Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein email Account schickt Spammails (https://www.trojaner-board.de/90534-email-account-schickt-spammails.html)

mcpappe 08.09.2010 12:00
Mein email Account schickt Spammails
 
Hallo,
mein emailaccount bei yahoo schickt spam-mails. Ich habe ein laptop und ein tower-pc bei beiden hab ich jeweils antivir und spybot suchen lassen. antivir hat 1 datei gefunden die ich jedoch geloescht hab, doch trotzdem werden spam-mails verschickt.
was kann ich tun, ausser beide rechner neu aufzusetzten??
MfG
Jannis

kira 08.09.2010 12:56
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
- kannst Du die Daten von deinem Laptop mal zeigen, damit wir sehen können, ob da eventuell Malware drauf sein könnte?:

1.
- Lade dir Random's System Information Tool (RSIT) von random/random herunter
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool "Ccleaner" herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
Coverflow

mcpappe 08.09.2010 19:31
danke fur die schnelle antwort :D
Tower PC
Info von Rsit
[code]
info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.08 2010-09-14 08:10:38

======Uninstall list======

-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Activision(R)-->MsiExec.exe /X{3FAD68D9-1FA1-4871-9ADF-9151D969E943}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Alpha Protocol-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}\setup.exe" -l0x9  -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield Vietnam(TM)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Call of Duty Modern Warfare 2-->"C:\Games\CoDmw2\Call of Duty Modern Warfare 2\unins000.exe"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dungeon Keeper 2-->C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\Uninstall.exe
King’s Bounty: The Legend (Nur entfernen)-->"C:\Program Files (x86)\Nobilis\King's Bounty\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly
NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9  -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9  -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9  -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9  -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9  -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9  -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9  -removeonly
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9  -removeonly
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
Rapture3D 2.3.22 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Risen-->"C:\Program Files (x86)\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Serious Sam: The Second Encounter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x9
Singularity(TM)-->"C:\Program Files (x86)\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe" -runfromtemp -l0x0409  -removeonly
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
The Lord of the Rings - Conquest™-->MsiExec.exe /X{628C3D50-F524-4C49-A958-672CE7953756}
TP-LINK Wireless Client Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{7A2A107B-9695-423F-9462-8F17C178BD35}\setup.exe" -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
WG111 Smart Wizard-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\SETUP.EXE" -uninst

======System event log======

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 535
Source Name: Disk
Time Written: 20100125222712.159179-000
Event Type: Error
User:

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 532
Source Name: Disk
Time Written: 20100125222711.659179-000
Event Type: Error
User:

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 531
Source Name: Disk
Time Written: 20100125222711.159179-000
Event Type: Error
User:

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 530
Source Name: Disk
Time Written: 20100125222710.659179-000
Event Type: Error
User:

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 528
Source Name: Disk
Time Written: 20100125222710.159179-000
Event Type: Error
User:

=====Application event log=====

Computer Name: MeinPc
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
  Gathering Writer Data

Context:
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {0432e3b3-ba37-4004-9bea-29fb5262f16b}
Record Number: 358
Source Name: VSS
Time Written: 20100126051803.000000-000
Event Type: Error
User:

Computer Name: MeinPc
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-104217597-776977384-866917408-1000:
Process 436 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-104217597-776977384-866917408-1000

Record Number: 200
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100125221439.668070-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MeinPc
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

 DETAIL - The directory is not empty.

Record Number: 182
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100125221035.280375-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: MeinPc
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=RFQ43
ACID=?
Detailed Error[?]

Record Number: 170
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100125220922.000000-000
Event Type: Error
User:

Computer Name: MeinPc
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 115
Source Name: Microsoft-Windows-Search
Time Written: 20100125220846.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
        Security ID:                S-1-5-18
        Account Name:                37L4247E29-32$
        Account Domain:                WORKGROUP
        Logon ID:                0x3e7

Group:
        Security ID:                S-1-5-32-551
        Group Name:                Backup Operators
        Group Domain:                Builtin

Changed Attributes:
        SAM Account Name:        -
        SID History:                -

Additional Information:
        Privileges:                -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.828125-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
        Security ID:                S-1-5-18
        Account Name:                37L4247E29-32$
        Account Domain:                WORKGROUP
        Logon ID:                0x3e7

New Group:
        Security ID:                S-1-5-32-551
        Group Name:                Backup Operators
        Group Domain:                Builtin

Attributes:
        SAM Account Name:        Backup Operators
        SID History:                -

Additional Information:
        Privileges:                -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.828125-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:        0
Policy ID:        0x3096c
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.453125-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
        Security ID:                S-1-0-0
        Account Name:                -
        Account Domain:                -
        Logon ID:                0x0

Logon Type:                        0

New Logon:
        Security ID:                S-1-5-18
        Account Name:                SYSTEM
        Account Domain:                NT AUTHORITY
        Logon ID:                0x3e7
        Logon GUID:                {00000000-0000-0000-0000-000000000000}

Process Information:
        Process ID:                0x4
        Process Name:               

Network Information:
        Workstation Name:        -
        Source Network Address:        -
        Source Port:                -

Detailed Authentication Information:
        Logon Process:                -
        Authentication Package:        -
        Transited Services:        -
        Package Name (NTLM only):        -
        Key Length:                0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
        - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
        - Transited services indicate which intermediate services have participated in this logon request.
        - Package name indicates which sub-protocol was used among the NTLM protocols.
        - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170918.812500-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170918.671875-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303

-----------------EOF-----------------
--- --- ---


Log von rsit
[code]
RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by XXXXXX at 2010-09-14 08:10:01
Microsoft Windows 7 Ultimate 
System drive C: has 7 GB (5%) free of 131 GB
Total RAM: 2047 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:10:37 AM, on 9/14/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Will SPliff\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Will SPliff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6514 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-09-09 328568]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-14 08:10:01 ----D---- C:\rsit
2010-09-14 08:10:01 ----D---- C:\Program Files (x86)\trend micro
2010-09-13 23:12:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-09-13 23:12:28 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-09-13 06:54:48 ----D---- C:\ProgramData\SEGA Corporation
2010-09-13 06:13:02 ----D---- C:\Program Files (x86)\SEGA
2010-09-11 05:27:36 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-09-11 05:27:28 ----D---- C:\Program Files (x86)\DivX
2010-09-11 05:06:48 ----D---- C:\ProgramData\DivX
2010-09-10 16:38:21 ----D---- C:\Users\Will SPliff\AppData\Roaming\ProtectDISC
2010-09-10 16:16:13 ----D---- C:\Program Files (x86)\Kalypso
2010-09-10 13:54:06 ----D---- C:\Program Files (x86)\Activision
2010-09-10 10:42:47 ----D---- C:\Program Files (x86)\Pidgin
2010-09-09 20:17:55 ----D---- C:\Windows\pss
2010-09-09 02:40:05 ----D---- C:\Program Files (x86)\uTorrent
2010-09-09 02:39:51 ----D---- C:\Users\Will SPliff\AppData\Roaming\uTorrent
2010-09-09 02:22:33 ----D---- C:\Users\Will SPliff\AppData\Roaming\Avira
2010-09-09 02:05:13 ----D---- C:\ProgramData\Avira
2010-09-09 02:05:13 ----D---- C:\Program Files (x86)\Avira
2010-09-09 02:05:13 ----A---- C:\Windows\SysWOW64\drivers\avgntmgr.sys
2010-09-09 02:05:13 ----A---- C:\Windows\SysWOW64\drivers\avgntdd.sys
2010-09-09 01:37:13 ----D---- C:\Users\Will SPliff\AppData\Roaming\Macromedia
2010-09-09 01:37:13 ----D---- C:\Users\Will SPliff\AppData\Roaming\Adobe
2010-09-09 01:35:50 ----D---- C:\Users\Will SPliff\AppData\Roaming\Mozilla
2010-09-09 01:35:05 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-09-09 01:31:13 ----D---- C:\Windows\Options
2010-09-09 00:39:21 ----D---- C:\ProgramData\TP-LINK
2010-08-24 02:32:58 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-08-24 01:42:16 ----D---- C:\Program Files (x86)\Nobilis
2010-08-24 00:02:56 ----D---- C:\Program Files (x86)\Bethesda Softworks
2010-08-24 00:01:44 ----RHD---- C:\Users\Will SPliff\AppData\Roaming\SecuROM
2010-08-24 00:01:44 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll
2010-08-20 22:53:39 ----D---- C:\Program Files (x86)\Bullfrog

======List of files/folders modified in the last 1 months======

2010-09-14 08:10:02 ----D---- C:\Windows\Temp
2010-09-14 08:10:01 ----RD---- C:\Program Files (x86)
2010-09-14 07:26:10 ----D---- C:\Windows\System32
2010-09-14 07:26:10 ----D---- C:\Windows\inf
2010-09-14 07:20:07 ----D---- C:\ProgramData\NVIDIA
2010-09-13 23:39:44 ----SHD---- C:\System Volume Information
2010-09-13 23:14:25 ----SD---- C:\Users\Will SPliff\AppData\Roaming\Microsoft
2010-09-13 23:12:28 ----HD---- C:\ProgramData
2010-09-13 06:13:16 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-09-13 06:13:02 ----SHD---- C:\Windows\Installer
2010-09-13 06:11:54 ----RSD---- C:\Windows\assembly
2010-09-13 06:05:01 ----D---- C:\Windows\Prefetch
2010-09-12 07:15:01 ----D---- C:\Windows\Logs
2010-09-11 05:27:57 ----RD---- C:\Program Files
2010-09-11 05:27:54 ----D---- C:\Windows\SysWOW64
2010-09-11 05:27:36 ----D---- C:\Program Files (x86)\Common Files
2010-09-10 16:15:21 ----D---- C:\Games
2010-09-10 14:15:24 ----D---- C:\Windows\winsxs
2010-09-10 14:04:47 ----D---- C:\Windows
2010-09-09 20:16:44 ----D---- C:\Windows\Downloaded Program Files
2010-09-09 02:05:13 ----D---- C:\Windows\SysWOW64\drivers
2010-09-09 01:40:02 ----D---- C:\ProgramData\Codemasters
2010-09-09 01:32:14 ----SD---- C:\ProgramData\Microsoft
2010-08-25 02:40:40 ----D---- C:\Windows\LiveKernelReports
2010-08-24 02:32:54 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-24 00:01:13 ----D---- C:\Program Files (x86)\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SCMNdisP;General NDIS Protocol Driver; C:\Windows\system32\DRIVERS\scmndisp.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 aoy52uyb;aoy52uyb; C:\Windows\SysWOW64\drivers\aoy52uyb.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SCM_Service;SCM_Service; C:\Windows\SysWOW64\WinService.exe [2007-07-18 180224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------
--- --- ---


hjtscanlist
[code]
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

  09/14/2010 08:10 AM    C:\rsit --------- 0 
  09/14/2010 08:10 AM    C:\Program Files (x86) --------- 8192 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  09/13/2010 11:39 PM    C:\System Volume Information --------- 20480 
  09/13/2010 11:12 PM    C:\ProgramData --------- 4096 
  09/11/2010 05:27 AM    C:\Program Files --------- 4096 
  09/10/2010 04:15 PM    C:\Games --------- 12288 
  09/10/2010 02:04 PM    C:\Windows --------- 20480 
  02/11/2010 03:59 AM    C:\Users --------- 4096 
  01/26/2010 01:05 AM    C:\OEMSettings --------- 0 
  01/26/2010 12:45 AM    C:\NVIDIA --------- 0 
  01/26/2010 12:10 AM    C:\$Recycle.Bin --------- 0 
  01/26/2010 12:10 AM    C:\Recovery --------- 0 
  07/14/2009 07:08 AM    C:\Documents and Settings --------- 0 
  07/14/2009 05:20 AM    C:\PerfLogs --------- 0 
  11/07/2007 08:12 AM    C:\VC_RED.MSI --------- 232960 
  11/07/2007 08:09 AM    C:\VC_RED.cab --------- 1442522 
  11/07/2007 08:03 AM    C:\install.res.1036.dll --------- 97296 
  11/07/2007 08:03 AM    C:\install.res.1033.dll --------- 91152 
  11/07/2007 08:03 AM    C:\install.res.1031.dll --------- 96272 
  11/07/2007 08:03 AM    C:\install.res.1041.dll --------- 81424 
  11/07/2007 08:03 AM    C:\install.res.1042.dll --------- 79888 
  11/07/2007 08:03 AM    C:\install.res.2052.dll --------- 75792 
  11/07/2007 08:03 AM    C:\install.res.3082.dll --------- 96272 
  11/07/2007 08:03 AM    C:\install.exe --------- 562688 
  11/07/2007 08:03 AM    C:\install.res.1040.dll --------- 95248 
  11/07/2007 08:03 AM    C:\install.res.1028.dll --------- 76304 
  11/07/2007 08:00 AM    C:\eula.1041.txt --------- 118 
  11/07/2007 08:00 AM    C:\eula.1040.txt --------- 17734 
  11/07/2007 08:00 AM    C:\eula.1036.txt --------- 17734 
  11/07/2007 08:00 AM    C:\eula.1033.txt --------- 10134 
  11/07/2007 08:00 AM    C:\eula.2052.txt --------- 17734 
  11/07/2007 08:00 AM    C:\eula.1031.txt --------- 17734 
  11/07/2007 08:00 AM    C:\eula.1028.txt --------- 17734 
  11/07/2007 08:00 AM    C:\eula.3082.txt --------- 17734 
  11/07/2007 08:00 AM    C:\vcredist.bmp --------- 5686 
  11/07/2007 08:00 AM    C:\install.ini --------- 843 
  11/07/2007 08:00 AM    C:\eula.1042.txt --------- 17734 
  11/07/2007 08:00 AM    C:\globdata.ini --------- 1110 
----------------------------------------

 
C:\Windows

  09/14/2010 07:30 AM    C:\Windows\WindowsUpdate.log --------- 878719 
  09/14/2010 07:20 AM    C:\Windows\setupact.log --------- 24445 
  09/14/2010 07:20 AM    C:\Windows\bootstat.dat --------- 67584 
  09/13/2010 06:12 AM    C:\Windows\DirectX.log --------- 395571 
  08/24/2010 02:56 AM    C:\Windows\PFRO.log --------- 1754 
  02/11/2010 07:24 AM    C:\Windows\eReg.dat --------- 767 
  01/26/2010 01:21 AM    C:\Windows\RtlExUpd.dll --------- 838176 
  01/25/2010 07:11 PM    C:\Windows\DtcInstall.log --------- 1774 
  01/25/2010 07:11 PM    C:\Windows\TSSysprep.log --------- 1313 
  07/14/2009 07:09 AM    C:\Windows\win.ini --------- 403 
  07/14/2009 06:54 AM    C:\Windows\WindowsShell.Manifest --------- 749 
  07/14/2009 06:51 AM    C:\Windows\setuperr.log --------- 0 
  07/14/2009 03:39 AM    C:\Windows\write.exe --------- 10240 
  07/14/2009 03:39 AM    C:\Windows\splwow64.exe --------- 61952 
  07/14/2009 03:39 AM    C:\Windows\regedit.exe --------- 427008 
  07/14/2009 03:39 AM    C:\Windows\notepad.exe --------- 193536 
  07/14/2009 03:39 AM    C:\Windows\HelpPane.exe --------- 733696 
  07/14/2009 03:39 AM    C:\Windows\hh.exe --------- 16896 
  07/14/2009 03:39 AM    C:\Windows\fveupdate.exe --------- 15360 
  07/14/2009 03:39 AM    C:\Windows\explorer.exe --------- 2868224 
  07/14/2009 03:38 AM    C:\Windows\bfsvc.exe --------- 71168 
  07/14/2009 03:16 AM    C:\Windows\twain_32.dll --------- 51200 
  07/14/2009 03:14 AM    C:\Windows\winhlp32.exe --------- 9728 
  07/14/2009 03:14 AM    C:\Windows\twunk_32.exe --------- 31232 
  07/14/2009 01:06 AM    C:\Windows\mib.bin --------- 43131 
  06/10/2009 11:41 PM    C:\Windows\twunk_16.exe --------- 49680 
  06/10/2009 11:41 PM    C:\Windows\twain.dll --------- 94784 
  06/10/2009 11:08 PM    C:\Windows\system.ini --------- 219 
  06/10/2009 10:52 PM    C:\Windows\WMSysPr9.prx --------- 316640 
  06/10/2009 10:36 PM    C:\Windows\msdfmap.ini --------- 1405 
  06/10/2009 10:31 PM    C:\Windows\Ultimate.xml --------- 51867 
  06/10/2009 10:31 PM    C:\Windows\Starter.xml --------- 48201 
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 09/14/2010 07:26 AM    C:\Windows\system32\perfh009.dat --------- 615122 
 09/14/2010 07:26 AM    C:\Windows\system32\perfc009.dat --------- 103496 
 09/14/2010 07:26 AM    C:\Windows\system32\PerfStringBackup.INI --------- 713888 
 09/14/2010 07:25 AM    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 18000 
 09/14/2010 07:25 AM    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 18000 
 09/13/2010 10:57 PM    C:\Windows\system32\catroot2 --------- 4096 
 09/12/2010 02:56 AM    C:\Windows\system32\config --------- 12288 
 09/09/2010 02:05 AM    C:\Windows\system32\catroot --------- 0 
 09/09/2010 02:05 AM    C:\Windows\system32\drivers --------- 65536 
 09/09/2010 01:31 AM    C:\Windows\system32\DriverStore --------- 4096 
 09/09/2010 12:43 AM    C:\Windows\system32\wdi --------- 4096 
 05/21/2010 11:14 PM    C:\Windows\system32\MpSigStub.exe --------- 270208 
 05/13/2010 06:58 PM    C:\Windows\system32\athurextx.cat --------- 7484 
 04/09/2010 10:51 PM    C:\Windows\system32\en-US --------- 327680 
 04/09/2010 10:51 PM    C:\Windows\system32\slwga.dll --------- 14848 
 04/09/2010 10:51 PM    C:\Windows\system32\systemcpl.dll --------- 419840 
 02/11/2010 12:00 PM    C:\Windows\system32\LogFiles --------- 4096 
 02/11/2010 04:38 AM    C:\Windows\system32\wrap_oal.dll --------- 466520 
 02/11/2010 04:38 AM    C:\Windows\system32\OpenAL32.dll --------- 122968 
 02/11/2010 03:59 AM    C:\Windows\system32\NDF --------- 0 
 02/04/2010 07:01 PM    C:\Windows\system32\XAPOFX1_4.dll --------- 78680 
 02/04/2010 07:01 PM    C:\Windows\system32\XAudio2_6.dll --------- 530776 
 02/04/2010 07:01 PM    C:\Windows\system32\xactengine3_6.dll --------- 176984 
 02/04/2010 07:01 PM    C:\Windows\system32\X3DAudio1_7.dll --------- 24920 
 01/26/2010 07:51 AM    C:\Windows\system32\Tasks --------- 4096 
 01/26/2010 01:21 AM    C:\Windows\system32\WavesGUILib.dll --------- 2719504 
 01/26/2010 01:21 AM    C:\Windows\system32\SRSWOW64.dll --------- 155888 
 01/26/2010 01:21 AM    C:\Windows\system32\SRSTSX64.dll --------- 518896 
 01/26/2010 01:21 AM    C:\Windows\system32\SRSTSH64.dll --------- 211184 
 01/26/2010 01:21 AM    C:\Windows\system32\SRSHP64.dll --------- 198896 
 01/26/2010 01:21 AM    C:\Windows\system32\RTSnMg64.cpl --------- 612384 
 01/26/2010 01:21 AM    C:\Windows\system32\RtPgEx64.dll --------- 1694240 
 01/26/2010 01:21 AM    C:\Windows\system32\RtlCPAPI64.dll --------- 332320 
 01/26/2010 01:21 AM    C:\Windows\system32\RtkCfg64.dll --------- 149536 
 01/26/2010 01:21 AM    C:\Windows\system32\RtkAPO64.dll --------- 1638944 
 01/26/2010 01:21 AM    C:\Windows\system32\RtkApi64.dll --------- 477216 
 01/26/2010 01:21 AM    C:\Windows\system32\RTCOM64.dll --------- 1201184 
 01/26/2010 01:21 AM    C:\Windows\system32\RP3DHT64.dll --------- 307920 
 01/26/2010 01:21 AM    C:\Windows\system32\RP3DAA64.dll --------- 307920 
 01/26/2010 01:21 AM    C:\Windows\system32\RCoInst64.dll --------- 68640 
 01/26/2010 01:21 AM    C:\Windows\system32\MaxxAudioEQ.dll --------- 2197264 
 01/26/2010 01:21 AM    C:\Windows\system32\MaxxAudioAPO20.dll --------- 325904 
 01/26/2010 01:21 AM    C:\Windows\system32\FMAPO64.dll --------- 328096 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSVoiceClarityDLL64.dll --------- 463632 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSS2SpeakerDLL64.dll --------- 1312016 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSS2HeadphoneDLL64.dll --------- 1164560 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSNeoPCDLL64.dll --------- 303888 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSLimiterDLL64.dll --------- 257296 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSLFXAPO64.dll --------- 123664 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSGFXAPO64.dll --------- 121104 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSGainCompensatorDLL64.dll --------- 256784 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSBoostDLL64.dll --------- 1098512 
 01/26/2010 01:21 AM    C:\Windows\system32\DTSBassEnhancementDLL64.dll --------- 491792 
 01/26/2010 01:21 AM    C:\Windows\system32\AERTAC64.dll --------- 168864 
 01/26/2010 01:21 AM    C:\Windows\system32\AERTAR64.dll --------- 108960 
 01/26/2010 12:27 AM    C:\Windows\system32\restore --------- 0 
 01/26/2010 12:10 AM    C:\Windows\system32\Recovery --------- 0 
 01/25/2010 07:23 PM    C:\Windows\system32\CodeIntegrity --------- 0 
 01/25/2010 07:13 PM    C:\Windows\system32\FNTCACHE.DAT --------- 274320 
 01/25/2010 07:12 PM    C:\Windows\system32\license.rtf --------- 42045 
 01/25/2010 07:11 PM    C:\Windows\system32\sysprep --------- 0 
 01/21/2010 07:16 AM    C:\Windows\system32\netathurx.inf --------- 17326 
 01/12/2010 09:19 AM    C:\Windows\system32\nvshext.dll --------- 61032 
 01/12/2010 06:03 AM    C:\Windows\system32\nvcompiler.dll --------- 16051304 
 01/12/2010 06:03 AM    C:\Windows\system32\nvcod189.dll --------- 202344 
 01/12/2010 06:03 AM    C:\Windows\system32\nvudisp.exe --------- 645736 
 01/12/2010 06:03 AM    C:\Windows\system32\OpenCL.dll --------- 65640 
 01/12/2010 06:03 AM    C:\Windows\system32\dpinst.exe --------- 930272 
 01/12/2010 06:03 AM    C:\Windows\system32\nvinfo.pb --------- 9163 
 01/06/2010 04:23 AM    C:\Windows\system32\athurx.sys --------- 1847296 
 12/16/2009 04:26 AM    C:\Windows\system32\RTEEP64A.dll --------- 372936 
 12/16/2009 04:26 AM    C:\Windows\system32\RTEEG64A.dll --------- 76488 
 12/16/2009 04:26 AM    C:\Windows\system32\RTEEL64A.dll --------- 99016 
 12/16/2009 04:26 AM    C:\Windows\system32\RTEED64A.dll --------- 201928 
 09/28/2009 03:24 AM    C:\Windows\system32\nvcpl.cpl --------- 410728 
 09/28/2009 03:24 AM    C:\Windows\system32\nvcplui.exe --------- 3778664 
 09/28/2009 03:23 AM    C:\Windows\system32\nvwss.dll --------- 3746920 
 09/28/2009 03:23 AM    C:\Windows\system32\nvsvs.dll --------- 1646696 
 09/28/2009 03:23 AM    C:\Windows\system32\nvvitvs.dll --------- 4546152 
 09/28/2009 03:23 AM    C:\Windows\system32\nvmobls.dll --------- 1647720 
 09/28/2009 03:23 AM    C:\Windows\system32\nvmccss.dll --------- 289896 
 09/28/2009 03:22 AM    C:\Windows\system32\NvwsApps.xml --------- 68587 
 09/28/2009 03:22 AM    C:\Windows\system32\NvApps.xml --------- 253738 
 09/28/2009 03:22 AM    C:\Windows\system32\nvdisps.dll --------- 5426792 
 09/28/2009 03:22 AM    C:\Windows\system32\nvmctray.dll --------- 82536 
 09/28/2009 03:22 AM    C:\Windows\system32\nvvsvc.exe --------- 383592 
 09/28/2009 03:22 AM    C:\Windows\system32\nvgames.dll --------- 5208168 
 09/28/2009 03:22 AM    C:\Windows\system32\nvcpl.dll --------- 16666728 
 09/28/2009 03:22 AM    C:\Windows\system32\nvsvc64.dll --------- 991848 
 09/28/2009 01:12 AM    C:\Windows\system32\nvcuda.dll --------- 2633320 
 09/28/2009 01:12 AM    C:\Windows\system32\nvencodemft.dll --------- 2152552 
 09/28/2009 01:12 AM    C:\Windows\system32\nvcod.dll --------- 183912 
 09/28/2009 01:12 AM    C:\Windows\system32\nvcod167.dll --------- 183912 
 09/28/2009 01:12 AM    C:\Windows\system32\nvd3dumx.dll --------- 9441384 
 09/28/2009 01:12 AM    C:\Windows\system32\nvdecodemft.dll --------- 335464 
 09/28/2009 01:12 AM    C:\Windows\system32\nvwgf2umx.dll --------- 4599912 
 09/28/2009 01:12 AM    C:\Windows\system32\nvcuvenc.dll --------- 1734248 
 09/28/2009 01:12 AM    C:\Windows\system32\nvoglv64.dll --------- 15387752 
 09/28/2009 01:12 AM    C:\Windows\system32\nvdisp.nvu --------- 14646 
 09/28/2009 01:12 AM    C:\Windows\system32\nvapi64.dll --------- 1322088 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 09/14/2010 07:20 AM    C:\Windows\Tasks\SA.DAT --------- 6 
 07/14/2009 07:08 AM    C:\Windows\Tasks\SCHEDLGU.TXT --------- 17108 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\WILLSP~1\AppData\Local\Temp

 09/14/2010 08:12 AM    C:\Users\WILLSP~1\AppData\Local\Temp\Rar$DI00.676 --------- 0 
 09/14/2010 07:56 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-3 --------- 0 
 09/14/2010 07:20 AM    C:\Users\WILLSP~1\AppData\Local\Temp\WPDNSE --------- 0 
 09/14/2010 07:20 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divAAF5.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{EEDB4D36-1D07-4BF0-A8EC-C061B0315371} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{E09E42F6-62D2-4D57-AF97-558287C7923C} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{DA1C0664-7E0A-4A43-8E6F-846FECA80946} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{9EB614AC-FEAD-44E9-932E-0D952B38C605} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{91839B6C-B26E-4778-A4B1-7EF34AFDD844} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{90FA6AD2-EEEA-4ACF-AC97-95B788DED9D8} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{70FF7DF1-E69E-47df-9AA6-F062FADD6146} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{6CD8DBC8-3F21-49ED-BDAF-1DA0F166C8C7} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{65DEDEC7-688C-4459-9BC2-0888A5597016} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{5D3661B2-F687-4148-A748-8D4DA81AE6D7} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{5007060A-8B71-4A48-B103-0603370CF84E} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{4E248BBA-54B1-4662-9D47-879A746B4A17} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Temp2_wg111v2_3_4_0.zip --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{4BC5C943-F14F-4991-A909-CED8E96A4C7D} --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Temp1_wg111v2_3_4_0.zip --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\ispF64C.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\ispDD9E.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\isp814C.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\isp3ABC.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divF4A1.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\isp3600.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divF1A3.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divDEB9.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divCB66.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divB92E.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divB6CC.tmp --------- 0 
 09/13/2010 11:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\ckz_A1DR --------- 0 
 09/13/2010 07:58 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-2 --------- 0 
 09/13/2010 06:42 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{9F7558F6-3929-4452-8527-EC843CA0736B} --------- 0 
 09/12/2010 07:58 PM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-1 --------- 0 
 09/10/2010 02:10 PM    C:\Users\WILLSP~1\AppData\Local\Temp\UCDebugger --------- 0 
 09/09/2010 05:30 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp --------- 0 
 09/09/2010 01:40 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{03380CD1-9E95-4B37-89C3-BCF6539C30A1} --------- 0 
 09/09/2010 01:35 AM    C:\Users\WILLSP~1\AppData\Local\Temp\Low --------- 0 
 09/09/2010 01:31 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{E368AB75-F39E-44A2-906C-75D0724B50F1} --------- 0 
 09/09/2010 12:39 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{C34F19B0-ABE3-4E61-ADED-83AB3A5E8ACB} --------- 0 
 09/09/2010 12:39 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{AFED87D1-74BF-4851-8D10-A5EC217FAB17} --------- 0 
 09/09/2010 12:39 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{370FB9C0-76BC-4144-B279-7958D5A2E575} --------- 0 
 08/24/2010 02:33 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{EEAE0423-29D9-4B17-99F0-AA52CAA5ED0B} --------- 0 
 08/24/2010 02:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{14EF48BB-4241-4149-925D-6ADE89F02996} --------- 0 
 08/24/2010 02:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\pftE903.tmp --------- 0 
 08/24/2010 01:56 AM    C:\Users\WILLSP~1\AppData\Local\Temp\Testaware --------- 0 
 08/24/2010 12:22 AM    C:\Users\WILLSP~1\AppData\Local\Temp\bye2C57.tmp --------- 0 
 08/24/2010 12:22 AM    C:\Users\WILLSP~1\AppData\Local\Temp\byeDD1D.tmp --------- 0 
 08/24/2010 12:21 AM    C:\Users\WILLSP~1\AppData\Local\Temp\bye6E27.tmp --------- 0 
 08/24/2010 12:21 AM    C:\Users\WILLSP~1\AppData\Local\Temp\byeF5AB.tmp --------- 0 
 08/24/2010 12:20 AM    C:\Users\WILLSP~1\AppData\Local\Temp\bye8B78.tmp --------- 0 
 08/24/2010 12:20 AM    C:\Users\WILLSP~1\AppData\Local\Temp\bye3A5A.tmp --------- 0 
 08/24/2010 12:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\AUG2005DXREDIST --------- 0 
 08/20/2010 10:55 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{1c19395b-2972-4a0b-bb06-f149c800a3dc} --------- 0 
 04/09/2010 03:10 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{b0105f35-87a0-4a51-8cd4-46aafa96998e} --------- 0 
 02/25/2010 03:06 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Metro 2033_disk1.sim --------- 8974 
 02/11/2010 12:36 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{b96489d4-a438-4ab5-bb54-4e9ea7eb24bf} --------- 0 
 02/11/2010 08:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{d862a78b-bb85-47f2-9af6-bc93ff955f5a} --------- 0 
 02/11/2010 07:24 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65} --------- 0 
 02/11/2010 07:08 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{E35B3C63-E958-4E31-A178-95D22024109A} --------- 0 
 02/11/2010 06:15 AM    C:\Users\WILLSP~1\AppData\Local\Temp\dirt2_Data_DFE --------- 0 
 02/11/2010 03:59 AM    C:\Users\WILLSP~1\AppData\Local\Temp\msdtadmin --------- 0 
 02/11/2010 03:59 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp1704.tmp --------- 0 
 01/28/2010 03:52 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{8d3c4155-d076-4d0c-9d5e-89d6bb88fdf6} --------- 0 
 01/28/2010 03:41 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{a995864b-3323-486f-8649-62fc21e8cb28} --------- 0 
 01/28/2010 03:41 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{533d32a0-40f8-4538-97d4-88cdce6fdd00} --------- 0 
 01/28/2010 03:19 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{50f47146-63bc-4a82-ab42-2712be4a2576} --------- 0 
 01/28/2010 01:40 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{19ACC836-2708-4E5A-86BC-86406636E6D8} --------- 0 
 01/26/2010 01:05 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{0FC5201A-EF90-42E8-97ED-E6D69F4328C2} --------- 0 
 01/26/2010 01:04 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{6cf3fd45-c042-489b-aa24-b2abc80344d8} --------- 0 
 01/26/2010 01:03 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{2FB54804-F368-49B1-B185-20762D0B34D7} --------- 0 
 01/26/2010 01:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{06BC3F63-1C0A-444F-94C2-1BCDF8226A44} --------- 0 
 01/26/2010 01:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{1a4834e2-ccb8-4756-9b9e-424f9f43c73b} --------- 0 
 01/26/2010 01:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{F0787494-9620-4B86-A40D-C67A3246853D} --------- 0 
 01/26/2010 01:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{3A6D79D7-DD8B-468C-AB0E-1B5CB3CD6767} --------- 0 
 01/26/2010 12:53 AM    C:\Users\WILLSP~1\AppData\Local\Temp\pft361B.tmp --------- 0 
 01/26/2010 12:53 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{74aba1d9-6f77-4a7e-8c10-62ce19ad5c65} --------- 0 
 01/26/2010 12:50 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{5D96625A-3AE2-4E9F-8AD4-9935A2177B0B} --------- 0 
 01/26/2010 12:46 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{664830F8-C0F6-4296-AAC2-F39369F5EF03} --------- 0 
 01/26/2010 12:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\{7ce60f85-c90a-4cfa-bcc0-10ae812958b3} --------- 0 
 01/26/2010 12:11 AM    C:\Users\WILLSP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
 04/30/2009 04:04 AM    C:\Users\WILLSP~1\AppData\Local\Temp\msvcr80.dll --------- 626688 
 04/30/2009 04:04 AM    C:\Users\WILLSP~1\AppData\Local\Temp\zlib1.dll --------- 75264 
 04/30/2009 04:04 AM    C:\Users\WILLSP~1\AppData\Local\Temp\SimPack.exe --------- 81408 
 07/25/2007 10:51 PM    C:\Users\WILLSP~1\AppData\Local\Temp\set6F19.tmp --------- 4493032 
 07/25/2007 10:51 PM    C:\Users\WILLSP~1\AppData\Local\Temp\set2479.tmp --------- 4493032 
----------------------------------------

 
C:\Program Files

 09/11/2010 05:27 AM    C:\Program Files\DivX --------- 0 
 01/28/2010 12:28 AM    C:\Program Files\WinRAR --------- 4096 
 01/26/2010 01:22 AM    C:\Program Files\Realtek --------- 0 
 01/26/2010 12:50 AM    C:\Program Files\NVIDIA Corporation --------- 0 
 07/14/2009 09:47 AM    C:\Program Files\DVD Maker --------- 4096 
 07/14/2009 09:46 AM    C:\Program Files\Windows Journal --------- 4096 
 07/14/2009 09:46 AM    C:\Program Files\Microsoft Games --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Windows Sidebar --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Windows Mail --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Internet Explorer --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Windows Media Player --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Windows Defender --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Windows Photo Viewer --------- 4096 
 07/14/2009 07:32 AM    C:\Program Files\Windows Portable Devices --------- 0 
 07/14/2009 07:32 AM    C:\Program Files\Windows NT --------- 0 
 07/14/2009 07:32 AM    C:\Program Files\MSBuild --------- 0 
 07/14/2009 07:32 AM    C:\Program Files\Reference Assemblies --------- 0 
 07/14/2009 07:09 AM    C:\Program Files\Uninstall Information --------- 0 
 07/14/2009 06:54 AM    C:\Program Files\desktop.ini --------- 174 
 07/14/2009 05:20 AM    C:\Program Files\Common Files --------- 4096 
----------------------------------------

 
C:\ProgramData\..

Will   
Will SPliff   
Administrator   
Public   
Default   
Default User   
All Users   
desktop.ini   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------

 

Image Name                    PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                  0        24 K
System                          4 Services                  0      1,712 K
smss.exe                      276 Services                  0        756 K
csrss.exe                      408 Services                  0      3,176 K
wininit.exe                    476 Services                  0      3,280 K
csrss.exe                      508 Console                    1      8,240 K
services.exe                  532 Services                  0      6,736 K
lsass.exe                      556 Services                  0      8,536 K
lsm.exe                        564 Services                  0      3,188 K
winlogon.exe                  624 Console                    1      5,044 K
svchost.exe                    704 Services                  0      6,912 K
nvvsvc.exe                    780 Services                  0      3,012 K
svchost.exe                    820 Services                  0      6,068 K
svchost.exe                    868 Services                  0    19,328 K
svchost.exe                    960 Services                  0    81,644 K
svchost.exe                  1012 Services                  0    27,732 K
audiodg.exe                    304 Services                  0    33,388 K
svchost.exe                    404 Services                  0    11,468 K
nvvsvc.exe                    1128 Console                    1      6,128 K
svchost.exe                  1200 Services                  0    11,576 K
spoolsv.exe                  1428 Services                  0      6,552 K
sched.exe                    1464 Services                  0      2,000 K
svchost.exe                  1484 Services                  0      8,892 K
avguard.exe                  1612 Services                  0    14,056 K
WinService.exe                1680 Services                  0      3,492 K
nvSCPAPISvr.exe              1780 Services                  0      3,664 K
SDWinSec.exe                  2000 Services                  0      7,220 K
avshadow.exe                  1176 Services                  0      2,524 K
conhost.exe                  1236 Services                  0      1,780 K
svchost.exe                  2228 Services                  0      4,092 K
taskhost.exe                  2400 Console                    1      6,120 K
dwm.exe                      2472 Console                    1    20,292 K
explorer.exe                  2516 Console                    1    47,940 K
RAVCpl64.exe                  2688 Console                    1      7,000 K
DTLite.exe                    2700 Console                    1      5,188 K
uTorrent.exe                  2756 Console                    1      8,580 K
TeaTimer.exe                  2804 Console                    1    74,732 K
avgnt.exe                    2928 Console                    1      2,792 K
DivXUpdate.exe                2948 Console                    1      9,932 K
SearchIndexer.exe            2292 Services                  0    18,448 K
wmpnetwk.exe                  2748 Services                  0      9,372 K
svchost.exe                  3000 Services                  0    11,672 K
Wow.exe                      3584 Console                    1    199,016 K
firefox.exe                  3600 Console                    1    106,820 K
plugin-container.exe          3952 Console                    1    21,024 K
svchost.exe                    908 Services                  0    29,308 K
wmplayer.exe                  2540 Console                    1    57,864 K
notepad.exe                  3260 Console                    1      5,964 K
notepad.exe                  2208 Console                    1      5,920 K
SearchProtocolHost.exe        2624 Services                  0      7,964 K
SearchFilterHost.exe          976 Services                  0      6,156 K
WinRAR.exe                    3184 Console                    1    14,812 K
cmd.exe                      2892 Console                    1      3,352 K
conhost.exe                  4064 Console                    1      4,888 K
tasklist.exe                  1756 Console                    1      5,116 K
WmiPrvSE.exe                  2216 Services                  0      5,744 K

 
***** Ende des Scans Tue 09/14/2010 um  8:13:19.86 ***
laptop kommt in der naechsten antwort von mir damit das uebersichtlicher ist

kira 09.09.2010 13:16
Zitat:
Zitat von mcpappe (Beitrag 565815)

laptop kommt in der naechsten antwort von mir damit das uebersichtlicher ist
nein...einen neuen Thread bitte für dein Lapi aufmachen :)

- Punkt 4. fehlt noch:-> http://www.trojaner-board.de/90534-m...tml#post565622
- auf dem ersten Blick ist nicht zu sehen, aber DAEMON Tools und uTorrent sorgen nicht direkt für Sicherheit deines Systems .."wahlweise" werden Adware mitinsalliert, oder ermöglicht das ungewollt zu tun ...

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

2.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.
Achtung!:
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ InternetoptionenSicherheit":
→ alles auf Standardstufe stellen
Active X erlauben - damit die neue Virendefinitionen installiert werden können

mcpappe 10.09.2010 10:06
nachtrag die listen von meinem Laptop
logfile of random's system information
[code
RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Will Spliff at 2010-09-10 10:54:03
Microsoft Windows 7 Ultimate 
System drive C: has 17 GB (6%) free of 283 GB
Total RAM: 4095 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:07 AM, on 9/10/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Will Spliff\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Will Spliff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Will Spliff\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8630 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-27 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-06 2260480]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-08-29 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-09-10 10:54:04 ----D---- C:\Program Files (x86)\trend micro
2010-09-10 10:54:03 ----D---- C:\rsit
2010-09-08 20:42:55 ----D---- C:\Windows\rescache
2010-09-06 00:13:40 ----D---- C:\Windows\SysWOW64\Wat
2010-09-05 22:05:50 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-09-05 21:55:13 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-09-05 21:55:13 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\fontsub.dll
2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-09-05 21:54:56 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-09-05 21:54:39 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-09-05 21:54:36 ----A---- C:\Windows\SysWOW64\ntdll.dll
2010-09-05 21:54:34 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-09-05 21:54:32 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-09-05 21:54:25 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-09-05 21:54:24 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2010-09-05 21:54:21 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-09-05 21:54:19 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\secproc.dll
2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2010-09-05 21:54:17 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2010-09-05 21:54:17 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2010-09-05 21:54:16 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2010-09-05 21:54:15 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2010-09-05 21:53:53 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-09-05 21:53:50 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-09-05 21:53:48 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-09-05 21:53:38 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-09-05 21:53:38 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-09-05 21:53:29 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-09-05 21:53:26 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-09-05 21:53:24 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-09-05 21:53:19 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-09-05 21:53:17 ----A---- C:\Windows\SysWOW64\explorer.exe
2010-09-05 21:53:17 ----A---- C:\Windows\explorer.exe
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\wow32.dll
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\user.exe
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\setup16.exe
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\instnm.exe
2010-09-05 21:53:13 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-09-05 21:53:01 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-09-05 21:52:51 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-09-05 21:52:48 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-09-05 21:52:45 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\avifil32.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\msyuv.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\msrle32.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2010-09-05 21:52:37 ----A---- C:\Windows\SysWOW64\msasn1.dll
2010-09-05 21:52:36 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-09-05 21:52:33 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-09-05 21:13:49 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-09-05 21:13:48 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-09-01 09:47:46 ----D---- C:\Users\Will Spliff\AppData\Roaming\gtk-2.0
2010-08-29 23:35:54 ----D---- C:\Windows\Internet Logs
2010-08-29 21:16:08 ----D---- C:\Users\Will Spliff\AppData\Roaming\vlc
2010-08-29 21:15:43 ----D---- C:\Program Files (x86)\VideoLAN
2010-08-29 16:09:36 ----D---- C:\Windows\PCHEALTH
2010-08-29 16:09:36 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-08-29 16:07:46 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-08-29 16:06:36 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-08-29 16:06:01 ----D---- C:\Program Files (x86)\Microsoft Office
2010-08-29 16:05:55 ----D---- C:\ProgramData\Microsoft Help
2010-08-29 16:05:33 ----RHD---- C:\MSOCache
2010-08-24 11:55:03 ----D---- C:\Users\Will Spliff\AppData\Roaming\Foxit Software
2010-08-24 11:49:52 ----D---- C:\Program Files (x86)\Foxit Software
2010-08-20 23:00:24 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-08-20 23:00:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-08-20 23:00:23 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-08-20 23:00:17 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-08-20 23:00:13 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-08-20 22:43:20 ----D---- C:\Program Files (x86)\1C Company
2010-08-19 01:21:36 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-08-19 01:21:35 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-08-19 01:21:35 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-08-19 01:21:34 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-08-19 01:21:34 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-08-19 01:21:33 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-08-19 01:21:33 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-08-19 01:21:32 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-08-19 01:21:32 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-08-19 01:21:31 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-08-19 01:21:29 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-08-19 01:21:28 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-08-19 01:21:28 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-08-19 01:21:27 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-08-19 01:21:27 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-08-19 01:21:26 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-08-19 01:21:26 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-08-19 01:21:24 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-08-19 01:21:22 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-08-19 01:21:20 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-08-19 01:21:20 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-08-19 01:10:14 ----D---- C:\Program Files (x86)\Nobilis
2010-08-18 12:08:38 ----D---- C:\Users\Will Spliff\AppData\Roaming\WinRAR
2010-08-14 22:11:06 ----D---- C:\Users\Will Spliff\AppData\Roaming\.purple
2010-08-14 22:10:43 ----D---- C:\Program Files (x86)\Pidgin
2010-08-14 17:54:30 ----D---- C:\Program Files (x86)\MP3 Player Utilities 4.17
2010-08-14 15:25:58 ----D---- C:\Program Files (x86)\Lavalys
2010-08-13 23:37:50 ----D---- C:\Users\Will Spliff\AppData\Roaming\TuneUp Software
2010-08-13 23:37:14 ----D---- C:\ProgramData\TuneUp Software
2010-08-13 23:37:09 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-13 20:07:22 ----D---- C:\Users\Will Spliff\AppData\Roaming\TS3Client
2010-08-13 20:00:43 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2010-08-13 19:32:26 ----D---- C:\Users\Will Spliff\AppData\Roaming\skypePM
2010-08-13 19:31:35 ----D---- C:\Users\Will Spliff\AppData\Roaming\Skype
2010-08-13 19:31:14 ----RD---- C:\Program Files (x86)\Skype
2010-08-13 19:31:14 ----D---- C:\Program Files (x86)\Common Files\Skype
2010-08-13 19:31:09 ----D---- C:\ProgramData\Skype
2010-08-02 19:32:40 ----D---- C:\Users\Will Spliff\AppData\Roaming\ROUTE 66 Sync
2010-08-02 19:32:21 ----D---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-02 19:31:56 ----D---- C:\Program Files (x86)\Common Files\ROUTE 66
2010-08-02 19:31:54 ----D---- C:\Program Files (x86)\ROUTE 66
2010-07-31 20:45:46 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-07-31 20:45:31 ----D---- C:\Program Files (x86)\DivX
2010-07-31 20:44:50 ----D---- C:\ProgramData\DivX
2010-07-31 20:09:36 ----D---- C:\Windows\Minidump
2010-07-31 20:09:29 ----A---- C:\Windows\ntbtlog.txt
2010-07-31 13:05:41 ----D---- C:\Windows\pss
2010-07-30 18:02:54 ----D---- C:\Users\Will Spliff\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-30 18:02:33 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-07-30 18:02:32 ----D---- C:\Program Files (x86)\DVDVideoSoft
2010-07-30 17:59:44 ----D---- C:\Program Files (x86)\VirtualDJ
2010-07-29 19:03:06 ----D---- C:\Program Files (x86)\Runes of Magic
2010-07-29 16:50:58 ----D---- C:\ProgramData\TrackMania
2010-07-29 16:40:54 ----D---- C:\ProgramData\ATI
2010-07-29 16:40:53 ----D---- C:\Users\Will Spliff\AppData\Roaming\ATI
2010-07-29 16:34:13 ----D---- C:\Program Files (x86)\ATI Technologies
2010-07-29 16:31:35 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-07-29 16:31:34 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-07-29 16:31:32 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-07-29 16:31:10 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-07-29 16:31:05 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-07-29 16:31:05 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-07-29 16:31:04 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-07-29 16:31:02 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-07-29 16:31:01 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-07-29 16:31:00 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-07-29 16:30:59 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-07-29 16:30:58 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-07-29 16:23:31 ----D---- C:\Program Files (x86)\TmUnitedForever
2010-07-29 16:18:52 ----A---- C:\Windows\SysWOW64\drivers\mcdbus.sys
2010-07-29 16:18:50 ----D---- C:\Program Files (x86)\MagicDisc
2010-07-29 16:11:05 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-07-29 16:10:43 ----D---- C:\Users\Will Spliff\AppData\Roaming\DAEMON Tools Lite
2010-07-29 16:10:39 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-07-29 16:07:51 ----D---- C:\Users\Will Spliff\AppData\Roaming\DAEMON Tools Pro
2010-07-29 16:07:51 ----D---- C:\ProgramData\DAEMON Tools Pro
2010-07-29 15:30:28 ----D---- C:\Program Files (x86)\uTorrent
2010-07-29 15:30:04 ----D---- C:\Users\Will Spliff\AppData\Roaming\uTorrent
2010-07-29 14:35:41 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-29 14:35:41 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-07-29 14:29:04 ----D---- C:\Users\Will Spliff\AppData\Roaming\CheckPoint
2010-07-29 14:28:37 ----D---- C:\Program Files (x86)\Conduit
2010-07-29 14:28:22 ----A---- C:\Windows\SysWOW64\vsutil_loc0407.dll
2010-07-29 14:25:19 ----D---- C:\ProgramData\CheckPoint
2010-07-29 12:06:37 ----D---- C:\Users\Will Spliff\AppData\Roaming\Mozilla
2010-07-29 12:06:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-07-29 04:38:39 ----D---- C:\Windows\Panther
2010-07-29 04:23:50 ----D---- C:\Windows.old
2010-07-29 04:05:21 ----D---- C:\Users\Will Spliff\AppData\Roaming\Identities
2010-07-29 04:04:41 ----SD---- C:\Users\Will Spliff\AppData\Roaming\Microsoft
2010-07-29 04:04:41 ----D---- C:\Users\Will Spliff\AppData\Roaming\Media Center Programs
2010-07-29 03:43:05 ----D---- C:\Windows\SoftwareDistribution
2010-07-29 03:40:37 ----D---- C:\Windows\Prefetch
2010-07-29 02:01:58 ----D---- C:\Users\Will Spliff\AppData\Roaming\Macromedia
2010-07-29 02:01:58 ----D---- C:\Users\Will Spliff\AppData\Roaming\Adobe
2010-07-29 02:01:53 ----D---- C:\Windows\SysWOW64\Macromed
2010-07-29 02:00:40 ----D---- C:\ProgramData\NOS
2010-07-28 21:15:19 ----D---- C:\Users\Will Spliff\AppData\Roaming\Avira
2010-07-28 21:12:43 ----A---- C:\Windows\SysWOW64\drivers\avgntmgr.sys
2010-07-28 21:12:43 ----A---- C:\Windows\SysWOW64\drivers\avgntdd.sys
2010-07-28 21:12:42 ----D---- C:\ProgramData\Avira
2010-07-28 21:12:42 ----D---- C:\Program Files (x86)\Avira
2010-07-28 21:11:45 ----SHD---- C:\Windows\Installer
2010-07-25 10:43:35 ----D---- C:\CrashReport
2010-07-07 03:55:08 ----A---- C:\Windows\SysWOW64\atioglxx.dll
2010-07-07 03:54:08 ----A---- C:\Windows\SysWOW64\aticfx32.dll
2010-07-07 03:49:28 ----A---- C:\Windows\SysWOW64\atipdlxx.dll
2010-07-07 03:49:18 ----A---- C:\Windows\SysWOW64\Oemdspif.dll
2010-07-07 03:49:06 ----A---- C:\Windows\SysWOW64\ati2edxx.dll
2010-07-07 03:46:26 ----A---- C:\Windows\SysWOW64\atidxx32.dll
2010-07-07 03:29:24 ----A---- C:\Windows\SysWOW64\aticalrt.dll
2010-07-07 03:29:14 ----A---- C:\Windows\SysWOW64\aticalcl.dll
2010-07-07 03:28:20 ----A---- C:\Windows\SysWOW64\atiumdag.dll
2010-07-07 03:27:58 ----A---- C:\Windows\SysWOW64\aticaldd.dll
2010-07-07 03:23:14 ----A---- C:\Windows\SysWOW64\atiumdva.dll
2010-07-07 03:16:02 ----A---- C:\Windows\SysWOW64\atiadlxy.dll
2010-07-07 03:15:50 ----A---- C:\Windows\SysWOW64\atiglpxx.dll
2010-07-07 03:15:46 ----A---- C:\Windows\SysWOW64\atigktxx.dll
2010-07-07 03:14:58 ----A---- C:\Windows\SysWOW64\atiuxpag.dll
2010-07-07 03:14:44 ----A---- C:\Windows\SysWOW64\atiu9pag.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SysWOW64\atimpc32.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SysWOW64\amdpcom32.dll

======List of files/folders modified in the last 3 months======

2010-09-10 10:54:06 ----D---- C:\Windows\Temp
2010-09-10 10:54:04 ----RD---- C:\Program Files (x86)
2010-09-10 10:49:07 ----D---- C:\Windows\System32
2010-09-10 10:49:06 ----D---- C:\Windows\inf
2010-09-09 00:00:09 ----SHD---- C:\System Volume Information
2010-09-08 20:42:55 ----D---- C:\Windows
2010-09-08 20:18:53 ----D---- C:\Windows\Microsoft.NET
2010-09-08 20:18:37 ----RSD---- C:\Windows\assembly
2010-09-06 08:03:38 ----D---- C:\Windows\winsxs
2010-09-06 00:13:51 ----D---- C:\Windows\SysWOW64
2010-09-06 00:13:49 ----D---- C:\Program Files (x86)\Windows Media Player
2010-09-06 00:13:47 ----D---- C:\Program Files (x86)\Windows Mail
2010-09-06 00:13:45 ----D---- C:\Windows\SysWOW64\migration
2010-09-06 00:13:45 ----D---- C:\Program Files (x86)\Internet Explorer
2010-09-06 00:13:43 ----D---- C:\Windows\AppPatch
2010-09-06 00:13:40 ----D---- C:\Windows\ehome
2010-09-05 21:57:59 ----D---- C:\Windows\SysWOW64\en-US
2010-09-05 21:56:06 ----D---- C:\Windows\debug
2010-09-05 21:05:54 ----D---- C:\Windows\Logs
2010-09-03 20:26:17 ----D---- C:\Spiele
2010-08-29 23:35:56 ----HD---- C:\ProgramData
2010-08-29 16:11:38 ----RSD---- C:\Windows\Fonts
2010-08-29 16:11:37 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-08-29 16:11:25 ----D---- C:\Windows\ShellNew
2010-08-29 16:10:20 ----RD---- C:\Program Files
2010-08-29 16:10:05 ----D---- C:\Program Files (x86)\MSBuild
2010-08-29 16:09:36 ----SD---- C:\ProgramData\Microsoft
2010-08-29 16:07:01 ----A---- C:\Windows\win.ini
2010-08-15 11:48:18 ----RD---- C:\Users
2010-08-14 17:54:38 ----D---- C:\Windows\SysWOW64\drivers
2010-08-13 19:31:14 ----D---- C:\Program Files (x86)\Common Files
2010-07-29 13:40:20 ----D---- C:\Windows\Downloaded Program Files
2010-07-29 04:38:34 ----RASH---- C:\BOOTSECT.BAK
2010-07-29 04:38:31 ----SHD---- C:\Boot
2010-07-29 04:05:12 ----SHD---- C:\$Recycle.Bin
2010-07-29 04:03:05 ----D---- C:\Windows\Setup
2010-07-29 03:59:48 ----SHD---- C:\Recovery
2010-07-29 03:40:32 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-25 255552]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 aufghyde;aufghyde; C:\Windows\SysWOW64\drivers\aufghyde.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------
--- --- ---


info von rsit
[code]
info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.08 2010-09-10 10:54:10

======Uninstall list======

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EVEREST Home Edition v2.20-->"C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Free Audio CD Burner version 1.4-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.7-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
King’s Bounty: The Legend (Nur entfernen)-->"C:\Program Files (x86)\Nobilis\King's Bounty\unins000.exe"
Kings Bounty Armored Princess-->"C:\Program Files (x86)\1C Company\Kings Bounty Armored Princess\unins000.exe"
MagicDisc 2.7.106-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.17-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
ROUTE 66 Sync-->C:\Program Files (x86)\InstallShield Installation Information\{DB306600-E862-43B3-9C52-CA1D6C5B192B}\setup.exe -runfromtemp -l0x0407
Runes of Magic-->"C:\Program Files (x86)\Runes of Magic\unins000.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
TmUnitedForever Update 2010-03-15-->"C:\Program Files (x86)\TmUnitedForever\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

======System event log======

Computer Name: WillSpliff-PC
Event Code: 6008
Message: The previous system shutdown at 4:38:18 AM on ?7/?29/?2010 was unexpected.
Record Number: 817
Source Name: EventLog
Time Written: 20100729113931.000000-000
Event Type: Error
User:

Computer Name: WillSpliff-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
Record Number: 787
Source Name: Microsoft-Windows-HAL
Time Written: 20100729003305.702326-000
Event Type: Error
User:

Computer Name: WillSpliff-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 681
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100728223409.402251-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: WillSpliff-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 452
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100729020308.868944-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: WillSpliff-PC
Event Code: 7023
Message: The Windows Search service terminated with the following error:
The media is write protected.
Record Number: 356
Source Name: Service Control Manager
Time Written: 20100729015509.937781-000
Event Type: Error
User:

=====Application event log=====

Computer Name: WillSpliff-PC
Event Code: 33
Message: Activation context generation failed for "C:\Users\WILLSP~1\AppData\Local\Temp\RarSFX0\redist.dll". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 228
Source Name: SideBySide
Time Written: 20100728191143.000000-000
Event Type: Error
User:

Computer Name: WillSpliff-PC
Event Code: 11
Message: Possible Memory Leak.  Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 748) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)].  [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked.  The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20).  User Action: Contact your application vendor for an updated version of the application.
Record Number: 220
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100729020816.207357-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: WillSpliff-PC
Event Code: 6003
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.
Record Number: 188
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100729020308.000000-000
Event Type: Warning
User:

Computer Name: WillSpliff-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 170
Source Name: Microsoft-Windows-Search
Time Written: 20100729015949.000000-000
Event Type: Warning
User:

Computer Name: 37L4247E29-32
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 163
Source Name: Microsoft-Windows-Search
Time Written: 20100729015455.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
        Security ID:                S-1-5-18
        Account Name:                37L4247E29-32$
        Account Domain:                WORKGROUP
        Logon ID:                0x3e7

Group:
        Security ID:                S-1-5-32-551
        Group Name:                Backup Operators
        Group Domain:                Builtin

Changed Attributes:
        SAM Account Name:        -
        SID History:                -

Additional Information:
        Privileges:                -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013959.612166-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
        Security ID:                S-1-5-18
        Account Name:                37L4247E29-32$
        Account Domain:                WORKGROUP
        Logon ID:                0x3e7

New Group:
        Security ID:                S-1-5-32-551
        Group Name:                Backup Operators
        Group Domain:                Builtin

Attributes:
        SAM Account Name:        Backup Operators
        SID History:                -

Additional Information:
        Privileges:                -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013959.612166-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:        0
Policy ID:        0x314ba
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013958.863363-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
        Security ID:                S-1-0-0
        Account Name:                -
        Account Domain:                -
        Logon ID:                0x0

Logon Type:                        0

New Logon:
        Security ID:                S-1-5-18
        Account Name:                SYSTEM
        Account Domain:                NT AUTHORITY
        Logon ID:                0x3e7
        Logon GUID:                {00000000-0000-0000-0000-000000000000}

Process Information:
        Process ID:                0x4
        Process Name:               

Network Information:
        Workstation Name:        -
        Source Network Address:        -
        Source Port:                -

Detailed Authentication Information:
        Logon Process:                -
        Authentication Package:        -
        Transited Services:        -
        Package Name (NTLM only):        -
        Key Length:                0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
        - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
        - Transited services indicate which intermediate services have participated in this logon request.
        - Package name indicates which sub-protocol was used among the NTLM protocols.
        - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013955.587352-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013955.462551-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"tvdumpflags"=8

-----------------EOF-----------------
--- --- ---


hjtscanlist
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

  09/10/2010 10:54 AM    C:\rsit --------- 0 
  09/10/2010 10:54 AM    C:\Program Files (x86) --------- 12288 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  09/09/2010 12:00 AM    C:\System Volume Information --------- 16384 
  09/08/2010 08:42 PM    C:\Windows --------- 16384 
  09/03/2010 08:26 PM    C:\Spiele --------- 8192 
  09/03/2010 04:37 PM    C:\Windows.old --------- 4096 
  08/29/2010 11:35 PM    C:\ProgramData --------- 4096 
  08/29/2010 04:10 PM    C:\Program Files --------- 8192 
  08/29/2010 04:05 PM    C:\MSOCache --------- 0 
  08/15/2010 11:48 AM    C:\Users --------- 4096 
  07/29/2010 04:38 AM    C:\BOOTSECT.BAK --------- 8192 
  07/29/2010 04:38 AM    C:\Boot --------- 4096 
  07/29/2010 04:05 AM    C:\$Recycle.Bin --------- 0 
  07/29/2010 04:03 AM    C:\LMBUI --------- 206312 
  07/29/2010 04:03 AM    C:\wedaolu --------- 9 
  07/29/2010 03:59 AM    C:\Recovery --------- 0 
  07/25/2010 10:43 AM    C:\CrashReport --------- 0 
  04/10/2010 03:39 AM    C:\Nexon --------- 0 
  04/04/2010 05:48 PM    C:\AMD --------- 0 
  02/24/2010 09:03 PM    C:\NeverwinterNights --------- 0 
  02/24/2010 05:00 PM    C:\WinSetupFromUSB --------- 0 
  02/23/2010 04:27 PM    C:\.Trash-1000 --------- 0 
  02/19/2010 03:54 PM    C:\DirectX9 --------- 0 
  02/18/2010 11:37 PM    C:\ATI --------- 0 
  02/18/2010 05:39 PM    C:\winx.ld --------- 20 
  02/18/2010 05:39 PM    C:\FWBXV --------- 282106 
  07/14/2009 07:08 AM    C:\Documents and Settings --------- 0 
  07/14/2009 05:20 AM    C:\PerfLogs --------- 0 
  07/14/2009 03:38 AM    C:\bootmgr --------- 383562 
----------------------------------------

 
C:\Windows

  09/10/2010 10:48 AM    C:\Windows\WindowsUpdate.log --------- 1763202 
  09/10/2010 10:45 AM    C:\Windows\ntbtlog.txt --------- 1178470 
  09/10/2010 10:44 AM    C:\Windows\setupact.log --------- 26425 
  09/10/2010 10:44 AM    C:\Windows\bootstat.dat --------- 67584 
  09/06/2010 12:13 AM    C:\Windows\PFRO.log --------- 10246 
  08/29/2010 04:07 PM    C:\Windows\win.ini --------- 478 
  08/20/2010 11:00 PM    C:\Windows\DirectX.log --------- 344583 
  07/29/2010 03:50 AM    C:\Windows\setuperr.log --------- 269 
  07/29/2010 03:43 AM    C:\Windows\DtcInstall.log --------- 1774 
  07/29/2010 03:43 AM    C:\Windows\TSSysprep.log --------- 1313 
  07/29/2010 03:42 AM    C:\Windows\ativpsrm.bin --------- 0 
  06/18/2010 07:13 AM    C:\Windows\atiogl.xml --------- 21682 
  10/31/2009 08:34 AM    C:\Windows\explorer.exe --------- 2870272 
  07/14/2009 06:54 AM    C:\Windows\WindowsShell.Manifest --------- 749 
  07/14/2009 03:39 AM    C:\Windows\write.exe --------- 10240 
  07/14/2009 03:39 AM    C:\Windows\splwow64.exe --------- 61952 
  07/14/2009 03:39 AM    C:\Windows\regedit.exe --------- 427008 
  07/14/2009 03:39 AM    C:\Windows\notepad.exe --------- 193536 
  07/14/2009 03:39 AM    C:\Windows\hh.exe --------- 16896 
  07/14/2009 03:39 AM    C:\Windows\HelpPane.exe --------- 733696 
  07/14/2009 03:39 AM    C:\Windows\fveupdate.exe --------- 15360 
  07/14/2009 03:38 AM    C:\Windows\bfsvc.exe --------- 71168 
  07/14/2009 03:16 AM    C:\Windows\twain_32.dll --------- 51200 
  07/14/2009 03:14 AM    C:\Windows\winhlp32.exe --------- 9728 
  07/14/2009 03:14 AM    C:\Windows\twunk_32.exe --------- 31232 
  07/14/2009 01:06 AM    C:\Windows\mib.bin --------- 43131 
  06/10/2009 11:41 PM    C:\Windows\twunk_16.exe --------- 49680 
  06/10/2009 11:41 PM    C:\Windows\twain.dll --------- 94784 
  06/10/2009 11:08 PM    C:\Windows\system.ini --------- 219 
  06/10/2009 10:52 PM    C:\Windows\WMSysPr9.prx --------- 316640 
  06/10/2009 10:36 PM    C:\Windows\msdfmap.ini --------- 1405 
  06/10/2009 10:31 PM    C:\Windows\Ultimate.xml --------- 51867 
  06/10/2009 10:31 PM    C:\Windows\Starter.xml --------- 48201 
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 09/10/2010 10:52 AM    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 17168 
 09/10/2010 10:52 AM    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 17168 
 09/10/2010 10:49 AM    C:\Windows\system32\perfc009.dat --------- 103702 
 09/10/2010 10:49 AM    C:\Windows\system32\perfh009.dat --------- 615360 
 09/10/2010 10:49 AM    C:\Windows\system32\PerfStringBackup.INI --------- 713888 
 09/10/2010 12:53 AM    C:\Windows\system32\config --------- 12288 
 09/06/2010 12:50 AM    C:\Windows\system32\DriverStore --------- 4096 
 09/06/2010 12:50 AM    C:\Windows\system32\drivers --------- 65536 
 09/06/2010 12:21 AM    C:\Windows\system32\catroot --------- 4096 
 09/06/2010 12:21 AM    C:\Windows\system32\catroot2 --------- 4096 
 09/06/2010 12:15 AM    C:\Windows\system32\FNTCACHE.DAT --------- 417352 
 09/06/2010 12:13 AM    C:\Windows\system32\migration --------- 0 
 09/06/2010 12:13 AM    C:\Windows\system32\Wat --------- 0 
 09/05/2010 09:57 PM    C:\Windows\system32\en-US --------- 327680 
 08/29/2010 11:21 PM    C:\Windows\system32\NDF --------- 0 
 08/29/2010 04:13 PM    C:\Windows\system32\Tasks --------- 4096 
 08/11/2010 02:37 AM    C:\Windows\system32\LogFiles --------- 4096 
 08/03/2010 11:52 AM    C:\Windows\system32\MRT.exe --------- 37437384 
 08/02/2010 09:02 AM    C:\Windows\system32\wdi --------- 4096 
 07/29/2010 04:02 AM    C:\Windows\system32\oobe --------- 4096 
 07/29/2010 03:49 AM    C:\Windows\system32\CodeIntegrity --------- 0 
 07/29/2010 03:44 AM    C:\Windows\system32\license.rtf --------- 42045 
 07/29/2010 03:43 AM    C:\Windows\system32\sysprep --------- 0 
 07/28/2010 09:22 PM    C:\Windows\system32\restore --------- 0 
 07/27/2010 04:59 PM    C:\Windows\system32\shell32.dll --------- 14162944 
 07/07/2010 04:16 AM    C:\Windows\system32\atio6axx.dll --------- 20118528 
 07/07/2010 03:54 AM    C:\Windows\system32\atiapfxx.blb --------- 63416 
 07/07/2010 03:54 AM    C:\Windows\system32\atiapfxx.exe --------- 143360 
 07/07/2010 03:53 AM    C:\Windows\system32\aticfx64.dll --------- 594432 
 07/07/2010 03:51 AM    C:\Windows\system32\ATIDEMGX.dll --------- 446464 
 07/07/2010 03:51 AM    C:\Windows\system32\atieclxx.exe --------- 462336 
 07/07/2010 03:50 AM    C:\Windows\system32\atiesrxx.exe --------- 203264 
 07/07/2010 03:49 AM    C:\Windows\system32\atitmm64.dll --------- 120320 
 07/07/2010 03:49 AM    C:\Windows\system32\atipdl64.dll --------- 421376 
 07/07/2010 03:49 AM    C:\Windows\system32\atimuixx.dll --------- 12288 
 07/07/2010 03:49 AM    C:\Windows\system32\atiedu64.dll --------- 59392 
 07/07/2010 03:37 AM    C:\Windows\system32\atidxx64.dll --------- 4463616 
 07/07/2010 03:30 AM    C:\Windows\system32\atiumd6a.dll --------- 2785792 
 07/07/2010 03:29 AM    C:\Windows\system32\aticalrt64.dll --------- 51200 
 07/07/2010 03:29 AM    C:\Windows\system32\aticalcl64.dll --------- 44544 
 07/07/2010 03:29 AM    C:\Windows\system32\aticaldd64.dll --------- 5378560 
 07/07/2010 03:27 AM    C:\Windows\system32\atiumd6a.cap --------- 543664 
 07/07/2010 03:24 AM    C:\Windows\system32\coinst.dll --------- 55296 
 07/07/2010 03:22 AM    C:\Windows\system32\atiumd64.dll --------- 5099008 
 07/07/2010 03:16 AM    C:\Windows\system32\atiadlxx.dll --------- 335872 
 07/07/2010 03:15 AM    C:\Windows\system32\atig6pxx.dll --------- 14848 
 07/07/2010 03:15 AM    C:\Windows\system32\atiglpxx.dll --------- 12800 
 07/07/2010 03:15 AM    C:\Windows\system32\atig6txx.dll --------- 18432 
 07/07/2010 03:15 AM    C:\Windows\system32\atiuxp64.dll --------- 39424 
 07/07/2010 03:14 AM    C:\Windows\system32\atiu9p64.dll --------- 30208 
 07/07/2010 03:11 AM    C:\Windows\system32\atimpc64.dll --------- 54272 
 07/07/2010 03:11 AM    C:\Windows\system32\amdpcom64.dll --------- 54272 
 06/30/2010 09:13 AM    C:\Windows\system32\wininet.dll --------- 1192960 
 06/30/2010 09:13 AM    C:\Windows\system32\urlmon.dll --------- 1494528 
 06/30/2010 09:12 AM    C:\Windows\system32\mstime.dll --------- 1026048 
 06/30/2010 09:12 AM    C:\Windows\system32\mshtml.dll --------- 9298432 
 06/30/2010 09:12 AM    C:\Windows\system32\msfeedsbs.dll --------- 82944 
 06/30/2010 09:11 AM    C:\Windows\system32\jsproxy.dll --------- 64512 
 06/30/2010 09:11 AM    C:\Windows\system32\ieui.dll --------- 247808 
 06/30/2010 09:11 AM    C:\Windows\system32\iepeers.dll --------- 256000 
 06/30/2010 09:11 AM    C:\Windows\system32\ieframe.dll --------- 12364800 
 06/30/2010 09:11 AM    C:\Windows\system32\iedkcs32.dll --------- 445952 
 06/30/2010 09:09 AM    C:\Windows\system32\msfeedssync.exe --------- 12288 
 06/30/2010 06:56 AM    C:\Windows\system32\mshtml.tlb --------- 1638912 
 06/19/2010 09:05 AM    C:\Windows\system32\ntoskrnl.exe --------- 5507968 
 06/19/2010 08:53 AM    C:\Windows\system32\rtutils.dll --------- 52224 
 06/19/2010 06:32 AM    C:\Windows\system32\win32k.sys --------- 3122688 
 06/16/2010 08:11 AM    C:\Windows\system32\schannel.dll --------- 340992 
 06/16/2010 12:28 AM    C:\Windows\system32\atipblag.dat --------- 2857 
 06/08/2010 07:36 AM    C:\Windows\system32\msxml3.dll --------- 1877504 
 05/27/2010 08:34 AM    C:\Windows\system32\atmlib.dll --------- 46080 
 05/27/2010 06:11 AM    C:\Windows\system32\atmfd.dll --------- 366080 
 05/21/2010 02:14 PM    C:\Windows\system32\MpSigStub.exe --------- 270208 
 05/19/2010 09:48 PM    C:\Windows\system32\cdd.dll --------- 144384 
 05/11/2010 10:42 PM    C:\Windows\system32\atiicdxx.dat --------- 205156 
 05/09/2010 11:46 AM    C:\Windows\system32\CPFilters.dll --------- 961024 
 05/09/2010 11:45 AM    C:\Windows\system32\msdri.dll --------- 552960 
 05/09/2010 11:44 AM    C:\Windows\system32\MSNP.ax --------- 288256 
 05/09/2010 11:44 AM    C:\Windows\system32\mpg2splt.ax --------- 258560 
 04/23/2010 09:11 AM    C:\Windows\system32\tzres.dll --------- 2048 
 04/07/2010 09:37 AM    C:\Windows\system32\oleaut32.dll --------- 861184 
 03/24/2010 08:59 AM    C:\Windows\system32\ntdll.dll --------- 1736608 
 03/08/2010 11:59 PM    C:\Windows\system32\vbscript.dll --------- 612352 
 03/05/2010 09:52 AM    C:\Windows\system32\asycfilt.dll --------- 84992 
 03/04/2010 09:57 AM    C:\Windows\system32\inetcomm.dll --------- 976896 
 02/23/2010 10:16 AM    C:\Windows\system32\browserchoice.exe --------- 294912 
 02/20/2010 05:20 PM    C:\Windows\system32\FM20ENU.DLL --------- 31616 
 02/20/2010 05:20 PM    C:\Windows\system32\FM20.DLL --------- 1603944 
 02/17/2010 09:41 PM    C:\Windows\system32\VBAME.DLL --------- 54656 
 01/19/2010 11:05 AM    C:\Windows\system32\secproc_isv.dll --------- 422912 
 01/19/2010 11:05 AM    C:\Windows\system32\secproc_ssp.dll --------- 121856 
 01/19/2010 11:05 AM    C:\Windows\system32\secproc_ssp_isv.dll --------- 121856 
 01/19/2010 11:05 AM    C:\Windows\system32\secproc.dll --------- 424960 
 01/19/2010 11:00 AM    C:\Windows\system32\RMActivate_ssp_isv.exe --------- 305152 
 01/19/2010 11:00 AM    C:\Windows\system32\RMActivate_isv.exe --------- 357888 
 01/19/2010 11:00 AM    C:\Windows\system32\RMActivate_ssp.exe --------- 306688 
 01/19/2010 11:00 AM    C:\Windows\system32\RMActivate.exe --------- 356352 
 01/09/2010 09:19 AM    C:\Windows\system32\cabview.dll --------- 139264 
 12/29/2009 10:03 AM    C:\Windows\system32\wintrust.dll --------- 220672 
 12/22/2009 10:36 AM    C:\Windows\system32\wow64.dll --------- 243200 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 09/10/2010 10:44 AM    C:\Windows\Tasks\SA.DAT --------- 6 
 07/14/2009 07:08 AM    C:\Windows\Tasks\SCHEDLGU.TXT --------- 21836 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\WILLSP~1\AppData\Local\Temp

 09/10/2010 10:54 AM    C:\Users\WILLSP~1\AppData\Local\Temp\Rar$DI00.159 --------- 0 
 09/10/2010 10:54 AM    C:\Users\WILLSP~1\AppData\Local\Temp\Low --------- 0 
 09/10/2010 10:52 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-12 --------- 0 
 09/10/2010 10:46 AM    C:\Users\WILLSP~1\AppData\Local\Temp\WPDNSE --------- 0 
 09/06/2010 08:33 PM    C:\Users\WILLSP~1\AppData\Local\Temp\fla19A3.tmp --------- 15602431 
 09/06/2010 08:33 PM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-11 --------- 0 
 09/06/2010 08:07 AM    C:\Users\WILLSP~1\AppData\Local\Temp\wmsetup.log --------- 6186 
 09/06/2010 12:12 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-10 --------- 0 
 09/05/2010 09:24 PM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-9 --------- 0 
 09/05/2010 01:59 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-8 --------- 0 
 09/03/2010 01:00 AM    C:\Users\WILLSP~1\AppData\Local\Temp\~DF8FB07F023C775DE0.TMP --------- 114688 
 09/02/2010 05:39 PM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-7 --------- 0 
 09/02/2010 04:35 PM    C:\Users\WILLSP~1\AppData\Local\Temp\modFE1B.tmp --------- 222 
 09/02/2010 04:35 PM    C:\Users\WILLSP~1\AppData\Local\Temp\~DFC429079FFE864E40.TMP --------- 196608 
 09/02/2010 04:35 PM    C:\Users\WILLSP~1\AppData\Local\Temp\modEBB2.tmp --------- 182783 
 09/02/2010 04:35 PM    C:\Users\WILLSP~1\AppData\Local\Temp\modE9FD.tmp --------- 947 
 09/02/2010 04:33 PM    C:\Users\WILLSP~1\AppData\Local\Temp\modAE22.tmp --------- 5 
 09/01/2010 07:41 PM    C:\Users\WILLSP~1\AppData\Local\Temp\c0ZIiYot.exe.part --------- 388608 
 09/01/2010 12:03 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-6 --------- 0 
 08/29/2010 11:35 PM    C:\Users\WILLSP~1\AppData\Local\Temp\cpes_clean_log_20100829233549.log --------- 1836 
 08/29/2010 11:21 PM    C:\Users\WILLSP~1\AppData\Local\Temp\msdt --------- 0 
 08/29/2010 11:21 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmpB40F.tmp --------- 0 
 08/29/2010 11:21 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp5E81.tmp --------- 0 
 08/29/2010 05:47 PM    C:\Users\WILLSP~1\AppData\Local\Temp\TCD3F65.tmp --------- 0 
 08/29/2010 05:47 PM    C:\Users\WILLSP~1\AppData\Local\Temp\TCD2925.tmp --------- 0 
 08/29/2010 05:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\TCD8611.tmp --------- 0 
 08/29/2010 05:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\TCD7888.tmp --------- 0 
 08/29/2010 05:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\TCD75C8.tmp --------- 0 
 08/29/2010 05:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\TCD7549.tmp --------- 0 
 08/29/2010 05:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\TCD743E.tmp --------- 0 
 08/29/2010 04:47 PM    C:\Users\WILLSP~1\AppData\Local\Temp\SetupExe(20100829160502F10).log --------- 194437 
 08/29/2010 12:34 PM    C:\Users\WILLSP~1\AppData\Local\Temp\utt361E.tmp.bat --------- 74 
 08/29/2010 12:34 PM    C:\Users\WILLSP~1\AppData\Local\Temp\utt361E.tmp --------- 0 
 08/29/2010 12:34 PM    C:\Users\WILLSP~1\AppData\Local\Temp\utt3543.tmp.bat --------- 74 
 08/29/2010 12:34 PM    C:\Users\WILLSP~1\AppData\Local\Temp\utt3543.tmp --------- 0 
 08/29/2010 12:33 PM    C:\Users\WILLSP~1\AppData\Local\Temp\uttB329.tmp --------- 0 
 08/27/2010 11:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\utt7C7.tmp.bat --------- 74 
 08/27/2010 11:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\utt7C7.tmp --------- 0 
 08/27/2010 11:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\utt74A.tmp.bat --------- 74 
 08/27/2010 11:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\utt74A.tmp --------- 0 
 08/27/2010 11:32 AM    C:\Users\WILLSP~1\AppData\Local\Temp\uttF8B9.tmp --------- 0 
 08/27/2010 01:49 AM    C:\Users\WILLSP~1\AppData\Local\Temp\Will Spliff.bmp --------- 49208 
 08/25/2010 11:05 PM    C:\Users\WILLSP~1\AppData\Local\Temp\install_log.log --------- 100 
 08/25/2010 11:05 PM    C:\Users\WILLSP~1\AppData\Local\Temp\ASKSUTBLOG --------- 523804 
 08/25/2010 10:16 PM    C:\Users\WILLSP~1\AppData\Local\Temp\setup.exe --------- 2944904 
 08/24/2010 08:04 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp_grafx.jpg --------- 48034 
 08/24/2010 11:50 AM    C:\Users\WILLSP~1\AppData\Local\Temp\AskSearch --------- 0 
 08/19/2010 09:25 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div8F5.tmp --------- 0 
 08/19/2010 09:25 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divCABD.tmp --------- 0 
 08/19/2010 04:04 PM    C:\Users\WILLSP~1\AppData\Local\Temp\E17A.dir --------- 0 
 08/19/2010 04:04 PM    C:\Users\WILLSP~1\AppData\Local\Temp\E17A.tmp --------- 0 
 08/18/2010 04:33 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div9AE7.tmp --------- 0 
 08/18/2010 04:33 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div9B06.tmp --------- 0 
 08/18/2010 04:33 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divE252.tmp --------- 0 
 08/18/2010 03:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div6C78.tmp --------- 0 
 08/18/2010 03:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divA9E5.tmp --------- 0 
 08/18/2010 03:02 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divC235.tmp --------- 0 
 08/16/2010 10:18 PM    C:\Users\WILLSP~1\AppData\Local\Temp\msdtadmin --------- 0 
 08/16/2010 10:18 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp723C.tmp --------- 0 
 08/16/2010 09:50 PM    C:\Users\WILLSP~1\AppData\Local\Temp\OutofProcReport31588971.txt --------- 2678 
 08/16/2010 09:50 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{6e442883-e444-4ea5-99b0-ff28ddd45192} --------- 0 
 08/16/2010 09:49 PM    C:\Users\WILLSP~1\AppData\Local\Temp\cpes_clean_log_20100816214832.log --------- 20485 
 08/16/2010 09:42 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div276D.tmp --------- 0 
 08/16/2010 09:42 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div648C.tmp --------- 0 
 08/16/2010 09:42 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div96C2.tmp --------- 0 
 08/16/2010 09:42 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div9913.tmp --------- 0 
 08/16/2010 03:04 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp8038.tmp --------- 0 
 08/15/2010 11:23 PM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-5 --------- 0 
 08/15/2010 12:05 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp217.tmp1 --------- 0 
 08/15/2010 11:48 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmpCBA.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div10D1.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div72ED.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div8B5E.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div8DDD.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div8E59.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div8F34.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div9DE3.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divA2A4.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divAED4.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divBE11.tmp --------- 0 
 08/15/2010 11:17 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divC763.tmp --------- 0 
 08/14/2010 11:26 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp650.tmp1 --------- 0 
 08/14/2010 03:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp68.tmp1 --------- 0 
 08/14/2010 12:28 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp881.tmp1 --------- 0 
 08/14/2010 08:58 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp817.tmp1 --------- 0 
 08/13/2010 08:46 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp498.tmp2 --------- 0 
 08/13/2010 08:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\dd_vcredistUI2C1E.txt --------- 11430 
 08/13/2010 08:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\dd_vcredistMSI2C1E.txt --------- 410926 
 08/13/2010 07:31 PM    C:\Users\WILLSP~1\AppData\Local\Temp\SkypeToolbars.msi --------- 2391040 
 08/13/2010 07:31 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Skype.msi --------- 19846144 
 08/13/2010 06:18 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp564.tmp1 --------- 0 
 08/13/2010 09:05 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp710.tmp2 --------- 0 
 08/12/2010 07:32 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp402.tmp1 --------- 0 
 08/12/2010 07:31 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divBC2D.tmp --------- 0 
 08/12/2010 07:51 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp466.tmp1 --------- 0 
 08/12/2010 07:26 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp818.tmp1 --------- 0 
 08/12/2010 01:57 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp854.tmp1 --------- 0 
 08/11/2010 04:41 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp840.tmp1 --------- 0 
 08/11/2010 01:43 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp588.tmp1 --------- 0 
 08/11/2010 01:43 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div9397.tmp --------- 0 
 08/10/2010 04:39 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp250.tmp1 --------- 0 
 08/10/2010 04:39 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div9146.tmp --------- 0 
 08/10/2010 06:19 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp40.tmp1 --------- 0 
 08/10/2010 06:19 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div9C9C.tmp --------- 0 
 08/10/2010 04:19 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmpCC83.tmp --------- 0 
 08/10/2010 04:16 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp5090.tmp --------- 0 
 08/10/2010 04:16 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp167D.tmp --------- 0 
 08/10/2010 03:04 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp252.tmp1 --------- 0 
 08/10/2010 03:03 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divAB4B.tmp --------- 0 
 08/09/2010 11:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp168.tmp1 --------- 0 
 08/09/2010 11:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div8786.tmp --------- 0 
 08/09/2010 08:46 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp607.tmp1 --------- 0 
 08/09/2010 08:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div89D7.tmp --------- 0 
 08/09/2010 06:51 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp534.tmp1 --------- 0 
 08/09/2010 06:18 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp471.tmp1 --------- 0 
 08/09/2010 06:18 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div8BCA.tmp --------- 0 
 08/09/2010 05:39 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp158.tmp1 --------- 0 
 08/09/2010 05:39 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div8AB1.tmp --------- 0 
 08/09/2010 01:14 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-4 --------- 0 
 08/08/2010 04:30 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp383.tmp1 --------- 0 
 08/08/2010 02:44 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-3 --------- 0 
 08/08/2010 01:11 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp366.tmp1 --------- 0 
 08/06/2010 03:29 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp719.tmp1 --------- 0 
 08/06/2010 02:03 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp290.tmp1 --------- 0 
 08/06/2010 11:57 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp739.tmp1 --------- 0 
 08/05/2010 03:35 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp749.tmp1 --------- 0 
 08/05/2010 02:56 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp847.tmp1 --------- 0 
 08/05/2010 02:55 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divB6EF.tmp --------- 0 
 08/05/2010 12:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp596.tmp1 --------- 0 
 08/05/2010 12:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\History --------- 0 
 08/05/2010 12:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Cookies --------- 0 
 08/05/2010 12:01 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Temporary Internet Files --------- 0 
 08/05/2010 02:47 AM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-2 --------- 0 
 08/05/2010 12:00 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp20.tmp1 --------- 0 
 08/05/2010 12:00 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divFC67.tmp --------- 0 
 08/04/2010 10:19 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp149.tmp1 --------- 0 
 08/04/2010 10:19 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div8F24.tmp --------- 0 
 08/03/2010 08:07 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp256.tmp1 --------- 0 
 08/03/2010 08:07 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div1BF8.tmp --------- 0 
 08/03/2010 05:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp714.tmp1 --------- 0 
 08/03/2010 05:45 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divD077.tmp --------- 0 
 08/03/2010 09:45 AM    C:\Users\WILLSP~1\AppData\Local\Temp\divED4A.tmp --------- 0 
 08/03/2010 09:16 AM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp134.tmp1 --------- 0 
 08/02/2010 08:56 PM    C:\Users\WILLSP~1\AppData\Local\Temp\StructuredQuery.log --------- 828 
 08/02/2010 08:39 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp853.tmp1 --------- 0 
 08/02/2010 08:31 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp676.tmp1 --------- 0 
 08/02/2010 08:19 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp78.tmp1 --------- 0 
 08/02/2010 08:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp331.tmp1 --------- 0 
 08/02/2010 08:11 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp780.tmp1 --------- 0 
 08/02/2010 08:11 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp762.tmp1 --------- 0 
 08/02/2010 08:10 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp390.tmp1 --------- 0 
 08/02/2010 08:09 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp548.tmp1 --------- 0 
 08/02/2010 08:03 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp668.tmp1 --------- 0 
 08/02/2010 07:47 PM    C:\Users\WILLSP~1\AppData\Local\Temp\tmp197.tmp1 --------- 0 
 08/02/2010 07:32 PM    C:\Users\WILLSP~1\AppData\Local\Temp\{48E7E276-0A60-48FB-9C58-BDDCB84AABFF} --------- 0 
 08/02/2010 07:32 PM    C:\Users\WILLSP~1\AppData\Local\Temp\MSI393a.LOG --------- 1711634 
 08/02/2010 07:12 PM    C:\Users\WILLSP~1\AppData\Local\Temp\DMI4BBF.tmp --------- 0 
 08/02/2010 06:40 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div5EB2.tmp --------- 0 
 08/01/2010 07:38 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div588B.tmp --------- 0 
 08/01/2010 04:14 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divDF27.tmp --------- 0 
 08/01/2010 04:09 PM    C:\Users\WILLSP~1\AppData\Local\Temp\div9C.tmp --------- 0 
 08/01/2010 10:18 AM    C:\Users\WILLSP~1\AppData\Local\Temp\div39C4.tmp --------- 0 
 07/31/2010 09:16 PM    C:\Users\WILLSP~1\AppData\Local\Temp\divF8A1.tmp --------- 0 
 07/30/2010 06:31 PM    C:\Users\WILLSP~1\AppData\Local\Temp\DMIAD7F.tmp --------- 0 
 07/29/2010 10:42 PM    C:\Users\WILLSP~1\AppData\Local\Temp\RA.xml --------- 20631 
 07/29/2010 10:42 PM    C:\Users\WILLSP~1\AppData\Local\Temp\RA.dmp --------- 79287 
 07/29/2010 10:42 PM    C:\Users\WILLSP~1\AppData\Local\Temp\RAC5DD.tmp --------- 0 
 07/29/2010 08:20 PM    C:\Users\WILLSP~1\AppData\Local\Temp\data --------- 0 
 07/29/2010 07:46 PM    C:\Users\WILLSP~1\AppData\Local\Temp\isw_acc_80100000 --------- 0 
 07/29/2010 03:30 PM    C:\Users\WILLSP~1\AppData\Local\Temp\uttCA23.tmp.old --------- 0 
 07/29/2010 02:41 PM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp --------- 0 
 07/29/2010 02:41 PM    C:\Users\WILLSP~1\AppData\Local\Temp\ct2613550 --------- 0 
 07/29/2010 02:41 PM    C:\Users\WILLSP~1\AppData\Local\Temp\conduit --------- 0 
 07/29/2010 02:41 PM    C:\Users\WILLSP~1\AppData\Local\Temp\07291052511 --------- 0 
 07/29/2010 02:30 PM    C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-1 --------- 0 
 07/29/2010 04:06 AM    C:\Users\WILLSP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
 06/28/2010 10:09 PM    C:\Users\WILLSP~1\AppData\Local\Temp\zauninst.exe --------- 220160 
 06/28/2010 09:59 PM    C:\Users\WILLSP~1\AppData\Local\Temp\vsinit.dll --------- 228864 
 06/28/2010 09:59 PM    C:\Users\WILLSP~1\AppData\Local\Temp\vsutil.dll --------- 713728 
 06/15/2010 05:50 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Uninstall.exe --------- 1208632 
 06/08/2010 08:20 PM    C:\Users\WILLSP~1\AppData\Local\Temp\Catalyst.bmp --------- 57654 
 03/16/2010 04:11 PM    C:\Users\WILLSP~1\AppData\Local\Temp\ose00000.exe --------- 174440 
----------------------------------------

 
C:\Program Files

 09/06/2010 12:13 AM    C:\Program Files\Windows Media Player --------- 4096 
 09/06/2010 12:13 AM    C:\Program Files\Windows Mail --------- 0 
 09/06/2010 12:13 AM    C:\Program Files\Internet Explorer --------- 4096 
 08/29/2010 04:11 PM    C:\Program Files\Common Files --------- 4096 
 08/29/2010 04:10 PM    C:\Program Files\Microsoft Synchronization Services --------- 0 
 08/29/2010 04:09 PM    C:\Program Files\Microsoft Office --------- 4096 
 08/29/2010 04:09 PM    C:\Program Files\Microsoft Sync Framework --------- 0 
 08/29/2010 04:09 PM    C:\Program Files\Microsoft SQL Server Compact Edition --------- 0 
 08/29/2010 04:06 PM    C:\Program Files\Microsoft Analysis Services --------- 0 
 08/18/2010 12:08 PM    C:\Program Files\WinRAR --------- 4096 
 07/31/2010 08:46 PM    C:\Program Files\DivX --------- 0 
 07/29/2010 04:35 PM    C:\Program Files\ATI Technologies --------- 0 
 07/29/2010 04:33 PM    C:\Program Files\ATI --------- 0 
 07/29/2010 02:28 PM    C:\Program Files\CheckPoint --------- 0 
 07/14/2009 09:47 AM    C:\Program Files\DVD Maker --------- 4096 
 07/14/2009 09:46 AM    C:\Program Files\Windows Journal --------- 0 
 07/14/2009 09:46 AM    C:\Program Files\Microsoft Games --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Windows Sidebar --------- 4096 
 07/14/2009 07:37 AM    C:\Program Files\Windows Photo Viewer --------- 0 
 07/14/2009 07:37 AM    C:\Program Files\Windows Defender --------- 4096 
 07/14/2009 07:32 AM    C:\Program Files\Windows Portable Devices --------- 0 
 07/14/2009 07:32 AM    C:\Program Files\Windows NT --------- 0 
 07/14/2009 07:32 AM    C:\Program Files\Reference Assemblies --------- 0 
 07/14/2009 07:32 AM    C:\Program Files\MSBuild --------- 0 
 07/14/2009 07:09 AM    C:\Program Files\Uninstall Information --------- 0 
 07/14/2009 06:54 AM    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

Will   
AppData   
Will Spliff   
Public   
Default   
All Users   
Default User   
desktop.ini   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------

 

Image Name                    PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                  0        24 K
System                          4 Services                  0      1,024 K
smss.exe                      272 Services                  0      1,092 K
csrss.exe                      356 Services                  0      4,108 K
wininit.exe                    424 Services                  0      4,276 K
csrss.exe                      460 Console                    1      9,884 K
services.exe                  492 Services                  0      8,912 K
lsass.exe                      508 Services                  0    10,864 K
lsm.exe                        516 Services                  0      4,120 K
svchost.exe                    620 Services                  0      9,036 K
winlogon.exe                  696 Console                    1      6,880 K
svchost.exe                    756 Services                  0      7,156 K
atiesrxx.exe                  816 Services                  0      4,132 K
svchost.exe                    892 Services                  0    26,060 K
svchost.exe                    936 Services                  0    95,108 K
svchost.exe                    976 Services                  0    86,520 K
svchost.exe                    464 Services                  0    15,208 K
svchost.exe                  1080 Services                  0    13,508 K
atieclxx.exe                  1140 Console                    1      5,292 K
spoolsv.exe                  1348 Services                  0    11,548 K
sched.exe                    1376 Services                  0      1,520 K
svchost.exe                  1396 Services                  0    14,556 K
avguard.exe                  1544 Services                  0    78,536 K
svchost.exe                  1636 Services                  0      5,276 K
SDWinSec.exe                  1772 Services                  0      8,148 K
avshadow.exe                  1796 Services                  0      3,908 K
conhost.exe                  1816 Services                  0      2,580 K
WUDFHost.exe                  2140 Services                  0      5,808 K
dwm.exe                      2584 Console                    1      4,776 K
taskhost.exe                  2592 Console                    1      5,420 K
explorer.exe                  2604 Console                    1    39,768 K
TeaTimer.exe                  2808 Console                    1    91,148 K
uTorrent.exe                  2820 Console                    1      9,016 K
avgnt.exe                    2900 Console                    1      3,848 K
wmpnetwk.exe                  2008 Services                  0      5,520 K
svchost.exe                  2328 Services                  0    13,400 K
firefox.exe                    764 Console                    1    100,876 K
svchost.exe                  1468 Services                  0    12,712 K
WmiPrvSE.exe                  3036 Services                  0      6,044 K
svchost.exe                  2752 Services                  0    30,888 K
plugin-container.exe          2896 Console                    1    14,008 K
audiodg.exe                  2792 Services                  0    15,360 K
RSIT.exe                      3008 Console                    1    14,488 K
WmiPrvSE.exe                  208 Services                  0    10,632 K
WinRAR.exe                    1624 Console                    1    16,356 K
cmd.exe                        584 Console                    1      3,624 K
conhost.exe                  1252 Console                    1      4,016 K
tasklist.exe                  2452 Console                    1      5,256 K

 
***** Ende des Scans Fri 09/10/2010 um 10:54:39.40 ***

kira 12.09.2010 13:14
also wiederhole mich nochmal:
Zitat:
Zitat von Coverflow (Beitrag 566094)
nein...einen neuen Thread bitte für dein Lapi aufmachen
das heißt, bitte nicht hier! Pro Rechner/Thread ;)

hier geht`s nur damit weiter:-> http://www.trojaner-board.de/90534-m...tml#post566094
und zwar für dein Tower, sonst kommen wir schnell durcheinendar!


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:32 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129