Home » Viren, Trojaner & Malware Forum » Windows 7 64bit - Extrem langsam » Themenansicht

Windows 7 64bit - Extrem langsam
#0
10.07.2010, 11:50
Yakavetta
...neu hier

Beiträge: 7
#1 Hallo,
Seit heute morgen ist mein PC extremst langsam. Das geht soweit, das ich nichts mehr dran machen kann, da allein das öffnen des Browsers 5 Minuten dauert.
Der Prozessor ist laut anzeige keineswegs überlastet. Im abgesichterten Modus läuft alles flüssig. Dieser Log ist leider vom abgesichterten, ich weiß jetzt nicht in wie fern das es beinflussen kann.

Hier der Hijack log:


Code

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:24, on 10.07.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Peter Lustig\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Peter Lustig\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Windows\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files (x86)\vghd\vghd.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: STK02H 2.0 PNP Monitor.lnk = ?
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Peter Lustig\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\SysWow64\Shdocvw.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RDShutdown Service (RDShutdown) - ND - D:\Eigenes 2 (Original)\DShutdown\RDShutdown.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11369 bytes
[/img]
Seitenanfang Seitenende
10.07.2010, 13:26
Swisstreasure
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Bitte führe wenn es irgendwie geht den OTL Scan im Normalmodus aus.

Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
10.07.2010, 13:54
Yakavetta
...neu hier

Themenstarter

Beiträge: 7
#3 Windows hat ein paar Dateien von sich aus verändert. Es läuft was stabiler aber macht immer noch keinen gesunden Eindruck.

Hier OTL LOG


Code

OTL logfile created on: 10.07.2010 13:50:12 - Run 1
OTL by OldTimer - Version 3.2.8.1     Folder = C:\Users\Peter Lustig\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390,63 Gb Total Space | 74,43 Gb Free Space | 19,05% Space Free | Partition Type: NTFS
Drive D: | 308,00 Gb Total Space | 162,80 Gb Free Space | 52,86% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Peter Lustig
Current User Name: Peter Lustig
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Peter Lustig\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program PRC - C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe (Take-Two Interactive Software, Inc.)
PRC - D:\Eigenes 2 (Original)\DShutdown\RDShutdown.exe (ND)
PRC - C:\Windows\STK02H\STK02HM.exe (Syntek Ltd.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Peter Lustig\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Xfire\xfire_toucan_42784.dll (Xfire Inc.)
MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr71.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (RDShutdown) -- D:\Eigenes 2 (Original)\DShutdown\RDShutdown.exe (ND)
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (SSHDRV52) -- C:\Windows\SysNative\drivers\SSHDRV52.sys File not found
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (nvoclk64) -- C:\Windows\SysNative\drivers\nvoclk64.sys (NVIDIA Corp.)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:[b]64bit:[/b] - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:[b]64bit:[/b] - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:[b]64bit:[/b] - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:[b]64bit:[/b] - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV:[b]64bit:[/b] - (SaiH0255) -- C:\Windows\SysNative\drivers\SaiH0255.sys (Saitek)
DRV:[b]64bit:[/b] - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\SysNative\drivers\s116unic.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s116obex) -- C:\Windows\SysNative\drivers\s116obex.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s116mgmt.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\SysNative\drivers\s116nd5.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s116mdm) -- C:\Windows\SysNative\drivers\s116mdm.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s116mdfl) -- C:\Windows\SysNative\drivers\s116mdfl.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\SysNative\drivers\s116bus.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (SSHDRV52) -- C:\Windows\SysWOW64\drivers\SSHDRV52.sys ()
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (cpuz132) -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz64.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WINIO) -- C:\Users\Peter Lustig\Special Tools\Dicing NavyField\1250bis1750secs findallNOpot\winio.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 1B 65 FB 21 83 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Peter Lustig\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.28 17:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.28 17:49:40 | 000,000,000 | ---D | M]
 
[2010.02.01 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\Peter Lustig\AppData\Roaming\mozilla\Extensions
[2010.05.23 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Peter Lustig\AppData\Roaming\mozilla\Firefox\Profiles\ry3ulra1.default\extensions
[2010.05.23 19:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Lustig\AppData\Roaming\mozilla\Firefox\Profiles\ry3ulra1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.04 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Peter Lustig\AppData\Roaming\mozilla\Firefox\Profiles\uyp2fdqc.default\extensions
[2010.02.01 22:40:39 | 000,000,687 | ---- | M] () -- C:\Users\Peter Lustig\AppData\Roaming\Mozilla\FireFox\Profiles\uyp2fdqc.default\searchplugins\icq-search.xml
[2010.03.24 22:22:45 | 000,000,950 | ---- | M] () -- C:\Users\Peter Lustig\AppData\Roaming\Mozilla\FireFox\Profiles\uyp2fdqc.default\searchplugins\icqplugin.xml
[2010.07.10 12:32:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.06.26 11:23:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009.10.05 19:34:50 | 000,118,000 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\qippipe.dll
[2010.06.26 11:23:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Peter Lustig\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [boincmgr] C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files (x86)\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [LVCOMS] C:\Windows\SysWow64\LVCOMS.EXE File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Peter Lustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Peter Lustig\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Peter Lustig\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{16c6a567-2457-11df-aee1-0022150e5e44}\Shell - "" = AutoRun
O33 - MountPoints2\{16c6a567-2457-11df-aee1-0022150e5e44}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{4489ca3e-ef12-11de-a9e8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4489ca3e-ef12-11de-a9e8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{7126180c-1b35-11e0-a594-0022150e5e44}\Shell - "" = AutoRun
O33 - MountPoints2\{7126180c-1b35-11e0-a594-0022150e5e44}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.01.08 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010.07.10 13:24:19 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.07.10 12:31:00 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\ArmA 2 - Kopie
[2010.07.10 11:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.07.10 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\AppData\Roaming\Malwarebytes
[2010.07.10 11:37:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.10 11:37:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.10 11:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.10 11:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.10 11:31:39 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.07.06 18:29:47 | 000,000,000 | ---D | C] -- C:\FSDownloader
[2010.07.06 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\AppData\Roaming\Football Superstars
[2010.07.06 17:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010.07.04 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\AppData\Roaming\skypePM
[2010.07.04 18:06:46 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\AppData\Roaming\TeamViewer
[2010.07.02 14:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.07.02 14:02:03 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.07.02 14:02:03 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.07.02 14:02:03 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.07.02 14:02:03 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.07.02 14:02:01 | 021,662,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.07.02 14:02:01 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.07.02 14:02:01 | 003,184,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010.07.02 14:02:01 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010.07.02 14:02:01 | 000,405,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.07.02 14:02:01 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.07.02 14:02:00 | 012,338,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.07.02 14:02:00 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.07.02 14:02:00 | 002,867,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.07.02 14:02:00 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.07.02 14:02:00 | 002,291,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.07.02 14:02:00 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.07.02 14:01:58 | 014,511,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.07.02 14:01:58 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.07.02 14:01:58 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.07.02 14:01:58 | 001,592,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.07.02 14:01:58 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll
[2010.07.02 14:01:58 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.06.27 13:13:44 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\Documents\Warlords Battlecry II
[2010.06.27 13:12:39 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.06.27 13:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubi Soft
[2010.06.26 19:20:44 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\Desktop\Deep Horizion
[2010.06.26 11:24:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.06.26 11:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.06.26 11:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.06.26 11:23:52 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.06.26 11:23:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.06.26 11:23:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.06.26 11:23:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.06.26 11:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.06.25 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\AppData\Local\Microsoft_Research
[2010.06.25 15:24:18 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\Documents\WWT Collections
[2010.06.25 15:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Research
[2010.06.23 16:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2010.06.19 12:25:27 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\Documents\Battlefield 2
[2010.06.14 17:04:51 | 000,000,000 | ---D | C] -- C:\Users\Peter Lustig\AppData\Roaming\Mumble(PR Edition)
[2010.06.14 17:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble(PR Edition)
[2010.06.11 13:22:58 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.11 13:22:58 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.11 13:22:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.11 13:22:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[13 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.01.08 16:41:03 | 000,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.07.10 13:46:20 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.07.10 13:43:50 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys
[2010.07.10 13:43:50 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin
[2010.07.10 13:43:45 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.10 13:43:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.10 13:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.10 13:43:33 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.10 13:41:29 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.10 13:41:29 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.10 13:26:42 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.10 13:25:44 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010.07.10 13:09:31 | 002,883,584 | -HS- | M] () -- C:\Users\Peter Lustig\ntuser.dat
[2010.07.10 11:44:09 | 000,002,057 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\HijackThis.lnk
[2010.07.10 11:37:08 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.10 00:01:25 | 000,844,708 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\415.jpg
[2010.07.06 12:03:51 | 000,001,522 | ---- | M] () -- C:\Users\Peter Lustig\.recently-used.xbel
[2010.07.05 00:22:23 | 008,743,040 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\paniq - Godshatter.mp3
[2010.07.05 00:19:42 | 007,751,808 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\paniq - Zum Projekt.mp3
[2010.07.05 00:17:21 | 009,621,632 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\paniq - Erleuchte mich.mp3
[2010.07.05 00:14:21 | 009,429,120 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\paniq - I Lie Awake_Der Sturz.mp3
[2010.07.05 00:11:26 | 008,685,696 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Paniq   9876.mp3
[2010.07.05 00:09:36 | 017,768,576 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Paniq - Liberation.mp3
[2010.07.05 00:06:06 | 014,674,048 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Paniq - Story of Ohm.mp3
[2010.07.05 00:03:28 | 016,224,384 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Paniq - Niemals sterben.mp3
[2010.07.04 23:59:21 | 008,620,160 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\paniq - Elektronische Musik.mp3
[2010.07.04 21:19:34 | 011,477,120 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Paniq - F***' Aye Reloaded 4.0.mp3
[2010.07.04 20:45:58 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.04 18:34:04 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.07.04 18:34:04 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.07.04 17:45:14 | 000,001,924 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Sandbox.lnk
[2010.07.04 11:47:55 | 008,638,592 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Paniq - ...es hilft.mp3
[2010.07.03 21:36:23 | 007,839,872 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Paul van Dyk - 'Home' feat. Johnny McDaid - Ultra Records.mp3
[2010.07.02 21:38:50 | 000,000,710 | ---- | M] () -- C:\Windows\win.ini
[2010.06.29 18:53:53 | 000,000,446 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\LAN-Verbindung - Verknüpfung.lnk
[2010.06.26 19:32:59 | 000,007,604 | ---- | M] () -- C:\Users\Peter Lustig\AppData\Local\resmon.resmoncfg
[2010.06.26 11:23:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.06.26 11:23:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.06.26 11:23:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.06.26 11:23:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.06.26 10:37:08 | 006,471,808 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\2012 Soundtrack - Vitaliy Zavadskyy.mp3
[2010.06.25 15:31:18 | 000,000,383 | ---- | M] () -- C:\config.xml
[2010.06.23 22:24:04 | 000,524,288 | -HS- | M] () -- C:\Users\Peter Lustig\ntuser.dat{54107de4-7eed-11df-8773-0022150e5e44}.TMContainer00000000000000000002.regtrans-ms
[2010.06.23 22:24:04 | 000,524,288 | -HS- | M] () -- C:\Users\Peter Lustig\ntuser.dat{54107de4-7eed-11df-8773-0022150e5e44}.TMContainer00000000000000000001.regtrans-ms
[2010.06.23 22:24:04 | 000,065,536 | -HS- | M] () -- C:\Users\Peter Lustig\ntuser.dat{54107de4-7eed-11df-8773-0022150e5e44}.TM.blf
[2010.06.23 06:40:42 | 023,724,160 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\PR v0.9 preview - Soundtrack.mp3
[2010.06.18 16:36:36 | 000,002,271 | ---- | M] () -- C:\Users\Peter Lustig\Desktop\Project Reality 0917.lnk
[2010.06.12 12:35:02 | 000,294,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[13 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.01.08 16:41:03 | 000,871,408 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.07.10 13:25:44 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010.07.10 12:31:00 | 000,000,812 | ---- | C] () -- C:\Users\Peter Lustig\Checkliste Verreisen - Kopie.txt
[2010.07.10 12:31:00 | 000,000,199 | ---- | C] () -- C:\Users\Peter Lustig\barswf - Kopie.save
[2010.07.10 12:31:00 | 000,000,044 | ---- | C] () -- C:\Users\Peter Lustig\crysis serial - Kopie.txt
[2010.07.10 12:31:00 | 000,000,025 | ---- | C] () -- C:\Users\Peter Lustig\bf heroes - Kopie.txt
[2010.07.10 12:30:58 | 065,096,686 | ---- | C] () -- C:\Users\Peter Lustig\Barrels2_hq_XviD - Kopie.avi
[2010.07.10 11:44:09 | 000,002,057 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\HijackThis.lnk
[2010.07.10 11:37:08 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.10 00:01:25 | 000,844,708 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\415.jpg
[2010.07.06 12:03:51 | 000,001,522 | ---- | C] () -- C:\Users\Peter Lustig\.recently-used.xbel
[2010.07.05 00:22:11 | 008,743,040 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\paniq - Godshatter.mp3
[2010.07.05 00:19:30 | 007,751,808 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\paniq - Zum Projekt.mp3
[2010.07.05 00:17:08 | 009,621,632 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\paniq - Erleuchte mich.mp3
[2010.07.05 00:14:08 | 009,429,120 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\paniq - I Lie Awake_Der Sturz.mp3
[2010.07.05 00:11:16 | 008,685,696 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Paniq   9876.mp3
[2010.07.05 00:09:13 | 017,768,576 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Paniq - Liberation.mp3
[2010.07.05 00:05:49 | 014,674,048 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Paniq - Story of Ohm.mp3
[2010.07.05 00:03:10 | 016,224,384 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Paniq - Niemals sterben.mp3
[2010.07.04 23:59:10 | 008,620,160 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\paniq - Elektronische Musik.mp3
[2010.07.04 21:19:23 | 011,477,120 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Paniq - F***' Aye Reloaded 4.0.mp3
[2010.07.04 20:45:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.04 17:45:14 | 000,001,924 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Sandbox.lnk
[2010.07.04 11:47:44 | 008,638,592 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Paniq - ...es hilft.mp3
[2010.07.03 21:36:13 | 007,839,872 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Paul van Dyk - 'Home' feat. Johnny McDaid - Ultra Records.mp3
[2010.06.29 18:53:53 | 000,000,446 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\LAN-Verbindung - Verknüpfung.lnk
[2010.06.26 10:36:59 | 006,471,808 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\2012 Soundtrack - Vitaliy Zavadskyy.mp3
[2010.06.25 15:31:18 | 000,000,383 | ---- | C] () -- C:\config.xml
[2010.06.23 19:32:57 | 000,524,288 | -HS- | C] () -- C:\Users\Peter Lustig\ntuser.dat{54107de4-7eed-11df-8773-0022150e5e44}.TMContainer00000000000000000002.regtrans-ms
[2010.06.23 19:32:57 | 000,524,288 | -HS- | C] () -- C:\Users\Peter Lustig\ntuser.dat{54107de4-7eed-11df-8773-0022150e5e44}.TMContainer00000000000000000001.regtrans-ms
[2010.06.23 19:32:57 | 000,065,536 | -HS- | C] () -- C:\Users\Peter Lustig\ntuser.dat{54107de4-7eed-11df-8773-0022150e5e44}.TM.blf
[2010.06.23 06:40:11 | 023,724,160 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\PR v0.9 preview - Soundtrack.mp3
[2010.06.14 17:03:23 | 000,002,271 | ---- | C] () -- C:\Users\Peter Lustig\Desktop\Project Reality 0917.lnk
[2010.06.13 12:51:09 | 000,036,388 | ---- | C] () -- C:\Users\Peter Lustig\ighashgpu_results.txt
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.09 14:19:50 | 000,000,107 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.04.29 22:21:21 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.04.18 11:23:51 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.03.24 22:53:35 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.14 14:27:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\vgz.dll
[2010.03.14 14:27:12 | 000,066,048 | ---- | C] () -- C:\Windows\QMDispatch.dll
[2010.03.02 16:59:26 | 000,000,323 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010.02.28 23:13:36 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini
[2010.02.26 12:15:16 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.02.26 12:11:46 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.02.03 21:22:17 | 000,000,208 | ---- | C] () -- C:\Windows\ulead32.ini
[2010.01.10 14:43:17 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009.12.27 18:59:01 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV52.sys
[2009.12.24 03:03:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[1999.08.10 19:02:20 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[1999.08.10 19:02:16 | 000,343,040 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1221 bytes -> C:\t:md5
< End of report >
Dieser Beitrag wurde am 10.07.2010 um 14:57 Uhr von Yakavetta editiert.
Seitenanfang Seitenende
11.07.2010, 00:43
Swisstreasure
Moderator

Beiträge: 5694
#4 Schritt 1

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code

:contents 
F:\autorun.exe
• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


Schritt 2

Fixen mit OTL

• Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Peter Lustig\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
[2009.10.05 19:34:50 | 000,118,000 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\qippipe.dll
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Peter Lustig\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{16c6a567-2457-11df-aee1-0022150e5e44}\Shell - "" = AutoRun
O33 - MountPoints2\{16c6a567-2457-11df-aee1-0022150e5e44}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{4489ca3e-ef12-11de-a9e8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4489ca3e-ef12-11de-a9e8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{7126180c-1b35-11e0-a594-0022150e5e44}\Shell - "" = AutoRun
O33 - MountPoints2\{7126180c-1b35-11e0-a594-0022150e5e44}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
[2010.07.10 11:31:39 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1221 bytes -> C:\t:md5
:Commands
[purity]
[emptytemp]
• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in [url=http://www.hijackthis-forum.de/hijackthis-logfiles/17-wie-erstelle-ich-ein-logfile-update.html#post154284]Code-Tags[/url] in Deinen Thread.

Schritt 3

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
11.07.2010, 11:54
Yakavetta
...neu hier

Themenstarter

Beiträge: 7
#5 Zur zeit kann nich das am Rechner nicht durchführen ;) Mache ich so schnell es geht.

Schritt 3 habe ich schon mal vorher durchgeführt und alles entfernt werde mich trotzdem an 1 bis 3 halten.

Nur eine Anmerkung zu meinem Logfile. Ich benutze zwar die Toolbar von Qip.ru nicht oder die search engine. Beide sind auch nicht bei mir aktviert. Trotzdem nehme ich andere Leistungen von Qip in Anspruch und bin ehrlich gesagt zufrieden.

Warst du da misstrauisch als du qip.ru gesehen hast? Mich begleitet die Software schon Jahre lang.

MfG
Yakavetta
Seitenanfang Seitenende
11.07.2010, 21:25
Swisstreasure
Moderator

Beiträge: 5694
#6 Ich kenne diese leider nicht so gut und wollte sicher sein dass diese nicht die ursache ist. Du kannst sie später wieder installieren.

Und bitte gehe immer der Reihe nach bei der Anleitung.
Seitenanfang Seitenende
12.07.2010, 14:09
Yakavetta
...neu hier

Themenstarter

Beiträge: 7
#7 ich weiß nicht was es war....^^ aber es schien auf der zweiten nicht betriebsystem partition zu sitzen.. habe iwann den nerv verloren und das betriebssystem geplättet
nachdem alles wieder neudrauf gespielt war gings von vorne los^^
jetzt läuft aber wieder alles gott sei dank
trotzdem vielen dank ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1