Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.01.2010, 21:58   #1
herbert.e
 
GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!) - Standard

GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)



Hallo,
nachdem SpyBotSD anfing seltsam sich zu verhalten (nach etwa 1/4 des scans wird unter Running bot-check nur noch Virtuemonde.sci angezeigt kein Befund dann) hat meine Tochte SpyHunter von Enigmasoft installiert und laufenlassen. Sie hätte nach einem "komischen Prozess" gegoogelt und dieses Tool gefunden. Das das aber ein übles Fraud Scam ist, hatte ich inzwischen natürlich schnell gegoogelt bei euch.

Da bei euch immer ein GMER scan und HijackThis scan am Anfang steht wie ich sah muss ich berichten (WindowsXP64) GMER gibt ein vollkommen leeres Log aus und zeigt auch nichts an wenn es mit randomisierten Namen geladen wird, und läuft überhaupt nicht wenn es als zip geladen und entpackt wurde. (immer auf Desktop oder USB-Stick geladen)

Komischer Weise jedesmal wenn eine frisch geladene Version von GMER gestartet wird, startet diese erst nachdem Kaspersky 2010 mind. 30 Sekunden daran "rumgefummelt" (pumpendes KAV icon) hat, und das bei einem echt schnellen Rechner. GMER mit euren empfohlenen Einstellungen (ADS an und Showall aus) lässt auch ansonsten nur "Services, Registry, Files" checkboxen zu (andere Grau) und gibt keinerlei Log und sagt "no rootkit found" was ich sehr komisch finde.

Speziell weil: Seit der SpyHunter installation immer wieder vielfältige hidden Ordner zu sehen waren die ich nochnie sah (bin aber kein XP spezie) und es eine Zeitlang immer wieder zu hängern und neustarts kam wenn ich die hidden Ordner untersuchte und danach googelte bin ich nun sehr besorgt.

Die Hänger und neustarts sind wieder komplett verschwunden (Komisch?)
hatte ich auch nie, da bei mir wenig installiert ist eigentlich.

Ach ja eins noch: Ich untersuchte auch das Registry mit RegAnalyser von Spybot und sah viele Einträge (aus der Erinnerung) wie "...Control00002..." und "...Remotecontrol..." und "...smsremote..." als es zu einem Reganalyzer Hänger und danach zum Systemcrash kam. Diese Einträge waren nach dem Neustart komplett verschwunden. Das sollte doch EXTREM bedenklich sein?

Anbei mein HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:04, on 27.01.2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\o2 Verbindungsmanager\CManager.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt***p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htt***p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt***p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htt***p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files (x86)\everestultimate530\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer64\register.exe "FileExts" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer64\register.exe "FileExts" (User 'Default user')
O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: htt***p://runonce.msn.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{18FD48F6-7E37-4C19-B40F-EC7D7D56EFAC}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{18FD48F6-7E37-4C19-B40F-EC7D7D56EFAC}: NameServer = 193.189.244.225 193.189.244.206
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files (x86)\o2 Verbindungsmanager\BRService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7885 bytes

Geändert von herbert.e (27.01.2010 um 22:04 Uhr)

Alt 28.01.2010, 10:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!) - Standard

GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)



Hallo und

Zitat:
Da bei euch immer ein GMER scan und HijackThis scan am Anfang steht
Nein, am Anfang sollten CCleaner, Malwarebytes und RSIT ausgeführt und die Logs der beiden letzteren Programme gepostet werden.

Zitat:
wie ich sah muss ich berichten (WindowsXP64) GMER gibt ein vollkommen leeres Log
GMER ist zur Aufspürung von Rootkits gedacht, die sind aber so in 64-Bit-Versionen von XP und Vista dank der Kernel Patch Protection nicht mehr möglich und dahe ist ein Scan mit GMER in diesen Betriebssystem überflüssig.

Zitat:
und gibt keinerlei Log und sagt "no rootkit found" was ich sehr komisch finde.
Was aber nun mit der Kernel Patch Protection Erklärung einleuchten sollte.

Das Log ist okay, ich würde Dir aber empfehlen auf Kaspersy IS zu verzichten, SecuritySuites sind im allgemeinen üble Systembremsen und führen wenn überhaupt zu einem minimalen Sicherheitsgewinn. Der "Gewinn" an Sicherheit ist in Fachkreisen sogar umstritten, v.a. was die Firewallkomponenten in SecuritySuites angeht.
__________________

__________________

Alt 28.01.2010, 17:08   #3
herbert.e
 
GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!) - Standard

GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)



Malwarebytes scan ist negativ, RSIT gibt error:

Line -1: Error: Variable used without being declared.

Zubeginn des "Listing services and drivers" und bricht ab, gibt aber ein log aus.

Hier die Logs:

Malwarebytes' Anti-Malware 1.44
Database version: 3651
Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

28.01.2010 17:53:13
mbam-log-2010-01-28 (17-53-13).txt

Scan type: Full Scan (C:\|F:\|J:\|)
Objects scanned: 298336
Time elapsed: 25 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****************
RSIT error:
Line -1: Error: Variable used without being declared.
Zu beginn Listing services and drivers
****************

Logfile of random's system information tool 1.06 (written by random/random)
Run by uwe at 2010-01-28 17:54:29
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2
System drive C: has 678 GB (95%) free of 715 GB
Total RAM: 4094 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:37, on 28.01.2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Utilities\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\uwe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files (x86)\everestultimate530\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer64\register.exe "FileExts" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer64\register.exe "FileExts" (User 'Default user')
O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files (x86)\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files (x86)\o2 Verbindungsmanager\BRService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7350 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-18 15360]
"EVEREST AutoStart"=C:\Program Files (x86)\everestultimate530\everest.exe [2009-10-02 2430048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Start 3DxWare.lnk - C:\Program Files (x86)\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2007-02-18 595456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-18 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-18 101888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-18 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS]
C:\WINDOWS\system32\sclgntfy.dll [2007-02-18 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2007-02-18 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
WlNotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\syswow64\SHELL32.dll [2009-02-10 8360960]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\syswow64\SHELL32.dll [2009-02-10 8360960]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2009-03-08 236544]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll [2007-02-18 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll [2009-12-18 1033216]
Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll [2009-12-18 1033216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2009-02-10 8360960]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"system"=lsass.exe []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SRService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\Opera\opera.exe"="C:\Program Files (x86)\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-28 17:54:29 ----D---- C:\rsit
2010-01-28 17:19:21 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-01-27 22:01:14 ----SHD---- C:\Config.Msi
2010-01-27 19:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-01-27 17:39:23 ----D---- C:\Program Files (x86)\OCCTPT
2010-01-27 01:48:26 ----A---- C:\WINDOWS\system32\everest_cpl.ini
2010-01-26 22:39:19 ----D---- C:\Utilities
2010-01-26 21:10:23 ----D---- C:\Documents and Settings\uwe\Application Data\Yahoo!
2010-01-26 16:59:19 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-26 16:59:16 ----D---- C:\Program Files (x86)\MSBuild
2010-01-26 16:59:08 ----D---- C:\Program Files (x86)\Reference Assemblies
2010-01-26 16:54:35 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-01-26 15:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM10Lx64$
2010-01-26 15:00:34 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-01-26 15:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM10Lx64$
2010-01-26 15:00:19 ----D---- C:\Program Files (x86)\MSXML 6.0
2010-01-26 14:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-26 14:44:12 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-01-26 14:44:12 ----D---- C:\Program Files (x86)\Adobe
2010-01-26 14:41:41 ----D---- C:\Documents and Settings\uwe\Application Data\Macromedia
2010-01-26 14:41:41 ----D---- C:\Documents and Settings\uwe\Application Data\Adobe
2010-01-26 14:38:31 ----D---- C:\Program Files (x86)\SpeedFan
2010-01-26 04:42:46 ----D---- C:\Documents and Settings\uwe\Application Data\3Dconnexion
2010-01-26 04:41:11 ----D---- C:\Program Files (x86)\3Dconnexion
2010-01-26 03:57:12 ----D---- C:\Documents and Settings\uwe\Application Data\FileZilla
2010-01-26 03:57:05 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2010-01-26 03:27:02 ----D---- C:\Documents and Settings\uwe\Application Data\Opera
2010-01-26 03:26:57 ----D---- C:\Program Files (x86)\Opera
2010-01-26 01:51:45 ----D---- C:\Documents and Settings\uwe\Application Data\Thunderbird
2010-01-26 01:51:45 ----D---- C:\Documents and Settings\uwe\Application Data\Mozilla
2010-01-26 01:45:01 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2010-01-26 00:28:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-25 22:30:51 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-25 22:30:46 ----A---- C:\rapport.txt
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\swxcacls.exe
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\swsc.exe
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\swreg.exe
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\Process.exe
2010-01-25 22:30:29 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-01-25 21:10:28 ----D---- C:\Program Files (x86)\MagicISO
2010-01-25 20:38:21 ----D---- C:\Program Files (x86)\UltraISO
2010-01-25 20:38:21 ----D---- C:\Program Files (x86)\Common Files\EZB Systems
2010-01-25 19:54:31 ----D---- C:\Program Files (x86)\Nero
2010-01-25 19:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-01-25 19:54:23 ----D---- C:\Program Files (x86)\Common Files\Nero
2010-01-25 19:18:06 ----D---- C:\Program Files (x86)\Trend Micro
2010-01-25 19:05:28 ----D---- C:\Program Files (x86)\Windows Cannot Find Fix Wizard
2010-01-25 19:05:28 ----A---- C:\WINDOWS\eSellerateEngine.dll
2010-01-25 19:05:28 ----A---- C:\WINDOWS\eSellerateControl350.dll
2010-01-25 17:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941569_FSDK64$
2010-01-25 16:17:55 ----D---- C:\Documents and Settings\uwe\Application Data\Ansys
2010-01-25 16:17:51 ----D---- C:\Documents and Settings\uwe\Application Data\Autodesk
2010-01-25 15:52:08 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-01-25 15:50:51 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2010-01-25 15:50:07 ----D---- C:\Program Files (x86)\Common Files\Autodesk
2010-01-25 15:42:19 ----D---- C:\Program Files (x86)\AOEMView 2008
2010-01-25 15:42:19 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2010-01-25 15:42:05 ----D---- C:\Program Files (x86)\Microsoft WSE
2010-01-25 15:41:49 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist64$
2010-01-25 15:41:08 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared
2010-01-25 15:41:08 ----D---- C:\Program Files (x86)\Autodesk
2010-01-25 15:40:43 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-01-25 15:40:42 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-01-25 15:40:40 ----A---- C:\WINDOWS\system32\RGB9Rast_1.dll
2010-01-25 15:40:27 ----D---- C:\Program Files (x86)\Common Files\Designer
2010-01-25 15:40:19 ----D---- C:\Program Files (x86)\Microsoft Office
2010-01-25 15:31:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-25 14:58:41 ----D---- C:\Drive_Images
2010-01-25 14:54:15 ----RSD---- C:\WINDOWS\assembly
2010-01-25 14:53:18 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-25 14:45:06 ----D---- C:\Program Files (x86)\MagicDisc
2010-01-25 14:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2010-01-25 14:29:25 ----D---- C:\Program Files (x86)\CCleaner
2010-01-25 14:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-25 14:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-24 10:43:36 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-01-24 09:59:21 ----D---- C:\Program Files (x86)\ASUS
2010-01-24 08:34:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-24 08:34:25 ----D---- C:\Program Files (x86)\AC3D 6.5.28
2010-01-24 08:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2010-01-24 08:13:26 ----D---- C:\WINDOWS\system32\AGEIA
2010-01-24 08:13:26 ----D---- C:\Program Files (x86)\AGEIA Technologies
2010-01-24 08:13:18 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-01-24 08:13:08 ----D---- C:\WINDOWS\nview
2010-01-24 07:45:01 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-01-24 07:45:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-24 07:35:19 ----D---- C:\Program Files (x86)\Safer Networking
2010-01-24 07:28:48 ----D---- C:\NVIDIA
2010-01-24 06:11:03 ----A---- C:\WINDOWS\system32\wininet.dll
2010-01-24 06:11:03 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-01-24 06:10:28 ----D---- C:\WINDOWS\ie8updates
2010-01-24 06:09:56 ----D---- C:\WINDOWS\WBEM
2010-01-24 06:08:18 ----HDC---- C:\WINDOWS\ie8
2010-01-24 06:08:17 ----D---- C:\WINDOWS\system32\en-US
2010-01-24 05:44:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-01-24 05:10:12 ----D---- C:\Documents and Settings\uwe\Application Data\Malwarebytes
2010-01-24 05:04:39 ----D---- C:\Documents and Settings\uwe\Application Data\Apple Computer
2010-01-24 05:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-24 05:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-01-24 05:00:22 ----D---- C:\WINDOWS\ServicePackFiles
2010-01-24 05:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958469$
2010-01-24 05:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-24 05:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2010-01-24 04:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-24 04:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540$
2010-01-24 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-24 04:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-24 04:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-24 04:41:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-24 04:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-01-24 04:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-01-24 04:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-24 04:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-24 04:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-01-24 04:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-24 04:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-24 04:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-24 04:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB924667-v2$
2010-01-24 04:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-01-24 04:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-01-24 04:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2010-01-24 04:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-24 04:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-24 04:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-24 04:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-01-24 04:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-24 04:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-01-24 04:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-01-24 04:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2010-01-24 04:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-01-24 04:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-24 04:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-24 04:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2010-01-24 04:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-24 04:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-24 04:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-24 04:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-01-24 04:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2010-01-24 04:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954155$
2010-01-24 04:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069$
2010-01-24 04:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-24 04:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-24 04:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-24 04:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2010-01-24 04:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-01-24 04:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-01-24 04:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-01-24 04:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-01-24 04:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968816$
2010-01-24 04:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2010-01-24 04:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-01-24 04:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-01-24 04:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-01-24 04:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-01-24 04:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-24 04:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-01-24 04:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-01-24 04:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-24 04:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-01-24 03:56:49 ----D---- C:\Program Files (x86)\everestultimate530
2010-01-24 03:20:15 ----SD---- C:\WINDOWS\system32\config
2010-01-24 03:17:52 ----D---- C:\Program Files (x86)\Kaspersky Lab
2010-01-24 03:17:52 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-01-24 03:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-24 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-24 03:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-24 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2010-01-24 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-01-24 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-24 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-01-24 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-24 03:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-01-24 03:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-24 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2010-01-24 03:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-01-24 03:00:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-24 02:54:10 ----SHD---- C:\RECYCLER
2010-01-24 02:49:16 ----D---- C:\Program Files (x86)\Safari
2010-01-24 02:49:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-01-24 02:49:09 ----D---- C:\Program Files (x86)\Common Files\Apple
2010-01-24 02:49:04 ----D---- C:\Program Files (x86)\Apple Software Update
2010-01-24 02:49:04 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-01-24 02:25:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-01-24 02:25:17 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-01-24 02:25:16 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-01-24 02:23:10 ----D---- C:\Program Files (x86)\Common Files\ODBC
2010-01-24 02:23:09 ----SHD---- C:\WINDOWS\Installer
2010-01-24 02:23:08 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-24 02:23:06 ----D---- C:\Program Files (x86)\Common Files\SpeechEngines
2010-01-24 02:23:06 ----D---- C:\Program Files (x86)\Common Files\Microsoft Shared
2010-01-24 02:23:04 ----RD---- C:\Program Files (x86)
2010-01-24 02:23:04 ----RD---- C:\Program Files
2010-01-24 02:23:04 ----D---- C:\Program Files (x86)\Common Files
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdycc.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbduzb.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdur.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdtuq.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdtuf.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdtat.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdru1.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdru.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdmon.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdkyr.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdkaz.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdhept.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdhela3.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdhela2.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdhe319.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdhe220.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdhe.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdgkl.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdbu.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdblr.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdazel.dll
2010-01-24 02:23:03 ----A---- C:\WINDOWS\system32\kbdaze.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdlv1.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdlv.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdlt1.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdlt.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdest.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdcz2.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdcz1.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdcz.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-01-24 02:23:02 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-01-24 02:22:53 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-01-24 02:22:51 ----A---- C:\WINDOWS\system.ini
2010-01-24 02:22:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-01-24 02:20:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-24 02:20:45 ----SHD---- C:\System Volume Information
2010-01-24 02:20:45 ----D---- C:\Documents and Settings
2010-01-24 02:18:42 ----SH---- C:\boot.ini
2010-01-24 02:13:48 ----A---- C:\WINDOWS\ModemLog_BandLuxe 3.5G HSDPA Modem.txt
2010-01-24 02:10:09 ----RSD---- C:\WINDOWS\Fonts
2010-01-24 02:10:09 ----RD---- C:\WINDOWS\Web
2010-01-24 02:10:09 ----HD---- C:\WINDOWS\inf
2010-01-24 02:10:09 ----D---- C:\WINDOWS\WinSxS
2010-01-24 02:10:09 ----D---- C:\WINDOWS\twain_32
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Temp
2010-01-24 02:10:09 ----D---- C:\WINDOWS\SysWOW64
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\wbem
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\usmt
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\mui
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\InstallShield
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\ias
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\export
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\en
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\Drivers
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\3076
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\2052
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1054
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1042
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1041
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1037
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1033
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1031
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1028
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32\1025
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system32
2010-01-24 02:10:09 ----D---- C:\WINDOWS\system
2010-01-24 02:10:09 ----D---- C:\WINDOWS\srchasst
2010-01-24 02:10:09 ----D---- C:\WINDOWS\security
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Resources
2010-01-24 02:10:09 ----D---- C:\WINDOWS\repair
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Provisioning
2010-01-24 02:10:09 ----D---- C:\WINDOWS\mui
2010-01-24 02:10:09 ----D---- C:\WINDOWS\msapps
2010-01-24 02:10:09 ----D---- C:\WINDOWS\msagent64
2010-01-24 02:10:09 ----D---- C:\WINDOWS\msagent
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Media
2010-01-24 02:10:09 ----D---- C:\WINDOWS\java
2010-01-24 02:10:09 ----D---- C:\WINDOWS\ime (x86)
2010-01-24 02:10:09 ----D---- C:\WINDOWS\ime
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Help
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Driver Cache
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Debug
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Cursors
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Connection Wizard
2010-01-24 02:10:09 ----D---- C:\WINDOWS\Config
2010-01-24 02:10:09 ----D---- C:\WINDOWS\AppPatch
2010-01-24 02:10:09 ----D---- C:\WINDOWS\ADFS
2010-01-24 02:10:09 ----D---- C:\WINDOWS\addins
2010-01-24 02:10:09 ----D---- C:\WINDOWS\ADAM
2010-01-24 02:10:09 ----D---- C:\WINDOWS
2010-01-24 02:01:36 ----D---- C:\Documents and Settings\uwe\Application Data\Identities
2010-01-24 02:01:25 ----SD---- C:\Documents and Settings\uwe\Application Data\Microsoft
2010-01-24 02:01:25 ----ASH---- C:\Documents and Settings\uwe\Application Data\desktop.ini
2010-01-24 01:50:55 ----D---- C:\Program Files (x86)\o2 Verbindungsmanager
2010-01-24 01:46:20 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-24 01:46:17 ----D---- C:\WINDOWS\Prefetch
2010-01-24 01:42:57 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-24 01:42:57 ----D---- C:\WINDOWS\system32\ime
2010-01-24 01:42:57 ----D---- C:\Program Files (x86)\system
2010-01-24 01:42:57 ----D---- C:\Program Files (x86)\speechengines
2010-01-24 01:42:57 ----D---- C:\Program Files (x86)\microsoft shared
2010-01-24 01:42:35 ----A---- C:\WINDOWS\control.ini
2010-01-24 01:42:23 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-01-24 01:41:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-24 01:41:56 ----HD---- C:\Program Files (x86)\Uninstall Information
2010-01-24 01:41:24 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-01-24 01:41:24 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-01-24 01:41:24 ----A---- C:\WINDOWS\system32\msconf.dll
2010-01-24 01:41:24 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-01-24 01:41:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-01-24 01:41:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-01-24 01:41:24 ----A---- C:\WINDOWS\system32\ils.dll
2010-01-24 01:41:23 ----D---- C:\Program Files (x86)\NetMeeting
2010-01-24 01:41:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-24 01:41:21 ----RD---- C:\WINDOWS\Offline Web Pages
2010-01-24 01:41:17 ----A---- C:\WINDOWS\system32\eula.txt
2010-01-24 01:41:09 ----A---- C:\WINDOWS\win.ini
2010-01-24 01:41:01 ----D---- C:\WINDOWS\system32\Macromed
2010-01-24 01:41:00 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-01-24 01:41:00 ----A---- C:\WINDOWS\system32\wups2.dll
2010-01-24 01:40:58 ----D---- C:\Program Files (x86)\Movie Maker
2010-01-24 01:40:53 ----SH---- C:\Program Files (x86)\desktop.ini
2010-01-24 01:40:53 ----A---- C:\WINDOWS\desktop.ini
2010-01-24 01:40:48 ----D---- C:\Program Files (x86)\Windows Media Player[Strings]
2010-01-24 01:40:48 ----D---- C:\Program Files (x86)\Common Files\Services
2010-01-24 01:40:48 ----A---- C:\WINDOWS\system32\acctres.dll
2010-01-24 01:40:47 ----A---- C:\WINDOWS\system32\inetres.dll
2010-01-24 01:40:43 ----SD---- C:\WINDOWS\Tasks
2010-01-24 01:40:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-01-24 01:40:43 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-01-24 01:40:43 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-01-24 01:40:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-01-24 01:40:42 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-01-24 01:40:35 ----A---- C:\WINDOWS\system32\wups.dll
2010-01-24 01:40:35 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-01-24 01:40:35 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-01-24 01:40:34 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-01-24 01:40:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-01-24 01:40:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-01-24 01:40:31 ----D---- C:\WINDOWS\PCHealth
2010-01-24 01:40:31 ----A---- C:\WINDOWS\system32\srclient.dll
2010-01-24 01:40:30 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-01-24 01:40:30 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-01-24 01:40:29 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-01-24 01:40:28 ----D---- C:\Program Files (x86)\Outlook Express
2010-01-24 01:40:27 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-01-24 01:40:27 ----A---- C:\WINDOWS\system32\mstask.dll
2010-01-24 01:40:26 ----A---- C:\WINDOWS\system32\isign32.dll
2010-01-24 01:40:24 ----D---- C:\Program Files (x86)\Common Files\System
2010-01-24 01:40:22 ----D---- C:\Program Files (x86)\Internet Explorer
2010-01-24 01:40:00 ----A---- C:\WINDOWS\vbaddin.ini
2010-01-24 01:40:00 ----A---- C:\WINDOWS\vb.ini
2010-01-24 01:39:58 ----D---- C:\WINDOWS\Registration
2010-01-24 01:39:43 ----D---- C:\Program Files (x86)\Windows Media Player
2010-01-24 01:39:37 ----D---- C:\Program Files (x86)\MSN Gaming Zone
2010-01-24 01:39:37 ----A---- C:\WINDOWS\system32\write.exe
2010-01-24 01:39:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-01-24 01:39:29 ----A---- C:\WINDOWS\system32\winchat.exe
2010-01-24 01:39:28 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-01-24 01:39:22 ----A---- C:\WINDOWS\system32\getuname.dll
2010-01-24 01:39:22 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-01-24 01:39:21 ----A---- C:\WINDOWS\system32\charmap.exe
2010-01-24 01:39:20 ----A---- C:\WINDOWS\system32\spider.exe
2010-01-24 01:39:20 ----A---- C:\WINDOWS\system32\calc.exe
2010-01-24 01:39:19 ----A---- C:\WINDOWS\system32\winmine.exe
2010-01-24 01:39:19 ----A---- C:\WINDOWS\system32\sol.exe
2010-01-24 01:39:19 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-01-24 01:39:18 ----A---- C:\WINDOWS\system32\freecell.exe
2010-01-24 01:39:11 ----D---- C:\Program Files (x86)\MSN
2010-01-24 01:39:10 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-01-24 01:39:10 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-01-24 01:39:10 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-01-24 01:39:09 ----D---- C:\WINDOWS\system32\Com
2010-01-24 01:39:09 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-01-24 01:39:09 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-01-24 01:39:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-01-24 01:39:02 ----D---- C:\Program Files (x86)\Windows NT
2010-01-24 01:39:00 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-01-24 01:38:59 ----A---- C:\WINDOWS\system32\stclient.dll
2010-01-24 01:38:59 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-01-24 01:38:59 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-01-24 01:38:59 ----A---- C:\WINDOWS\system32\comuid.dll
2010-01-24 01:38:59 ----A---- C:\WINDOWS\system32\comadmin.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\colbact.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-01-24 01:38:58 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-01-24 01:38:56 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-01-24 01:38:56 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-01-24 01:38:56 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-01-24 01:38:55 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-01-24 01:38:54 ----A---- C:\WINDOWS\system32\servdeps.dll

======List of files/folders modified in the last 1 months======
__________________

Alt 28.01.2010, 18:07   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!) - Standard

GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)



Ich vergaß zu schreiben, dass RSIT auf Win7 und 64-Bit-Windows-Versionen seine Probleme hat...

Besser ist da OTL. Aber erstmal würde mich interessieren, ob Du überhaupt noch Auswirkungen vom Spyhunter hast bzw. ob überhaupt noch was angezeigt wird bzgl. Warnmeldungen vom Virenscanner!
__________________
Logs bitte immer in CODE-Tags posten

Antwort

Themen zu GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)
adobe, anfang, bho, c:\windows\system32\services.exe, computer, desktop, einstellungen, enigma, explorer, fraud, google, gupdate, helper, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, installation, internet, internet explorer, internet security, kaspersky, performance, policyagent, prozess, registry, rootkit, security, sekunden, server, services.exe, software, syswow64, tastatur, wmi



Ähnliche Themen: GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)


  1. Windows 7: Lüfter läuft ungewöhnlich oft + GMER funktioniert nicht
    Log-Analyse und Auswertung - 09.04.2015 (18)
  2. Enigma Software entfernen
    Log-Analyse und Auswertung - 31.01.2015 (23)
  3. Spyhunter Software Enigma Software infiziert
    Log-Analyse und Auswertung - 01.05.2014 (5)
  4. Netbook wird immer langsamer. Gmer läuft nicht.
    Plagegeister aller Art und deren Bekämpfung - 18.04.2014 (20)
  5. Nach Download, Firefox geht nicht mehr, Explorer läuft nicht richtig
    Log-Analyse und Auswertung - 27.03.2014 (11)
  6. PC läuft nicht mehr richtig, Programme werden nicht gestartet &&
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (12)
  7. Mozilla läuft nicht richtig
    Plagegeister aller Art und deren Bekämpfung - 07.02.2014 (18)
  8. Spyhunter 4-Nach Deinstallation Meldung im Dos-Stil:Enigma
    Log-Analyse und Auswertung - 10.01.2014 (13)
  9. Optimizer Pro unter Windows 7: Laptop läuft nicht mehr richtig
    Log-Analyse und Auswertung - 12.11.2013 (18)
  10. Mein Pc läuft nicht mehr richtig.
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (0)
  11. Rechner läuft nicht mehr richtig! - Desktop hängt
    Log-Analyse und Auswertung - 28.08.2010 (1)
  12. GMER zeigt Rootkit, Laptop läuft ohne Programme auf 100%, nicht auszuschalten ...
    Log-Analyse und Auswertung - 23.12.2009 (27)
  13. Pc läuft nicht mehr richtig sowie das internet
    Alles rund um Windows - 23.08.2009 (10)
  14. gmer läuft nicht mehr durch - rootkit eingefangen?
    Log-Analyse und Auswertung - 06.05.2009 (1)
  15. Rechner läuft nicht richtig stürtzt ab-.-
    Log-Analyse und Auswertung - 16.03.2009 (5)
  16. ICQ läuft nicht richtig auf Windows XP Home Edition-Was kann ich tun ?
    Alles rund um Windows - 05.05.2008 (10)
  17. Windows xp läuft nicht richtig!!!!
    Alles rund um Windows - 04.01.2005 (4)

Zum Thema GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!) - Hallo, nachdem SpyBotSD anfing seltsam sich zu verhalten (nach etwa 1/4 des scans wird unter Running bot-check nur noch Virtuemonde.sci angezeigt kein Befund dann) hat meine Tochte SpyHunter von Enigmasoft - GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!)...
Archiv
Du betrachtest: GMER läuft nicht richtig (xp64), SpyHunter von Enigma Software (fraud!) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.