Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg..

50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg..


Log-Analyse und Auswertung: 50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg..

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.12.2009, 14:31   #1
Big Brain
 
50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg.. - Ausrufezeichen

50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg..


Guten Tag zusammen....

wie in der überschrift steht hatte ich über 50 mal den "TR/Click.AdClicer.c"
und habe ihn mit meine Avira AntiVir entfern...jedoch können manche Programme, Setups und Spiele nicht mehr auf bestimmt Registy schlüssel und Ordner zugreiffen

einmal wurden meine ganzen autostart Programme(AntiVir,Firewall etc.) sogar ganz entfernt

z.b will Skype auch nicht starten bzw. kann es weder neu Installieren noch deinstallieren..

Beim Rootkit Tool GMER kommt folgende meldung:

C:\Windows\system32\config\system: Das system kann angegebene Datei nicht finden.

Computer Daten:

Windows Vista Home Premium 64Bit(alle Updates drin)
Standart Browser ist Firefox (Aktuelle)
AntiVir: Avira AntiVir Free
Firewall : ZoneAlarm Pro 2010
Spyware/Adaware: Windows Defender & Spybot S&D
ThreadFire als "beobachter"^^
Als Admin angemeldet.

Habe mit Avira mal kompletten Scann gemacht aber nicht gefunden....aber irgenwas stimmt immernoch nicht....PC ist auch langsamer geworden...

könnte jemand vlt. das Logfile überprüfen?

HijackThis Logfile:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:42, on 06.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Windows\CNYHKey.exe
C:\Windows\ModLEDKey.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlinkLinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe"
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MoLed] ModLEDKey.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{09120B94-6A41-4E09-B262-3DD3E23152BB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{09120B94-6A41-4E09-B262-3DD3E23152BB}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Game Jackal service (GameJackalService) - Unknown owner - C:\Program Files (x86)\SlySoft\Game Jackal\Game Jackal\GJService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files (x86)\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14480 bytes
Und hier RSIT:

Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by Akmal at 2009-12-06 14:38:49
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 210 GB (41%) free of 513 GB
Total RAM: 4093 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:16, on 06.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Windows\CNYHKey.exe
C:\Windows\ModLEDKey.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\CryptLoad\CryptLoad.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\xxx\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\xxx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe"
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MoLed] ModLEDKey.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{09120B94-6A41-4E09-B262-3DD3E23152BB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{09120B94-6A41-4E09-B262-3DD3E23152BB}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Game Jackal service (GameJackalService) - Unknown owner - C:\Program Files (x86)\SlySoft\Game Jackal\Game Jackal\GJService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files (x86)\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14508 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files (x86)\IEPro\iepro.dll [2009-09-02 777392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll [2009-02-13 150032]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"ThreatFire"=C:\Program Files (x86)\ThreatFire\TFTray.exe [2009-11-23 378128]
"ledpointer"=C:\Windows\CNYHKey.exe [2006-11-09 5585408]
"MoLed"=C:\Windows\ModLEDKey.exe [2006-11-09 53248]
"ZoneAlarm Client"=C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [2009-10-17 1037192]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"YouCam Mirror Tray icon"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2009-06-11 162912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1555968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\IEPro\MiniDM.exe"="C:\Program Files (x86)\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files (x86)\Combat Arms EU\CombatArms.exe"="C:\Program Files (x86)\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files (x86)\Combat Arms EU\Engine.exe"="C:\Program Files (x86)\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11e3378f-d51e-11de-ad72-002243723cf9}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9297beee-b7e7-11de-8101-002243723cf9}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-06 13:40:55 ----D---- C:\rsit
2009-12-06 13:15:51 ----D---- C:\Program Files (x86)\Trend Micro
2009-12-06 13:09:07 ----D---- C:\Program Files (x86)\Skype
2009-12-05 23:55:11 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-12-05 23:38:50 ----A---- C:\Windows\game.ini
2009-12-05 22:51:53 ----D---- C:\Program Files (x86)\Activision
2009-12-05 22:46:03 ----A---- C:\Program Files (x86)\fff-ea201.exe
2009-12-05 22:45:55 ----SHD---- C:\Windows\ftpcache
2009-12-05 13:51:16 ----D---- C:\Program Files (x86)\3D-Fahrschule
2009-12-05 11:52:30 ----D---- C:\Program Files (x86)\IDM Computer Solutions
2009-12-04 20:54:53 ----D---- C:\Program Files (x86)\Westwood Chat
2009-12-04 16:22:18 ----A---- C:\Windows\ntbtlog.txt
2009-12-03 22:49:48 ----D---- C:\Program Files (x86)\Resource Hacker
2009-12-02 22:27:07 ----D---- C:\Windows\Sun
2009-12-02 22:02:29 ----D---- C:\Program Files (x86)\Elaborate Bytes
2009-12-02 20:38:48 ----D---- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2009-12-02 19:09:33 ----D---- C:\Program Files (x86)\JDownloader
2009-12-02 18:06:30 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-12-02 18:06:30 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-12-02 18:06:28 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-12-02 18:00:15 ----D---- C:\Program Files (x86)\Codemasters
2009-11-29 18:48:45 ----D---- C:\Program Files (x86)\Alien Trilogy
2009-11-29 11:31:05 ----D---- C:\Program Files (x86)\WinPcap
2009-11-29 10:33:15 ----A---- C:\Windows\system32\NPSExec.exe
2009-11-29 10:33:15 ----A---- C:\Windows\system32\MSVCP50.DLL
2009-11-29 10:31:46 ----A---- C:\Windows\IsUninst.exe
2009-11-27 19:41:35 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-11-27 19:41:34 ----D---- C:\Program Files (x86)\Steam
2009-11-26 19:12:25 ----D---- C:\Program Files (x86)\Disk_1_unpacked
2009-11-25 17:30:18 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 17:29:45 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 17:29:45 ----A---- C:\Windows\system32\msxml3.dll
2009-11-24 20:55:37 ----D---- C:\Program Files (x86)\oZone3D
2009-11-24 19:11:51 ----A---- C:\Windows\system32\bassmod.dll
2009-11-23 07:26:02 ----D---- C:\Windows\Minidump
2009-11-22 17:22:26 ----A---- C:\Windows\system32\XAudio2_5.dll
2009-11-22 17:22:25 ----A---- C:\Windows\system32\xactengine3_5.dll
2009-11-22 17:22:22 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2009-11-22 17:22:19 ----A---- C:\Windows\system32\d3dcsx_42.dll
2009-11-22 17:22:17 ----A---- C:\Windows\system32\d3dx11_42.dll
2009-11-22 17:22:16 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-11-22 17:22:14 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-11-22 17:22:11 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-22 17:22:11 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-22 17:22:08 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-22 17:22:07 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-22 17:22:07 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-22 17:22:06 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-22 17:22:05 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-22 17:22:02 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-22 17:22:02 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-22 17:22:00 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-22 17:21:58 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-11-22 17:21:58 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-11-22 17:21:57 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-11-22 17:21:56 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-11-22 17:21:54 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-22 17:21:54 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-22 17:21:51 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-22 17:21:42 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-11-22 17:21:42 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-11-22 17:21:40 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-11-22 17:21:39 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-11-22 10:10:00 ----D---- C:\Program Files (x86)\AutoHotkey
2009-11-21 15:17:07 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-11-21 15:17:07 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-11-21 15:17:06 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-11-21 13:40:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-11-21 13:40:49 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-11-21 13:40:49 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-11-21 13:40:47 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-11-21 13:40:47 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-11-21 13:40:46 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-11-21 13:40:45 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-11-21 13:40:43 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-11-21 13:40:43 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-11-21 13:40:41 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-11-21 13:40:40 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-11-21 13:40:39 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-11-21 13:40:39 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-11-21 13:40:33 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-11-21 13:40:32 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-11-21 13:40:32 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-11-21 13:40:30 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-11-21 13:40:30 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-11-21 13:40:27 ----A---- C:\Windows\system32\xinput1_3.dll
2009-11-21 13:40:27 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-11-21 13:40:26 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-11-21 13:40:25 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-11-21 13:40:25 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-11-21 13:40:23 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-11-21 13:40:22 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-11-21 13:40:21 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-11-21 13:40:20 ----A---- C:\Windows\system32\d3dx10.dll
2009-11-21 13:40:18 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-11-21 13:40:17 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-11-21 13:40:17 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-11-21 13:40:16 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-11-21 13:40:16 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-11-21 13:40:15 ----A---- C:\Windows\system32\xinput1_2.dll
2009-11-21 13:40:14 ----A---- C:\Windows\system32\xinput1_1.dll
2009-11-21 13:40:14 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-11-21 13:40:13 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-11-21 13:40:05 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-11-21 13:40:04 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-11-21 13:40:04 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-11-21 13:40:03 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-11-21 13:40:02 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-11-21 13:40:01 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-21 13:40:00 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-11-21 13:39:57 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-11-20 16:55:15 ----A---- C:\Windows\system32\wksprtPS.dll
2009-11-20 16:55:15 ----A---- C:\Windows\system32\tsgqec.dll
2009-11-20 16:55:15 ----A---- C:\Windows\system32\mstscax.dll
2009-11-20 16:55:15 ----A---- C:\Windows\system32\mstsc.exe
2009-11-20 16:55:15 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2009-11-20 16:55:15 ----A---- C:\Windows\system32\aaclient.dll
2009-11-20 16:51:51 ----A---- C:\Windows\system32\winrsmgr.dll
2009-11-20 16:51:49 ----A---- C:\Windows\system32\wsmplpxy.dll
2009-11-20 16:51:49 ----A---- C:\Windows\system32\winrssrv.dll
2009-11-20 16:51:46 ----A---- C:\Windows\system32\pwrshplugin.dll
2009-11-20 16:51:41 ----A---- C:\Windows\system32\WsmRes.dll
2009-11-20 16:51:41 ----A---- C:\Windows\system32\wsmprovhost.exe
2009-11-20 16:51:41 ----A---- C:\Windows\system32\winrshost.exe
2009-11-20 16:51:41 ----A---- C:\Windows\system32\winrs.exe
2009-11-20 16:51:41 ----A---- C:\Windows\system32\wevtfwd.dll
2009-11-20 16:51:41 ----A---- C:\Windows\system32\wecutil.exe
2009-11-20 16:51:41 ----A---- C:\Windows\system32\wecapi.dll
2009-11-20 16:51:39 ----A---- C:\Windows\system32\winrm.vbs
2009-11-20 16:51:38 ----A---- C:\Windows\system32\WsmWmiPl.dll
2009-11-20 16:51:38 ----A---- C:\Windows\system32\WsmSvc.dll
2009-11-20 16:51:38 ----A---- C:\Windows\system32\WsmAuto.dll
2009-11-20 16:51:38 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2009-11-20 16:51:38 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2009-11-20 16:51:38 ----A---- C:\Windows\system32\winrscmd.dll
2009-11-20 16:49:47 ----A---- C:\Windows\system32\slcinst.dll
2009-11-20 16:48:06 ----A---- C:\Windows\system32\bitsperf.dll
2009-11-20 16:48:05 ----A---- C:\Windows\system32\qmgrprxy.dll
2009-11-20 16:48:05 ----A---- C:\Windows\system32\bitsprx6.dll
2009-11-20 16:48:05 ----A---- C:\Windows\system32\bitsprx5.dll
2009-11-20 16:48:05 ----A---- C:\Windows\system32\bitsprx4.dll
2009-11-20 16:48:05 ----A---- C:\Windows\system32\bitsprx3.dll
2009-11-20 16:48:05 ----A---- C:\Windows\system32\bitsprx2.dll
2009-11-19 20:59:24 ----D---- C:\Program Files (x86)\Electronic Arts
2009-11-18 17:19:39 ----D---- C:\Windows\system32\URTTEMP
2009-11-17 20:20:12 ----D---- C:\Windows\San Andreas Mod Installer
2009-11-17 20:20:12 ----D---- C:\Program Files (x86)\San Andreas Mod Installer
2009-11-16 15:36:19 ----D---- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2009-11-16 15:36:04 ----D---- C:\Program Files (x86)\MSXML 4.0
2009-11-15 22:14:00 ----D---- C:\Program Files (x86)\Corel
2009-11-15 22:14:00 ----D---- C:\Program Files (x86)\Common Files\Corel
2009-11-15 19:41:46 ----A---- C:\Windows\system32\xvidvfw.dll
2009-11-15 19:41:46 ----A---- C:\Windows\system32\xvidcore.dll
2009-11-15 19:41:46 ----A---- C:\Windows\system32\mpg4c32.dll
2009-11-15 19:41:46 ----A---- C:\Windows\system32\mcdvd_32.dll
2009-11-11 06:39:39 ----SHD---- C:\Windows\system32\%APPDATA%
2009-11-11 06:36:41 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-08 13:56:37 ----A---- C:\Windows\system32\uxtuneup.dll
2009-11-08 13:56:35 ----A---- C:\Windows\system32\authuitu.dll
2009-11-08 13:56:03 ----D---- C:\Program Files (x86)\TuneUp Utilities 2009
2009-11-07 18:21:13 ----N---- C:\Windows\Setup1.exe
2009-11-07 18:21:04 ----A---- C:\Windows\ST6UNST.EXE
2009-11-07 12:19:48 ----D---- C:\Program Files (x86)\Acronis
2009-11-07 12:19:46 ----D---- C:\Program Files (x86)\Common Files\Acronis

======List of files/folders modified in the last 1 months======

2009-12-06 14:39:05 ----D---- C:\Windows\Temp
2009-12-06 14:30:43 ----D---- C:\Windows\Prefetch
2009-12-06 13:49:28 ----SHD---- C:\Windows\Installer
2009-12-06 13:49:27 ----SHD---- C:\Config.Msi
2009-12-06 13:48:56 ----D---- C:\Windows\Internet Logs
2009-12-06 13:47:51 ----D---- C:\Program Files (x86)\SSS
2009-12-06 13:15:51 ----RD---- C:\Program Files (x86)
2009-12-06 12:34:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-12-06 08:46:47 ----D---- C:\Windows\System32
2009-12-06 08:46:46 ----D---- C:\Windows\inf
2009-12-05 23:55:19 ----D---- C:\Windows\system32\drivers
2009-12-05 23:55:16 ----HD---- C:\ProgramData
2009-12-05 23:38:50 ----AD---- C:\Windows
2009-12-05 23:38:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-12-05 15:25:15 ----D---- C:\Program Files (x86)\Common Files
2009-12-05 14:09:28 ----D---- C:\Program Files (x86)\Cyberlink
2009-12-05 14:08:29 ----D---- C:\Windows\winsxs
2009-12-05 11:48:34 ----D---- C:\Windows\SysWOW64
2009-12-05 11:48:34 ----A---- C:\Windows\system32\H@tKeysH@@k.DLL
2009-12-04 22:16:39 ----RD---- C:\Program Files
2009-12-04 20:33:58 ----D---- C:\Program Files (x86)\EA Games
2009-12-03 20:02:20 ----D---- C:\Program Files (x86)\Sierra
2009-12-03 19:57:15 ----D---- C:\Program Files (x86)\Serials 2005
2009-12-02 21:59:48 ----D---- C:\Program Files (x86)\SlySoft
2009-12-02 18:06:01 ----RSD---- C:\Windows\assembly
2009-12-01 19:31:56 ----D---- C:\Program Files (x86)\ThreatFire
2009-12-01 13:41:09 ----D---- C:\Windows\Microsoft.NET
2009-11-30 18:58:35 ----D---- C:\Windows\Registration
2009-11-30 18:40:21 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-11-27 16:03:50 ----D---- C:\Program Files (x86)\CAPCOM
2009-11-27 14:10:06 ----D---- C:\Windows\system32\RTCOM
2009-11-27 13:56:27 ----D---- C:\Program Files (x86)\DriverGenius
2009-11-26 19:00:11 ----RSD---- C:\Windows\Fonts
2009-11-26 15:31:56 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2009-11-26 14:24:51 ----D---- C:\Windows\rescache
2009-11-25 23:16:56 ----D---- C:\Windows\system32\de-DE
2009-11-25 20:42:57 ----D---- C:\Program Files (x86)\Croteam
2009-11-24 19:38:37 ----SHD---- C:\System Volume Information
2009-11-23 22:17:21 ----D---- C:\Windows\Help
2009-11-23 21:31:03 ----D---- C:\Windows\system32\ZoneLabs
2009-11-22 17:18:32 ----D---- C:\Program Files (x86)\Ubisoft
2009-11-22 10:10:01 ----D---- C:\Windows\ShellNew
2009-11-21 22:02:43 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-11-21 17:01:17 ----D---- C:\Program Files (x86)\ArtMoney
2009-11-20 23:55:34 ----D---- C:\Program Files (x86)\Combat Arms EU
2009-11-20 17:21:03 ----D---- C:\Windows\system32\en-US
2009-11-20 17:21:02 ----D---- C:\Windows\system32\wbem
2009-11-20 17:20:42 ----D---- C:\Windows\PolicyDefinitions
2009-11-19 20:18:15 ----D---- C:\Program Files (x86)\Eidos Interactive
2009-11-19 06:37:14 ----D---- C:\Program Files (x86)\Internet Explorer
2009-11-16 15:36:19 ----RD---- C:\Users
2009-11-15 22:21:19 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2009-11-15 22:15:36 ----SD---- C:\Windows\Downloaded Program Files
2009-11-15 22:15:36 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2009-11-15 19:49:30 ----D---- C:\Program Files (x86)\AVS4YOU
2009-11-15 19:48:54 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2009-11-12 22:24:31 ----SHD---- C:\Boot
2009-11-12 20:48:14 ----D---- C:\Windows\Debug
2009-11-11 06:38:57 ----D---- C:\Program Files (x86)\Windows Mail
2009-11-11 06:35:20 ----D---- C:\Program Files (x86)\McAfee
2009-11-08 15:41:18 ----A---- C:\Windows\EuBcd.ini
2009-11-08 14:06:01 ----D---- C:\Windows\Tasks
2009-11-08 13:40:24 ----D---- C:\Program Files (x86)\Messenger Plus! Live
2009-11-08 13:30:30 ----D---- C:\Program Files (x86)\Vidalia Bundle
2009-11-08 12:51:31 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2009-11-07 18:33:54 ----D---- C:\Program Files (x86)\Serials World Portable
2009-11-07 16:46:17 ----D---- C:\Program Files (x86)\Left 4 Dead

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Treiber\vmm.sys []
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-10-17 440520]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/02 20:29:19]; \??\C:\Program Files (x86)\HomeCinema\PowerDVD9\000.fcl [2009-09-01 146928]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-11-04 121280]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032e.sys []
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28ux.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys []
R3 ZSMC301b;Vimicro USB PC Camera (ZC0301PL); C:\Windows\System32\Drivers\usbVM31b.sys []
S3 cpuz130;cpuz130; \??\C:\Users\xxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 DCamUSBVM;Lenovo Q350 USB PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2009-02-25 9728]
S3 esihdrv;esihdrv; \??\C:\Users\xxx\AppData\Local\Temp\esihdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2009-02-25 3072]
S3 GPUTool;GPUTool; \??\C:\Users\xxx\AppData\Local\Temp\GPUTool.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2004-02-03 32768]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2008-09-15 743192]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 astcc;AST Service; C:\Windows\system32\astsrv.exe [2009-02-13 57344]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 nHancer;nHancer Support; C:\Program Files\nHancer\nHancerService.exe [2009-10-04 39424]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PunkBuster; C:\Program Files (x86)\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe [2008-11-03 63040]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2009-02-25 247152]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 ThreatFire;ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [2009-11-23 70928]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe []
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2009-10-17 2384240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 2297216]
S2 GameJackalService;Game Jackal service; C:\Program Files (x86)\SlySoft\Game Jackal\Game Jackal\GJService.exe []
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 DfSdkS;Defragmentation-Service; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-20 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-20 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 660256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-09-04 3347280]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2004-02-03 86016]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]

-----------------EOF-----------------
Bericht von Malware folgt noch....

MfG

und Danke!
__________________
Nehm' das Leben nicht so ernst -
Du kommst eh' nicht lebend raus!
Geändert von Big Brain (06.12.2009 um 14:40 Uhr)

 

Themen zu 50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg..
antivir, antivir guard, avgntflt.sys, avira, bho, bonjour, browser, desktop, device driver, diagnostics, email, firefox, flash player, fontcache, hdaudio.sys, home, home premium, hängen, lenovo, local\temp, logfile, malwarebytes' anti-malware, menu.exe, need for speed, nicht starten, notepad.exe, nvlddmkm.sys, pdf-datei, plug-in, preferences, registry, rootkit, safer networking, scan, security, senden, siteadvisor, software, starten, studio, system, syswow64, updates, usbaapl64, virtual machine, vista, visual studio, windows, wireless lan, wlidsvc.exe, wscript.exe, zone alarm


« Rechner versäucht. Massive Virenprobleme. HiJack Log | Erneut ein Virus-Logfile ist dabei? »


Ähnliche Themen: 50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg..


  1. Probleme mit Click to save Deal Finder & Click to Continue
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (9)
  2. 59 Funde mit Malwarebyts (Registy)
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (23)
  3. GVU-Trojaner - Ordner gesperrt
    Log-Analyse und Auswertung - 07.08.2012 (4)
  4. Ordner vom alten Windows XP gesperrt
    Alles rund um Windows - 29.03.2011 (5)
  5. Trojaner im Ordner System Volume Information..
    Plagegeister aller Art und deren Bekämpfung - 02.05.2010 (2)
  6. cc löschte teile der Registy
    Alles rund um Windows - 20.03.2010 (10)
  7. Windows Ordner in Nicht-System-Partition
    Log-Analyse und Auswertung - 14.08.2009 (2)
  8. System Message Click here for Details!
    Plagegeister aller Art und deren Bekämpfung - 13.06.2008 (43)
  9. Nicht löschbarer Virus im System Ordner
    Plagegeister aller Art und deren Bekämpfung - 17.01.2008 (1)
  10. vwbrwhj.exe Findet ss&D in system 32 ordner
    Plagegeister aller Art und deren Bekämpfung - 05.12.2007 (1)
  11. 2 System Volume Information Ordner?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2007 (1)
  12. Mein System 32 Ordner ist verschwunden...
    Plagegeister aller Art und deren Bekämpfung - 26.11.2006 (1)
  13. "Temp"-Ordner nicht deleted (JS/Click.Tagem.A)
    Plagegeister aller Art und deren Bekämpfung - 18.06.2006 (4)
  14. Trojaner meldung im ordner System 32
    Plagegeister aller Art und deren Bekämpfung - 07.06.2006 (18)
  15. Für was ist der Ordner System Volume Informaition gut???
    Alles rund um Windows - 05.07.2005 (3)
  16. Trojaner im Ordner System Volume Information
    Plagegeister aller Art und deren Bekämpfung - 07.12.2004 (6)
  17. Ordner gesperrt!?
    Alles rund um Windows - 01.02.2004 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg.. - Guten Tag zusammen.... wie in der überschrift steht hatte ich über 50 mal den "TR/Click.AdClicer.c" und habe ihn mit meine Avira AntiVir entfern...jedoch können manche Programme, Setups und Spiele nicht - 50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg.....
Archiv
Du betrachtest: 50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131