| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein email Account schickt SpammailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
09.09.2010, 13:16
| #1 | |
| /// Helfer-Team    |  Mein email Account schickt SpammailsZitat:
 - Punkt 4. fehlt noch:-> http://www.trojaner-board.de/90534-m...tml#post565622 - auf dem ersten Blick ist nicht zu sehen, aber DAEMON Tools und uTorrent sorgen nicht direkt für Sicherheit deines Systems .."wahlweise" werden Adware mitinsalliert, oder ermöglicht das ungewollt zu tun ... 1. ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
2. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. → Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. Außerdem kann man die Autostarteigenschaft auch ausschalten: → Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org → Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de → Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst. Achtung!: >>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<< → Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier → um mit dem Vorgang fortzufahren klicke auf "Accept" → dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld! Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld... → Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen Vor dem Scan Einstellungen im Internet Explorer: → "Extras→ Internetoptionen→ Sicherheit": → alles auf Standardstufe stellen → Active X erlauben - damit die neue Virendefinitionen installiert werden können Geändert von kira (09.09.2010 um 13:30 Uhr) |
|
10.09.2010, 10:06
| #2 |
| | Mein email Account schickt Spammails nachtrag die listen von meinem Laptop
__________________logfile of random's system information [code RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Will Spliff at 2010-09-10 10:54:03 Microsoft Windows 7 Ultimate System drive C: has 17 GB (6%) free of 283 GB Total RAM: 4095 MB (74% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:54:07 AM, on 9/10/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Will Spliff\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Will Spliff.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.17\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Will Spliff\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8630 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-27 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-06 2260480] "uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-08-29 328568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2010-09-10 10:54:04 ----D---- C:\Program Files (x86)\trend micro 2010-09-10 10:54:03 ----D---- C:\rsit 2010-09-08 20:42:55 ----D---- C:\Windows\rescache 2010-09-06 00:13:40 ----D---- C:\Windows\SysWOW64\Wat 2010-09-05 22:05:50 ----A---- C:\Windows\SysWOW64\msv1_0.dll 2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll 2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\PresentationHost.exe 2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\netfxperf.dll 2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\mscoree.dll 2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\dfshim.dll 2010-09-05 21:55:13 ----A---- C:\Windows\SysWOW64\sspicli.dll 2010-09-05 21:55:13 ----A---- C:\Windows\SysWOW64\secur32.dll 2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\fontsub.dll 2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\atmlib.dll 2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\atmfd.dll 2010-09-05 21:54:56 ----A---- C:\Windows\SysWOW64\tzres.dll 2010-09-05 21:54:39 ----A---- C:\Windows\SysWOW64\asycfilt.dll 2010-09-05 21:54:36 ----A---- C:\Windows\SysWOW64\ntdll.dll 2010-09-05 21:54:34 ----A---- C:\Windows\SysWOW64\vbscript.dll 2010-09-05 21:54:32 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-09-05 21:54:25 ----A---- C:\Windows\SysWOW64\wmp.dll 2010-09-05 21:54:24 ----A---- C:\Windows\SysWOW64\CertEnroll.dll 2010-09-05 21:54:21 ----A---- C:\Windows\SysWOW64\wmploc.DLL 2010-09-05 21:54:19 ----A---- C:\Windows\SysWOW64\secproc_isv.dll 2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\secproc.dll 2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe 2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\RMActivate.exe 2010-09-05 21:54:17 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2010-09-05 21:54:17 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll 2010-09-05 21:54:16 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2010-09-05 21:54:15 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe 2010-09-05 21:53:53 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-09-05 21:53:50 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2010-09-05 21:53:48 ----A---- C:\Windows\SysWOW64\t2embed.dll 2010-09-05 21:53:38 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-09-05 21:53:38 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-09-05 21:53:29 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-09-05 21:53:26 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-09-05 21:53:24 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-09-05 21:53:19 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-09-05 21:53:17 ----A---- C:\Windows\SysWOW64\explorer.exe 2010-09-05 21:53:17 ----A---- C:\Windows\explorer.exe 2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\wow32.dll 2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\user.exe 2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\setup16.exe 2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\instnm.exe 2010-09-05 21:53:13 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-09-05 21:53:01 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-09-05 21:52:51 ----A---- C:\Windows\SysWOW64\CPFilters.dll 2010-09-05 21:52:48 ----A---- C:\Windows\SysWOW64\psisdecd.dll 2010-09-05 21:52:45 ----A---- C:\Windows\SysWOW64\quartz.dll 2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\msvidc32.dll 2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\mciavi32.dll 2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\avifil32.dll 2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\tsbyuv.dll 2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\msyuv.dll 2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\msrle32.dll 2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\iyuv_32.dll 2010-09-05 21:52:37 ----A---- C:\Windows\SysWOW64\msasn1.dll 2010-09-05 21:52:36 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-09-05 21:52:33 ----A---- C:\Windows\SysWOW64\jscript.dll 2010-09-05 21:13:49 ----A---- C:\Windows\SysWOW64\wintrust.dll 2010-09-05 21:13:48 ----A---- C:\Windows\SysWOW64\cabview.dll 2010-09-01 09:47:46 ----D---- C:\Users\Will Spliff\AppData\Roaming\gtk-2.0 2010-08-29 23:35:54 ----D---- C:\Windows\Internet Logs 2010-08-29 21:16:08 ----D---- C:\Users\Will Spliff\AppData\Roaming\vlc 2010-08-29 21:15:43 ----D---- C:\Program Files (x86)\VideoLAN 2010-08-29 16:09:36 ----D---- C:\Windows\PCHEALTH 2010-08-29 16:09:36 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-08-29 16:07:46 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-08-29 16:06:36 ----D---- C:\Program Files (x86)\Microsoft Analysis Services 2010-08-29 16:06:01 ----D---- C:\Program Files (x86)\Microsoft Office 2010-08-29 16:05:55 ----D---- C:\ProgramData\Microsoft Help 2010-08-29 16:05:33 ----RHD---- C:\MSOCache 2010-08-24 11:55:03 ----D---- C:\Users\Will Spliff\AppData\Roaming\Foxit Software 2010-08-24 11:49:52 ----D---- C:\Program Files (x86)\Foxit Software 2010-08-20 23:00:24 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll 2010-08-20 23:00:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll 2010-08-20 23:00:23 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll 2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll 2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll 2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll 2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll 2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll 2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll 2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll 2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll 2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll 2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll 2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll 2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll 2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll 2010-08-20 23:00:17 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll 2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll 2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll 2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll 2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll 2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll 2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll 2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll 2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll 2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll 2010-08-20 23:00:13 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll 2010-08-20 22:43:20 ----D---- C:\Program Files (x86)\1C Company 2010-08-19 01:21:36 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll 2010-08-19 01:21:35 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll 2010-08-19 01:21:35 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll 2010-08-19 01:21:34 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll 2010-08-19 01:21:34 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll 2010-08-19 01:21:33 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll 2010-08-19 01:21:33 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll 2010-08-19 01:21:32 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll 2010-08-19 01:21:32 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll 2010-08-19 01:21:31 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll 2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll 2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll 2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll 2010-08-19 01:21:29 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll 2010-08-19 01:21:28 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll 2010-08-19 01:21:28 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll 2010-08-19 01:21:27 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll 2010-08-19 01:21:27 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll 2010-08-19 01:21:26 ----A---- C:\Windows\SysWOW64\xinput1_3.dll 2010-08-19 01:21:26 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll 2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll 2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll 2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll 2010-08-19 01:21:24 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll 2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll 2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll 2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\d3dx10.dll 2010-08-19 01:21:22 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll 2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll 2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll 2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2010-08-19 01:21:20 ----A---- C:\Windows\SysWOW64\xinput1_2.dll 2010-08-19 01:21:20 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll 2010-08-19 01:10:14 ----D---- C:\Program Files (x86)\Nobilis 2010-08-18 12:08:38 ----D---- C:\Users\Will Spliff\AppData\Roaming\WinRAR 2010-08-14 22:11:06 ----D---- C:\Users\Will Spliff\AppData\Roaming\.purple 2010-08-14 22:10:43 ----D---- C:\Program Files (x86)\Pidgin 2010-08-14 17:54:30 ----D---- C:\Program Files (x86)\MP3 Player Utilities 4.17 2010-08-14 15:25:58 ----D---- C:\Program Files (x86)\Lavalys 2010-08-13 23:37:50 ----D---- C:\Users\Will Spliff\AppData\Roaming\TuneUp Software 2010-08-13 23:37:14 ----D---- C:\ProgramData\TuneUp Software 2010-08-13 23:37:09 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-08-13 20:07:22 ----D---- C:\Users\Will Spliff\AppData\Roaming\TS3Client 2010-08-13 20:00:43 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client 2010-08-13 19:32:26 ----D---- C:\Users\Will Spliff\AppData\Roaming\skypePM 2010-08-13 19:31:35 ----D---- C:\Users\Will Spliff\AppData\Roaming\Skype 2010-08-13 19:31:14 ----RD---- C:\Program Files (x86)\Skype 2010-08-13 19:31:14 ----D---- C:\Program Files (x86)\Common Files\Skype 2010-08-13 19:31:09 ----D---- C:\ProgramData\Skype 2010-08-02 19:32:40 ----D---- C:\Users\Will Spliff\AppData\Roaming\ROUTE 66 Sync 2010-08-02 19:32:21 ----D---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-02 19:31:56 ----D---- C:\Program Files (x86)\Common Files\ROUTE 66 2010-08-02 19:31:54 ----D---- C:\Program Files (x86)\ROUTE 66 2010-07-31 20:45:46 ----D---- C:\Program Files (x86)\Common Files\DivX Shared 2010-07-31 20:45:31 ----D---- C:\Program Files (x86)\DivX 2010-07-31 20:44:50 ----D---- C:\ProgramData\DivX 2010-07-31 20:09:36 ----D---- C:\Windows\Minidump 2010-07-31 20:09:29 ----A---- C:\Windows\ntbtlog.txt 2010-07-31 13:05:41 ----D---- C:\Windows\pss 2010-07-30 18:02:54 ----D---- C:\Users\Will Spliff\AppData\Roaming\DVDVideoSoftIEHelpers 2010-07-30 18:02:33 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft 2010-07-30 18:02:32 ----D---- C:\Program Files (x86)\DVDVideoSoft 2010-07-30 17:59:44 ----D---- C:\Program Files (x86)\VirtualDJ 2010-07-29 19:03:06 ----D---- C:\Program Files (x86)\Runes of Magic 2010-07-29 16:50:58 ----D---- C:\ProgramData\TrackMania 2010-07-29 16:40:54 ----D---- C:\ProgramData\ATI 2010-07-29 16:40:53 ----D---- C:\Users\Will Spliff\AppData\Roaming\ATI 2010-07-29 16:34:13 ----D---- C:\Program Files (x86)\ATI Technologies 2010-07-29 16:31:35 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll 2010-07-29 16:31:34 ----A---- C:\Windows\SysWOW64\xinput1_1.dll 2010-07-29 16:31:32 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll 2010-07-29 16:31:10 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2010-07-29 16:31:05 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll 2010-07-29 16:31:05 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll 2010-07-29 16:31:04 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll 2010-07-29 16:31:02 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll 2010-07-29 16:31:01 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll 2010-07-29 16:31:00 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll 2010-07-29 16:30:59 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll 2010-07-29 16:30:58 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll 2010-07-29 16:23:31 ----D---- C:\Program Files (x86)\TmUnitedForever 2010-07-29 16:18:52 ----A---- C:\Windows\SysWOW64\drivers\mcdbus.sys 2010-07-29 16:18:50 ----D---- C:\Program Files (x86)\MagicDisc 2010-07-29 16:11:05 ----D---- C:\Program Files (x86)\DAEMON Tools Lite 2010-07-29 16:10:43 ----D---- C:\Users\Will Spliff\AppData\Roaming\DAEMON Tools Lite 2010-07-29 16:10:39 ----D---- C:\ProgramData\DAEMON Tools Lite 2010-07-29 16:07:51 ----D---- C:\Users\Will Spliff\AppData\Roaming\DAEMON Tools Pro 2010-07-29 16:07:51 ----D---- C:\ProgramData\DAEMON Tools Pro 2010-07-29 15:30:28 ----D---- C:\Program Files (x86)\uTorrent 2010-07-29 15:30:04 ----D---- C:\Users\Will Spliff\AppData\Roaming\uTorrent 2010-07-29 14:35:41 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-07-29 14:35:41 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2010-07-29 14:29:04 ----D---- C:\Users\Will Spliff\AppData\Roaming\CheckPoint 2010-07-29 14:28:37 ----D---- C:\Program Files (x86)\Conduit 2010-07-29 14:28:22 ----A---- C:\Windows\SysWOW64\vsutil_loc0407.dll 2010-07-29 14:25:19 ----D---- C:\ProgramData\CheckPoint 2010-07-29 12:06:37 ----D---- C:\Users\Will Spliff\AppData\Roaming\Mozilla 2010-07-29 12:06:21 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-07-29 04:38:39 ----D---- C:\Windows\Panther 2010-07-29 04:23:50 ----D---- C:\Windows.old 2010-07-29 04:05:21 ----D---- C:\Users\Will Spliff\AppData\Roaming\Identities 2010-07-29 04:04:41 ----SD---- C:\Users\Will Spliff\AppData\Roaming\Microsoft 2010-07-29 04:04:41 ----D---- C:\Users\Will Spliff\AppData\Roaming\Media Center Programs 2010-07-29 03:43:05 ----D---- C:\Windows\SoftwareDistribution 2010-07-29 03:40:37 ----D---- C:\Windows\Prefetch 2010-07-29 02:01:58 ----D---- C:\Users\Will Spliff\AppData\Roaming\Macromedia 2010-07-29 02:01:58 ----D---- C:\Users\Will Spliff\AppData\Roaming\Adobe 2010-07-29 02:01:53 ----D---- C:\Windows\SysWOW64\Macromed 2010-07-29 02:00:40 ----D---- C:\ProgramData\NOS 2010-07-28 21:15:19 ----D---- C:\Users\Will Spliff\AppData\Roaming\Avira 2010-07-28 21:12:43 ----A---- C:\Windows\SysWOW64\drivers\avgntmgr.sys 2010-07-28 21:12:43 ----A---- C:\Windows\SysWOW64\drivers\avgntdd.sys 2010-07-28 21:12:42 ----D---- C:\ProgramData\Avira 2010-07-28 21:12:42 ----D---- C:\Program Files (x86)\Avira 2010-07-28 21:11:45 ----SHD---- C:\Windows\Installer 2010-07-25 10:43:35 ----D---- C:\CrashReport 2010-07-07 03:55:08 ----A---- C:\Windows\SysWOW64\atioglxx.dll 2010-07-07 03:54:08 ----A---- C:\Windows\SysWOW64\aticfx32.dll 2010-07-07 03:49:28 ----A---- C:\Windows\SysWOW64\atipdlxx.dll 2010-07-07 03:49:18 ----A---- C:\Windows\SysWOW64\Oemdspif.dll 2010-07-07 03:49:06 ----A---- C:\Windows\SysWOW64\ati2edxx.dll 2010-07-07 03:46:26 ----A---- C:\Windows\SysWOW64\atidxx32.dll 2010-07-07 03:29:24 ----A---- C:\Windows\SysWOW64\aticalrt.dll 2010-07-07 03:29:14 ----A---- C:\Windows\SysWOW64\aticalcl.dll 2010-07-07 03:28:20 ----A---- C:\Windows\SysWOW64\atiumdag.dll 2010-07-07 03:27:58 ----A---- C:\Windows\SysWOW64\aticaldd.dll 2010-07-07 03:23:14 ----A---- C:\Windows\SysWOW64\atiumdva.dll 2010-07-07 03:16:02 ----A---- C:\Windows\SysWOW64\atiadlxy.dll 2010-07-07 03:15:50 ----A---- C:\Windows\SysWOW64\atiglpxx.dll 2010-07-07 03:15:46 ----A---- C:\Windows\SysWOW64\atigktxx.dll 2010-07-07 03:14:58 ----A---- C:\Windows\SysWOW64\atiuxpag.dll 2010-07-07 03:14:44 ----A---- C:\Windows\SysWOW64\atiu9pag.dll 2010-07-07 03:11:06 ----A---- C:\Windows\SysWOW64\atimpc32.dll 2010-07-07 03:11:06 ----A---- C:\Windows\SysWOW64\amdpcom32.dll ======List of files/folders modified in the last 3 months====== 2010-09-10 10:54:06 ----D---- C:\Windows\Temp 2010-09-10 10:54:04 ----RD---- C:\Program Files (x86) 2010-09-10 10:49:07 ----D---- C:\Windows\System32 2010-09-10 10:49:06 ----D---- C:\Windows\inf 2010-09-09 00:00:09 ----SHD---- C:\System Volume Information 2010-09-08 20:42:55 ----D---- C:\Windows 2010-09-08 20:18:53 ----D---- C:\Windows\Microsoft.NET 2010-09-08 20:18:37 ----RSD---- C:\Windows\assembly 2010-09-06 08:03:38 ----D---- C:\Windows\winsxs 2010-09-06 00:13:51 ----D---- C:\Windows\SysWOW64 2010-09-06 00:13:49 ----D---- C:\Program Files (x86)\Windows Media Player 2010-09-06 00:13:47 ----D---- C:\Program Files (x86)\Windows Mail 2010-09-06 00:13:45 ----D---- C:\Windows\SysWOW64\migration 2010-09-06 00:13:45 ----D---- C:\Program Files (x86)\Internet Explorer 2010-09-06 00:13:43 ----D---- C:\Windows\AppPatch 2010-09-06 00:13:40 ----D---- C:\Windows\ehome 2010-09-05 21:57:59 ----D---- C:\Windows\SysWOW64\en-US 2010-09-05 21:56:06 ----D---- C:\Windows\debug 2010-09-05 21:05:54 ----D---- C:\Windows\Logs 2010-09-03 20:26:17 ----D---- C:\Spiele 2010-08-29 23:35:56 ----HD---- C:\ProgramData 2010-08-29 16:11:38 ----RSD---- C:\Windows\Fonts 2010-08-29 16:11:37 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-08-29 16:11:25 ----D---- C:\Windows\ShellNew 2010-08-29 16:10:20 ----RD---- C:\Program Files 2010-08-29 16:10:05 ----D---- C:\Program Files (x86)\MSBuild 2010-08-29 16:09:36 ----SD---- C:\ProgramData\Microsoft 2010-08-29 16:07:01 ----A---- C:\Windows\win.ini 2010-08-15 11:48:18 ----RD---- C:\Users 2010-08-14 17:54:38 ----D---- C:\Windows\SysWOW64\drivers 2010-08-13 19:31:14 ----D---- C:\Program Files (x86)\Common Files 2010-07-29 13:40:20 ----D---- C:\Windows\Downloaded Program Files 2010-07-29 04:38:34 ----RASH---- C:\BOOTSECT.BAK 2010-07-29 04:38:31 ----SHD---- C:\Boot 2010-07-29 04:05:12 ----SHD---- C:\$Recycle.Bin 2010-07-29 04:03:05 ----D---- C:\Windows\Setup 2010-07-29 03:59:48 ----SHD---- C:\Recovery 2010-07-29 03:40:32 ----D---- C:\Windows\CSC ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-25 255552] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] S3 aufghyde;aufghyde; C:\Windows\SysWOW64\drivers\aufghyde.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- info von rsit [code] info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-09-10 10:54:10
======Uninstall list======
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EVEREST Home Edition v2.20-->"C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Free Audio CD Burner version 1.4-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.7-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
King’s Bounty: The Legend (Nur entfernen)-->"C:\Program Files (x86)\Nobilis\King's Bounty\unins000.exe"
Kings Bounty Armored Princess-->"C:\Program Files (x86)\1C Company\Kings Bounty Armored Princess\unins000.exe"
MagicDisc 2.7.106-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.17-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
ROUTE 66 Sync-->C:\Program Files (x86)\InstallShield Installation Information\{DB306600-E862-43B3-9C52-CA1D6C5B192B}\setup.exe -runfromtemp -l0x0407
Runes of Magic-->"C:\Program Files (x86)\Runes of Magic\unins000.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
TmUnitedForever Update 2010-03-15-->"C:\Program Files (x86)\TmUnitedForever\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
======System event log======
Computer Name: WillSpliff-PC
Event Code: 6008
Message: The previous system shutdown at 4:38:18 AM on ?7/?29/?2010 was unexpected.
Record Number: 817
Source Name: EventLog
Time Written: 20100729113931.000000-000
Event Type: Error
User:
Computer Name: WillSpliff-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 787
Source Name: Microsoft-Windows-HAL
Time Written: 20100729003305.702326-000
Event Type: Error
User:
Computer Name: WillSpliff-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 681
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100728223409.402251-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: WillSpliff-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 452
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100729020308.868944-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: WillSpliff-PC
Event Code: 7023
Message: The Windows Search service terminated with the following error:
The media is write protected.
Record Number: 356
Source Name: Service Control Manager
Time Written: 20100729015509.937781-000
Event Type: Error
User:
=====Application event log=====
Computer Name: WillSpliff-PC
Event Code: 33
Message: Activation context generation failed for "C:\Users\WILLSP~1\AppData\Local\Temp\RarSFX0\redist.dll". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 228
Source Name: SideBySide
Time Written: 20100728191143.000000-000
Event Type: Error
User:
Computer Name: WillSpliff-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 748) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 220
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100729020816.207357-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: WillSpliff-PC
Event Code: 6003
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.
Record Number: 188
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100729020308.000000-000
Event Type: Warning
User:
Computer Name: WillSpliff-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 170
Source Name: Microsoft-Windows-Search
Time Written: 20100729015949.000000-000
Event Type: Warning
User:
Computer Name: 37L4247E29-32
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 163
Source Name: Microsoft-Windows-Search
Time Written: 20100729015455.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Changed Attributes:
SAM Account Name: -
SID History: -
Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013959.612166-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7
New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Attributes:
SAM Account Name: Backup Operators
SID History: -
Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013959.612166-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0x314ba
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013958.863363-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013955.587352-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013955.462551-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"tvdumpflags"=8
-----------------EOF-----------------
hjtscanlist Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
09/10/2010 10:54 AM C:\rsit --------- 0
09/10/2010 10:54 AM C:\Program Files (x86) --------- 12288
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
09/09/2010 12:00 AM C:\System Volume Information --------- 16384
09/08/2010 08:42 PM C:\Windows --------- 16384
09/03/2010 08:26 PM C:\Spiele --------- 8192
09/03/2010 04:37 PM C:\Windows.old --------- 4096
08/29/2010 11:35 PM C:\ProgramData --------- 4096
08/29/2010 04:10 PM C:\Program Files --------- 8192
08/29/2010 04:05 PM C:\MSOCache --------- 0
08/15/2010 11:48 AM C:\Users --------- 4096
07/29/2010 04:38 AM C:\BOOTSECT.BAK --------- 8192
07/29/2010 04:38 AM C:\Boot --------- 4096
07/29/2010 04:05 AM C:\$Recycle.Bin --------- 0
07/29/2010 04:03 AM C:\LMBUI --------- 206312
07/29/2010 04:03 AM C:\wedaolu --------- 9
07/29/2010 03:59 AM C:\Recovery --------- 0
07/25/2010 10:43 AM C:\CrashReport --------- 0
04/10/2010 03:39 AM C:\Nexon --------- 0
04/04/2010 05:48 PM C:\AMD --------- 0
02/24/2010 09:03 PM C:\NeverwinterNights --------- 0
02/24/2010 05:00 PM C:\WinSetupFromUSB --------- 0
02/23/2010 04:27 PM C:\.Trash-1000 --------- 0
02/19/2010 03:54 PM C:\DirectX9 --------- 0
02/18/2010 11:37 PM C:\ATI --------- 0
02/18/2010 05:39 PM C:\winx.ld --------- 20
02/18/2010 05:39 PM C:\FWBXV --------- 282106
07/14/2009 07:08 AM C:\Documents and Settings --------- 0
07/14/2009 05:20 AM C:\PerfLogs --------- 0
07/14/2009 03:38 AM C:\bootmgr --------- 383562
----------------------------------------
C:\Windows
09/10/2010 10:48 AM C:\Windows\WindowsUpdate.log --------- 1763202
09/10/2010 10:45 AM C:\Windows\ntbtlog.txt --------- 1178470
09/10/2010 10:44 AM C:\Windows\setupact.log --------- 26425
09/10/2010 10:44 AM C:\Windows\bootstat.dat --------- 67584
09/06/2010 12:13 AM C:\Windows\PFRO.log --------- 10246
08/29/2010 04:07 PM C:\Windows\win.ini --------- 478
08/20/2010 11:00 PM C:\Windows\DirectX.log --------- 344583
07/29/2010 03:50 AM C:\Windows\setuperr.log --------- 269
07/29/2010 03:43 AM C:\Windows\DtcInstall.log --------- 1774
07/29/2010 03:43 AM C:\Windows\TSSysprep.log --------- 1313
07/29/2010 03:42 AM C:\Windows\ativpsrm.bin --------- 0
06/18/2010 07:13 AM C:\Windows\atiogl.xml --------- 21682
10/31/2009 08:34 AM C:\Windows\explorer.exe --------- 2870272
07/14/2009 06:54 AM C:\Windows\WindowsShell.Manifest --------- 749
07/14/2009 03:39 AM C:\Windows\write.exe --------- 10240
07/14/2009 03:39 AM C:\Windows\splwow64.exe --------- 61952
07/14/2009 03:39 AM C:\Windows\regedit.exe --------- 427008
07/14/2009 03:39 AM C:\Windows\notepad.exe --------- 193536
07/14/2009 03:39 AM C:\Windows\hh.exe --------- 16896
07/14/2009 03:39 AM C:\Windows\HelpPane.exe --------- 733696
07/14/2009 03:39 AM C:\Windows\fveupdate.exe --------- 15360
07/14/2009 03:38 AM C:\Windows\bfsvc.exe --------- 71168
07/14/2009 03:16 AM C:\Windows\twain_32.dll --------- 51200
07/14/2009 03:14 AM C:\Windows\winhlp32.exe --------- 9728
07/14/2009 03:14 AM C:\Windows\twunk_32.exe --------- 31232
07/14/2009 01:06 AM C:\Windows\mib.bin --------- 43131
06/10/2009 11:41 PM C:\Windows\twunk_16.exe --------- 49680
06/10/2009 11:41 PM C:\Windows\twain.dll --------- 94784
06/10/2009 11:08 PM C:\Windows\system.ini --------- 219
06/10/2009 10:52 PM C:\Windows\WMSysPr9.prx --------- 316640
06/10/2009 10:36 PM C:\Windows\msdfmap.ini --------- 1405
06/10/2009 10:31 PM C:\Windows\Ultimate.xml --------- 51867
06/10/2009 10:31 PM C:\Windows\Starter.xml --------- 48201
----------------------------------------
C:\Windows\System
----------------------------------------
C:\Windows\System32
09/10/2010 10:52 AM C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 17168
09/10/2010 10:52 AM C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 17168
09/10/2010 10:49 AM C:\Windows\system32\perfc009.dat --------- 103702
09/10/2010 10:49 AM C:\Windows\system32\perfh009.dat --------- 615360
09/10/2010 10:49 AM C:\Windows\system32\PerfStringBackup.INI --------- 713888
09/10/2010 12:53 AM C:\Windows\system32\config --------- 12288
09/06/2010 12:50 AM C:\Windows\system32\DriverStore --------- 4096
09/06/2010 12:50 AM C:\Windows\system32\drivers --------- 65536
09/06/2010 12:21 AM C:\Windows\system32\catroot --------- 4096
09/06/2010 12:21 AM C:\Windows\system32\catroot2 --------- 4096
09/06/2010 12:15 AM C:\Windows\system32\FNTCACHE.DAT --------- 417352
09/06/2010 12:13 AM C:\Windows\system32\migration --------- 0
09/06/2010 12:13 AM C:\Windows\system32\Wat --------- 0
09/05/2010 09:57 PM C:\Windows\system32\en-US --------- 327680
08/29/2010 11:21 PM C:\Windows\system32\NDF --------- 0
08/29/2010 04:13 PM C:\Windows\system32\Tasks --------- 4096
08/11/2010 02:37 AM C:\Windows\system32\LogFiles --------- 4096
08/03/2010 11:52 AM C:\Windows\system32\MRT.exe --------- 37437384
08/02/2010 09:02 AM C:\Windows\system32\wdi --------- 4096
07/29/2010 04:02 AM C:\Windows\system32\oobe --------- 4096
07/29/2010 03:49 AM C:\Windows\system32\CodeIntegrity --------- 0
07/29/2010 03:44 AM C:\Windows\system32\license.rtf --------- 42045
07/29/2010 03:43 AM C:\Windows\system32\sysprep --------- 0
07/28/2010 09:22 PM C:\Windows\system32\restore --------- 0
07/27/2010 04:59 PM C:\Windows\system32\shell32.dll --------- 14162944
07/07/2010 04:16 AM C:\Windows\system32\atio6axx.dll --------- 20118528
07/07/2010 03:54 AM C:\Windows\system32\atiapfxx.blb --------- 63416
07/07/2010 03:54 AM C:\Windows\system32\atiapfxx.exe --------- 143360
07/07/2010 03:53 AM C:\Windows\system32\aticfx64.dll --------- 594432
07/07/2010 03:51 AM C:\Windows\system32\ATIDEMGX.dll --------- 446464
07/07/2010 03:51 AM C:\Windows\system32\atieclxx.exe --------- 462336
07/07/2010 03:50 AM C:\Windows\system32\atiesrxx.exe --------- 203264
07/07/2010 03:49 AM C:\Windows\system32\atitmm64.dll --------- 120320
07/07/2010 03:49 AM C:\Windows\system32\atipdl64.dll --------- 421376
07/07/2010 03:49 AM C:\Windows\system32\atimuixx.dll --------- 12288
07/07/2010 03:49 AM C:\Windows\system32\atiedu64.dll --------- 59392
07/07/2010 03:37 AM C:\Windows\system32\atidxx64.dll --------- 4463616
07/07/2010 03:30 AM C:\Windows\system32\atiumd6a.dll --------- 2785792
07/07/2010 03:29 AM C:\Windows\system32\aticalrt64.dll --------- 51200
07/07/2010 03:29 AM C:\Windows\system32\aticalcl64.dll --------- 44544
07/07/2010 03:29 AM C:\Windows\system32\aticaldd64.dll --------- 5378560
07/07/2010 03:27 AM C:\Windows\system32\atiumd6a.cap --------- 543664
07/07/2010 03:24 AM C:\Windows\system32\coinst.dll --------- 55296
07/07/2010 03:22 AM C:\Windows\system32\atiumd64.dll --------- 5099008
07/07/2010 03:16 AM C:\Windows\system32\atiadlxx.dll --------- 335872
07/07/2010 03:15 AM C:\Windows\system32\atig6pxx.dll --------- 14848
07/07/2010 03:15 AM C:\Windows\system32\atiglpxx.dll --------- 12800
07/07/2010 03:15 AM C:\Windows\system32\atig6txx.dll --------- 18432
07/07/2010 03:15 AM C:\Windows\system32\atiuxp64.dll --------- 39424
07/07/2010 03:14 AM C:\Windows\system32\atiu9p64.dll --------- 30208
07/07/2010 03:11 AM C:\Windows\system32\atimpc64.dll --------- 54272
07/07/2010 03:11 AM C:\Windows\system32\amdpcom64.dll --------- 54272
06/30/2010 09:13 AM C:\Windows\system32\wininet.dll --------- 1192960
06/30/2010 09:13 AM C:\Windows\system32\urlmon.dll --------- 1494528
06/30/2010 09:12 AM C:\Windows\system32\mstime.dll --------- 1026048
06/30/2010 09:12 AM C:\Windows\system32\mshtml.dll --------- 9298432
06/30/2010 09:12 AM C:\Windows\system32\msfeedsbs.dll --------- 82944
06/30/2010 09:11 AM C:\Windows\system32\jsproxy.dll --------- 64512
06/30/2010 09:11 AM C:\Windows\system32\ieui.dll --------- 247808
06/30/2010 09:11 AM C:\Windows\system32\iepeers.dll --------- 256000
06/30/2010 09:11 AM C:\Windows\system32\ieframe.dll --------- 12364800
06/30/2010 09:11 AM C:\Windows\system32\iedkcs32.dll --------- 445952
06/30/2010 09:09 AM C:\Windows\system32\msfeedssync.exe --------- 12288
06/30/2010 06:56 AM C:\Windows\system32\mshtml.tlb --------- 1638912
06/19/2010 09:05 AM C:\Windows\system32\ntoskrnl.exe --------- 5507968
06/19/2010 08:53 AM C:\Windows\system32\rtutils.dll --------- 52224
06/19/2010 06:32 AM C:\Windows\system32\win32k.sys --------- 3122688
06/16/2010 08:11 AM C:\Windows\system32\schannel.dll --------- 340992
06/16/2010 12:28 AM C:\Windows\system32\atipblag.dat --------- 2857
06/08/2010 07:36 AM C:\Windows\system32\msxml3.dll --------- 1877504
05/27/2010 08:34 AM C:\Windows\system32\atmlib.dll --------- 46080
05/27/2010 06:11 AM C:\Windows\system32\atmfd.dll --------- 366080
05/21/2010 02:14 PM C:\Windows\system32\MpSigStub.exe --------- 270208
05/19/2010 09:48 PM C:\Windows\system32\cdd.dll --------- 144384
05/11/2010 10:42 PM C:\Windows\system32\atiicdxx.dat --------- 205156
05/09/2010 11:46 AM C:\Windows\system32\CPFilters.dll --------- 961024
05/09/2010 11:45 AM C:\Windows\system32\msdri.dll --------- 552960
05/09/2010 11:44 AM C:\Windows\system32\MSNP.ax --------- 288256
05/09/2010 11:44 AM C:\Windows\system32\mpg2splt.ax --------- 258560
04/23/2010 09:11 AM C:\Windows\system32\tzres.dll --------- 2048
04/07/2010 09:37 AM C:\Windows\system32\oleaut32.dll --------- 861184
03/24/2010 08:59 AM C:\Windows\system32\ntdll.dll --------- 1736608
03/08/2010 11:59 PM C:\Windows\system32\vbscript.dll --------- 612352
03/05/2010 09:52 AM C:\Windows\system32\asycfilt.dll --------- 84992
03/04/2010 09:57 AM C:\Windows\system32\inetcomm.dll --------- 976896
02/23/2010 10:16 AM C:\Windows\system32\browserchoice.exe --------- 294912
02/20/2010 05:20 PM C:\Windows\system32\FM20ENU.DLL --------- 31616
02/20/2010 05:20 PM C:\Windows\system32\FM20.DLL --------- 1603944
02/17/2010 09:41 PM C:\Windows\system32\VBAME.DLL --------- 54656
01/19/2010 11:05 AM C:\Windows\system32\secproc_isv.dll --------- 422912
01/19/2010 11:05 AM C:\Windows\system32\secproc_ssp.dll --------- 121856
01/19/2010 11:05 AM C:\Windows\system32\secproc_ssp_isv.dll --------- 121856
01/19/2010 11:05 AM C:\Windows\system32\secproc.dll --------- 424960
01/19/2010 11:00 AM C:\Windows\system32\RMActivate_ssp_isv.exe --------- 305152
01/19/2010 11:00 AM C:\Windows\system32\RMActivate_isv.exe --------- 357888
01/19/2010 11:00 AM C:\Windows\system32\RMActivate_ssp.exe --------- 306688
01/19/2010 11:00 AM C:\Windows\system32\RMActivate.exe --------- 356352
01/09/2010 09:19 AM C:\Windows\system32\cabview.dll --------- 139264
12/29/2009 10:03 AM C:\Windows\system32\wintrust.dll --------- 220672
12/22/2009 10:36 AM C:\Windows\system32\wow64.dll --------- 243200
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
09/10/2010 10:44 AM C:\Windows\Tasks\SA.DAT --------- 6
07/14/2009 07:08 AM C:\Windows\Tasks\SCHEDLGU.TXT --------- 21836
----------------------------------------
C:\Windows\Temp
----------------------------------------
C:\Users\WILLSP~1\AppData\Local\Temp
09/10/2010 10:54 AM C:\Users\WILLSP~1\AppData\Local\Temp\Rar$DI00.159 --------- 0
09/10/2010 10:54 AM C:\Users\WILLSP~1\AppData\Local\Temp\Low --------- 0
09/10/2010 10:52 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-12 --------- 0
09/10/2010 10:46 AM C:\Users\WILLSP~1\AppData\Local\Temp\WPDNSE --------- 0
09/06/2010 08:33 PM C:\Users\WILLSP~1\AppData\Local\Temp\fla19A3.tmp --------- 15602431
09/06/2010 08:33 PM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-11 --------- 0
09/06/2010 08:07 AM C:\Users\WILLSP~1\AppData\Local\Temp\wmsetup.log --------- 6186
09/06/2010 12:12 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-10 --------- 0
09/05/2010 09:24 PM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-9 --------- 0
09/05/2010 01:59 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-8 --------- 0
09/03/2010 01:00 AM C:\Users\WILLSP~1\AppData\Local\Temp\~DF8FB07F023C775DE0.TMP --------- 114688
09/02/2010 05:39 PM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-7 --------- 0
09/02/2010 04:35 PM C:\Users\WILLSP~1\AppData\Local\Temp\modFE1B.tmp --------- 222
09/02/2010 04:35 PM C:\Users\WILLSP~1\AppData\Local\Temp\~DFC429079FFE864E40.TMP --------- 196608
09/02/2010 04:35 PM C:\Users\WILLSP~1\AppData\Local\Temp\modEBB2.tmp --------- 182783
09/02/2010 04:35 PM C:\Users\WILLSP~1\AppData\Local\Temp\modE9FD.tmp --------- 947
09/02/2010 04:33 PM C:\Users\WILLSP~1\AppData\Local\Temp\modAE22.tmp --------- 5
09/01/2010 07:41 PM C:\Users\WILLSP~1\AppData\Local\Temp\c0ZIiYot.exe.part --------- 388608
09/01/2010 12:03 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-6 --------- 0
08/29/2010 11:35 PM C:\Users\WILLSP~1\AppData\Local\Temp\cpes_clean_log_20100829233549.log --------- 1836
08/29/2010 11:21 PM C:\Users\WILLSP~1\AppData\Local\Temp\msdt --------- 0
08/29/2010 11:21 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmpB40F.tmp --------- 0
08/29/2010 11:21 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp5E81.tmp --------- 0
08/29/2010 05:47 PM C:\Users\WILLSP~1\AppData\Local\Temp\TCD3F65.tmp --------- 0
08/29/2010 05:47 PM C:\Users\WILLSP~1\AppData\Local\Temp\TCD2925.tmp --------- 0
08/29/2010 05:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\TCD8611.tmp --------- 0
08/29/2010 05:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\TCD7888.tmp --------- 0
08/29/2010 05:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\TCD75C8.tmp --------- 0
08/29/2010 05:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\TCD7549.tmp --------- 0
08/29/2010 05:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\TCD743E.tmp --------- 0
08/29/2010 04:47 PM C:\Users\WILLSP~1\AppData\Local\Temp\SetupExe(20100829160502F10).log --------- 194437
08/29/2010 12:34 PM C:\Users\WILLSP~1\AppData\Local\Temp\utt361E.tmp.bat --------- 74
08/29/2010 12:34 PM C:\Users\WILLSP~1\AppData\Local\Temp\utt361E.tmp --------- 0
08/29/2010 12:34 PM C:\Users\WILLSP~1\AppData\Local\Temp\utt3543.tmp.bat --------- 74
08/29/2010 12:34 PM C:\Users\WILLSP~1\AppData\Local\Temp\utt3543.tmp --------- 0
08/29/2010 12:33 PM C:\Users\WILLSP~1\AppData\Local\Temp\uttB329.tmp --------- 0
08/27/2010 11:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\utt7C7.tmp.bat --------- 74
08/27/2010 11:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\utt7C7.tmp --------- 0
08/27/2010 11:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\utt74A.tmp.bat --------- 74
08/27/2010 11:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\utt74A.tmp --------- 0
08/27/2010 11:32 AM C:\Users\WILLSP~1\AppData\Local\Temp\uttF8B9.tmp --------- 0
08/27/2010 01:49 AM C:\Users\WILLSP~1\AppData\Local\Temp\Will Spliff.bmp --------- 49208
08/25/2010 11:05 PM C:\Users\WILLSP~1\AppData\Local\Temp\install_log.log --------- 100
08/25/2010 11:05 PM C:\Users\WILLSP~1\AppData\Local\Temp\ASKSUTBLOG --------- 523804
08/25/2010 10:16 PM C:\Users\WILLSP~1\AppData\Local\Temp\setup.exe --------- 2944904
08/24/2010 08:04 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp_grafx.jpg --------- 48034
08/24/2010 11:50 AM C:\Users\WILLSP~1\AppData\Local\Temp\AskSearch --------- 0
08/19/2010 09:25 PM C:\Users\WILLSP~1\AppData\Local\Temp\div8F5.tmp --------- 0
08/19/2010 09:25 PM C:\Users\WILLSP~1\AppData\Local\Temp\divCABD.tmp --------- 0
08/19/2010 04:04 PM C:\Users\WILLSP~1\AppData\Local\Temp\E17A.dir --------- 0
08/19/2010 04:04 PM C:\Users\WILLSP~1\AppData\Local\Temp\E17A.tmp --------- 0
08/18/2010 04:33 PM C:\Users\WILLSP~1\AppData\Local\Temp\div9AE7.tmp --------- 0
08/18/2010 04:33 PM C:\Users\WILLSP~1\AppData\Local\Temp\div9B06.tmp --------- 0
08/18/2010 04:33 PM C:\Users\WILLSP~1\AppData\Local\Temp\divE252.tmp --------- 0
08/18/2010 03:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\div6C78.tmp --------- 0
08/18/2010 03:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\divA9E5.tmp --------- 0
08/18/2010 03:02 AM C:\Users\WILLSP~1\AppData\Local\Temp\divC235.tmp --------- 0
08/16/2010 10:18 PM C:\Users\WILLSP~1\AppData\Local\Temp\msdtadmin --------- 0
08/16/2010 10:18 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp723C.tmp --------- 0
08/16/2010 09:50 PM C:\Users\WILLSP~1\AppData\Local\Temp\OutofProcReport31588971.txt --------- 2678
08/16/2010 09:50 PM C:\Users\WILLSP~1\AppData\Local\Temp\{6e442883-e444-4ea5-99b0-ff28ddd45192} --------- 0
08/16/2010 09:49 PM C:\Users\WILLSP~1\AppData\Local\Temp\cpes_clean_log_20100816214832.log --------- 20485
08/16/2010 09:42 PM C:\Users\WILLSP~1\AppData\Local\Temp\div276D.tmp --------- 0
08/16/2010 09:42 PM C:\Users\WILLSP~1\AppData\Local\Temp\div648C.tmp --------- 0
08/16/2010 09:42 PM C:\Users\WILLSP~1\AppData\Local\Temp\div96C2.tmp --------- 0
08/16/2010 09:42 PM C:\Users\WILLSP~1\AppData\Local\Temp\div9913.tmp --------- 0
08/16/2010 03:04 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp8038.tmp --------- 0
08/15/2010 11:23 PM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-5 --------- 0
08/15/2010 12:05 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp217.tmp1 --------- 0
08/15/2010 11:48 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmpCBA.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\div10D1.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\div72ED.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\div8B5E.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\div8DDD.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\div8E59.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\div8F34.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\div9DE3.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\divA2A4.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\divAED4.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\divBE11.tmp --------- 0
08/15/2010 11:17 AM C:\Users\WILLSP~1\AppData\Local\Temp\divC763.tmp --------- 0
08/14/2010 11:26 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp650.tmp1 --------- 0
08/14/2010 03:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp68.tmp1 --------- 0
08/14/2010 12:28 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp881.tmp1 --------- 0
08/14/2010 08:58 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp817.tmp1 --------- 0
08/13/2010 08:46 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp498.tmp2 --------- 0
08/13/2010 08:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\dd_vcredistUI2C1E.txt --------- 11430
08/13/2010 08:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\dd_vcredistMSI2C1E.txt --------- 410926
08/13/2010 07:31 PM C:\Users\WILLSP~1\AppData\Local\Temp\SkypeToolbars.msi --------- 2391040
08/13/2010 07:31 PM C:\Users\WILLSP~1\AppData\Local\Temp\Skype.msi --------- 19846144
08/13/2010 06:18 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp564.tmp1 --------- 0
08/13/2010 09:05 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp710.tmp2 --------- 0
08/12/2010 07:32 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp402.tmp1 --------- 0
08/12/2010 07:31 PM C:\Users\WILLSP~1\AppData\Local\Temp\divBC2D.tmp --------- 0
08/12/2010 07:51 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp466.tmp1 --------- 0
08/12/2010 07:26 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp818.tmp1 --------- 0
08/12/2010 01:57 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp854.tmp1 --------- 0
08/11/2010 04:41 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp840.tmp1 --------- 0
08/11/2010 01:43 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp588.tmp1 --------- 0
08/11/2010 01:43 AM C:\Users\WILLSP~1\AppData\Local\Temp\div9397.tmp --------- 0
08/10/2010 04:39 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp250.tmp1 --------- 0
08/10/2010 04:39 PM C:\Users\WILLSP~1\AppData\Local\Temp\div9146.tmp --------- 0
08/10/2010 06:19 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp40.tmp1 --------- 0
08/10/2010 06:19 AM C:\Users\WILLSP~1\AppData\Local\Temp\div9C9C.tmp --------- 0
08/10/2010 04:19 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmpCC83.tmp --------- 0
08/10/2010 04:16 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp5090.tmp --------- 0
08/10/2010 04:16 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp167D.tmp --------- 0
08/10/2010 03:04 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp252.tmp1 --------- 0
08/10/2010 03:03 AM C:\Users\WILLSP~1\AppData\Local\Temp\divAB4B.tmp --------- 0
08/09/2010 11:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp168.tmp1 --------- 0
08/09/2010 11:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\div8786.tmp --------- 0
08/09/2010 08:46 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp607.tmp1 --------- 0
08/09/2010 08:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\div89D7.tmp --------- 0
08/09/2010 06:51 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp534.tmp1 --------- 0
08/09/2010 06:18 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp471.tmp1 --------- 0
08/09/2010 06:18 PM C:\Users\WILLSP~1\AppData\Local\Temp\div8BCA.tmp --------- 0
08/09/2010 05:39 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp158.tmp1 --------- 0
08/09/2010 05:39 PM C:\Users\WILLSP~1\AppData\Local\Temp\div8AB1.tmp --------- 0
08/09/2010 01:14 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-4 --------- 0
08/08/2010 04:30 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp383.tmp1 --------- 0
08/08/2010 02:44 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-3 --------- 0
08/08/2010 01:11 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp366.tmp1 --------- 0
08/06/2010 03:29 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp719.tmp1 --------- 0
08/06/2010 02:03 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp290.tmp1 --------- 0
08/06/2010 11:57 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp739.tmp1 --------- 0
08/05/2010 03:35 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp749.tmp1 --------- 0
08/05/2010 02:56 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp847.tmp1 --------- 0
08/05/2010 02:55 PM C:\Users\WILLSP~1\AppData\Local\Temp\divB6EF.tmp --------- 0
08/05/2010 12:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp596.tmp1 --------- 0
08/05/2010 12:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\History --------- 0
08/05/2010 12:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\Cookies --------- 0
08/05/2010 12:01 PM C:\Users\WILLSP~1\AppData\Local\Temp\Temporary Internet Files --------- 0
08/05/2010 02:47 AM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-2 --------- 0
08/05/2010 12:00 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp20.tmp1 --------- 0
08/05/2010 12:00 AM C:\Users\WILLSP~1\AppData\Local\Temp\divFC67.tmp --------- 0
08/04/2010 10:19 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp149.tmp1 --------- 0
08/04/2010 10:19 AM C:\Users\WILLSP~1\AppData\Local\Temp\div8F24.tmp --------- 0
08/03/2010 08:07 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp256.tmp1 --------- 0
08/03/2010 08:07 PM C:\Users\WILLSP~1\AppData\Local\Temp\div1BF8.tmp --------- 0
08/03/2010 05:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp714.tmp1 --------- 0
08/03/2010 05:45 PM C:\Users\WILLSP~1\AppData\Local\Temp\divD077.tmp --------- 0
08/03/2010 09:45 AM C:\Users\WILLSP~1\AppData\Local\Temp\divED4A.tmp --------- 0
08/03/2010 09:16 AM C:\Users\WILLSP~1\AppData\Local\Temp\tmp134.tmp1 --------- 0
08/02/2010 08:56 PM C:\Users\WILLSP~1\AppData\Local\Temp\StructuredQuery.log --------- 828
08/02/2010 08:39 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp853.tmp1 --------- 0
08/02/2010 08:31 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp676.tmp1 --------- 0
08/02/2010 08:19 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp78.tmp1 --------- 0
08/02/2010 08:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp331.tmp1 --------- 0
08/02/2010 08:11 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp780.tmp1 --------- 0
08/02/2010 08:11 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp762.tmp1 --------- 0
08/02/2010 08:10 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp390.tmp1 --------- 0
08/02/2010 08:09 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp548.tmp1 --------- 0
08/02/2010 08:03 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp668.tmp1 --------- 0
08/02/2010 07:47 PM C:\Users\WILLSP~1\AppData\Local\Temp\tmp197.tmp1 --------- 0
08/02/2010 07:32 PM C:\Users\WILLSP~1\AppData\Local\Temp\{48E7E276-0A60-48FB-9C58-BDDCB84AABFF} --------- 0
08/02/2010 07:32 PM C:\Users\WILLSP~1\AppData\Local\Temp\MSI393a.LOG --------- 1711634
08/02/2010 07:12 PM C:\Users\WILLSP~1\AppData\Local\Temp\DMI4BBF.tmp --------- 0
08/02/2010 06:40 PM C:\Users\WILLSP~1\AppData\Local\Temp\div5EB2.tmp --------- 0
08/01/2010 07:38 PM C:\Users\WILLSP~1\AppData\Local\Temp\div588B.tmp --------- 0
08/01/2010 04:14 PM C:\Users\WILLSP~1\AppData\Local\Temp\divDF27.tmp --------- 0
08/01/2010 04:09 PM C:\Users\WILLSP~1\AppData\Local\Temp\div9C.tmp --------- 0
08/01/2010 10:18 AM C:\Users\WILLSP~1\AppData\Local\Temp\div39C4.tmp --------- 0
07/31/2010 09:16 PM C:\Users\WILLSP~1\AppData\Local\Temp\divF8A1.tmp --------- 0
07/30/2010 06:31 PM C:\Users\WILLSP~1\AppData\Local\Temp\DMIAD7F.tmp --------- 0
07/29/2010 10:42 PM C:\Users\WILLSP~1\AppData\Local\Temp\RA.xml --------- 20631
07/29/2010 10:42 PM C:\Users\WILLSP~1\AppData\Local\Temp\RA.dmp --------- 79287
07/29/2010 10:42 PM C:\Users\WILLSP~1\AppData\Local\Temp\RAC5DD.tmp --------- 0
07/29/2010 08:20 PM C:\Users\WILLSP~1\AppData\Local\Temp\data --------- 0
07/29/2010 07:46 PM C:\Users\WILLSP~1\AppData\Local\Temp\isw_acc_80100000 --------- 0
07/29/2010 03:30 PM C:\Users\WILLSP~1\AppData\Local\Temp\uttCA23.tmp.old --------- 0
07/29/2010 02:41 PM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp --------- 0
07/29/2010 02:41 PM C:\Users\WILLSP~1\AppData\Local\Temp\ct2613550 --------- 0
07/29/2010 02:41 PM C:\Users\WILLSP~1\AppData\Local\Temp\conduit --------- 0
07/29/2010 02:41 PM C:\Users\WILLSP~1\AppData\Local\Temp\07291052511 --------- 0
07/29/2010 02:30 PM C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-1 --------- 0
07/29/2010 04:06 AM C:\Users\WILLSP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
06/28/2010 10:09 PM C:\Users\WILLSP~1\AppData\Local\Temp\zauninst.exe --------- 220160
06/28/2010 09:59 PM C:\Users\WILLSP~1\AppData\Local\Temp\vsinit.dll --------- 228864
06/28/2010 09:59 PM C:\Users\WILLSP~1\AppData\Local\Temp\vsutil.dll --------- 713728
06/15/2010 05:50 PM C:\Users\WILLSP~1\AppData\Local\Temp\Uninstall.exe --------- 1208632
06/08/2010 08:20 PM C:\Users\WILLSP~1\AppData\Local\Temp\Catalyst.bmp --------- 57654
03/16/2010 04:11 PM C:\Users\WILLSP~1\AppData\Local\Temp\ose00000.exe --------- 174440
----------------------------------------
C:\Program Files
09/06/2010 12:13 AM C:\Program Files\Windows Media Player --------- 4096
09/06/2010 12:13 AM C:\Program Files\Windows Mail --------- 0
09/06/2010 12:13 AM C:\Program Files\Internet Explorer --------- 4096
08/29/2010 04:11 PM C:\Program Files\Common Files --------- 4096
08/29/2010 04:10 PM C:\Program Files\Microsoft Synchronization Services --------- 0
08/29/2010 04:09 PM C:\Program Files\Microsoft Office --------- 4096
08/29/2010 04:09 PM C:\Program Files\Microsoft Sync Framework --------- 0
08/29/2010 04:09 PM C:\Program Files\Microsoft SQL Server Compact Edition --------- 0
08/29/2010 04:06 PM C:\Program Files\Microsoft Analysis Services --------- 0
08/18/2010 12:08 PM C:\Program Files\WinRAR --------- 4096
07/31/2010 08:46 PM C:\Program Files\DivX --------- 0
07/29/2010 04:35 PM C:\Program Files\ATI Technologies --------- 0
07/29/2010 04:33 PM C:\Program Files\ATI --------- 0
07/29/2010 02:28 PM C:\Program Files\CheckPoint --------- 0
07/14/2009 09:47 AM C:\Program Files\DVD Maker --------- 4096
07/14/2009 09:46 AM C:\Program Files\Windows Journal --------- 0
07/14/2009 09:46 AM C:\Program Files\Microsoft Games --------- 4096
07/14/2009 07:37 AM C:\Program Files\Windows Sidebar --------- 4096
07/14/2009 07:37 AM C:\Program Files\Windows Photo Viewer --------- 0
07/14/2009 07:37 AM C:\Program Files\Windows Defender --------- 4096
07/14/2009 07:32 AM C:\Program Files\Windows Portable Devices --------- 0
07/14/2009 07:32 AM C:\Program Files\Windows NT --------- 0
07/14/2009 07:32 AM C:\Program Files\Reference Assemblies --------- 0
07/14/2009 07:32 AM C:\Program Files\MSBuild --------- 0
07/14/2009 07:09 AM C:\Program Files\Uninstall Information --------- 0
07/14/2009 06:54 AM C:\Program Files\desktop.ini --------- 174
----------------------------------------
C:\ProgramData\..
Will
AppData
Will Spliff
Public
Default
All Users
Default User
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
----------------------------------------
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 1,024 K
smss.exe 272 Services 0 1,092 K
csrss.exe 356 Services 0 4,108 K
wininit.exe 424 Services 0 4,276 K
csrss.exe 460 Console 1 9,884 K
services.exe 492 Services 0 8,912 K
lsass.exe 508 Services 0 10,864 K
lsm.exe 516 Services 0 4,120 K
svchost.exe 620 Services 0 9,036 K
winlogon.exe 696 Console 1 6,880 K
svchost.exe 756 Services 0 7,156 K
atiesrxx.exe 816 Services 0 4,132 K
svchost.exe 892 Services 0 26,060 K
svchost.exe 936 Services 0 95,108 K
svchost.exe 976 Services 0 86,520 K
svchost.exe 464 Services 0 15,208 K
svchost.exe 1080 Services 0 13,508 K
atieclxx.exe 1140 Console 1 5,292 K
spoolsv.exe 1348 Services 0 11,548 K
sched.exe 1376 Services 0 1,520 K
svchost.exe 1396 Services 0 14,556 K
avguard.exe 1544 Services 0 78,536 K
svchost.exe 1636 Services 0 5,276 K
SDWinSec.exe 1772 Services 0 8,148 K
avshadow.exe 1796 Services 0 3,908 K
conhost.exe 1816 Services 0 2,580 K
WUDFHost.exe 2140 Services 0 5,808 K
dwm.exe 2584 Console 1 4,776 K
taskhost.exe 2592 Console 1 5,420 K
explorer.exe 2604 Console 1 39,768 K
TeaTimer.exe 2808 Console 1 91,148 K
uTorrent.exe 2820 Console 1 9,016 K
avgnt.exe 2900 Console 1 3,848 K
wmpnetwk.exe 2008 Services 0 5,520 K
svchost.exe 2328 Services 0 13,400 K
firefox.exe 764 Console 1 100,876 K
svchost.exe 1468 Services 0 12,712 K
WmiPrvSE.exe 3036 Services 0 6,044 K
svchost.exe 2752 Services 0 30,888 K
plugin-container.exe 2896 Console 1 14,008 K
audiodg.exe 2792 Services 0 15,360 K
RSIT.exe 3008 Console 1 14,488 K
WmiPrvSE.exe 208 Services 0 10,632 K
WinRAR.exe 1624 Console 1 16,356 K
cmd.exe 584 Console 1 3,624 K
conhost.exe 1252 Console 1 4,016 K
tasklist.exe 2452 Console 1 5,256 K
***** Ende des Scans Fri 09/10/2010 um 10:54:39.40 ***
|
|
12.09.2010, 13:14
| #3 | |
| /// Helfer-Team | Mein email Account schickt Spammails also wiederhole mich nochmal:
__________________Zitat:
 hier geht`s nur damit weiter:-> http://www.trojaner-board.de/90534-m...tml#post566094 und zwar für dein Tower, sonst kommen wir schnell durcheinendar! |
|
| Themen zu Mein email Account schickt Spammails |
| account, antivir, ausser, datei, email, email account, gefunde, geloescht, laptop, neu, rechner, schickt, spammail, spammails, spybot, suche, yahoo |
Hybrid-Darstellung
