 1 74,732 K
avgnt.exe 2928 Console 1 2,792 K
DivXUpdate.exe 2948 Console 1 9,932 K
SearchIndexer.exe 2292 Services 0 18,448 K
wmpnetwk.exe 2748 Services 0 9,372 K
svchost.exe 3000 Services 0 11,672 K
Wow.exe 3584 Console 1 199,016 K
firefox.exe 3600 Console 1 106,820 K
plugin-container.exe 3952 Console 1 21,024 K
svchost.exe 908 Services 0 29,308 K
wmplayer.exe 2540 Console 1 57,864 K
notepad.exe 3260 Console 1 5,964 K
notepad.exe 2208 Console 1 5,920 K
SearchProtocolHost.exe 2624 Services 0 7,964 K
SearchFilterHost.exe 976 Services 0 6,156 K
WinRAR.exe 3184 Console 1 14,812 K
cmd.exe 2892 Console 1 3,352 K
conhost.exe 4064 Console 1 4,888 K
tasklist.exe 1756 Console 1 5,116 K
WmiPrvSE.exe 2216 Services 0 5,744 K
***** Ende des Scans Tue 09/14/2010 um 8:13:19.86 ***
|
| Themen zu Mein email Account schickt Spammails |
| account, antivir, ausser, datei, email, email account, gefunde, geloescht, laptop, neu, rechner, schickt, spammail, spammails, spybot, suche, yahoo |
Baum-Darstellung