Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Sicherheitscenter gesperrt/ Google redirect Trojaner

Windows Sicherheitscenter gesperrt/ Google redirect Trojaner


Log-Analyse und Auswertung: Windows Sicherheitscenter gesperrt/ Google redirect Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.06.2011, 19:31   #1
Rici
 
Windows Sicherheitscenter gesperrt/ Google redirect Trojaner - Standard

Windows Sicherheitscenter gesperrt/ Google redirect Trojaner


Hi,

Ich komme bei meinem Trojaner/Virus-Problem einfach nicht weiter und bitte nun euch um Hilfe.
Neulich habe ich ein Flash-Player-Update von einer Video-webseite heruntergeladen, da mir angezeigt wurde, dass ich die neuste version brauche um fortfahren zu können.



Das kam mir schon sehr merkwürdig vor, da ich schon die aktuelle Version installiert habe und dieses update offensichtlich nicht von adobe selber stammt.
Dennoch, habe ich es per Firefox-download auf meinem Desktop gespeichert.
Mit einem doppelklick wollte ich das update installieren, aber stattdessen passierte etwas sehr merkwürdiges. Die besagte datei verschwand einfach vom Desktop. Da wurde mir klar das ich wohl einen großen Fehler gemacht habe.

Nach Neustart, bemerkte ich auch schon eine Veränderung. Das Windows- Wartungscenter zeigte eine wichtige Meldung an:

Dienst 'Windows-Sicherheitscenter' aktivieren (Wichtig)

Jedoch habe ich das Sicherheitscenter nie deaktiviert. Wenn ich es aber wieder aktivieren will kommt diese Meldung:



Außerdem scheint Firefox mit dem Google Redirect Trojaner infiziert zu sein.
(Darunter scheinen Ja mehrer User zu leiden)
Denn wenn ich eines der Suchergebnisse anklicke werde ich immer zu sehr verdächtig aussehenden Seiten weitergeleitet, mit vielen pop-ups. Erst nach mehrmaligem klicken auf das Suchergebnis komme ich zur richtigen Seite.

Während dem Surfen mit Firefox kommen ab und zu auch pop-ups die in einem Windows Internetexplorer-Fenster geöffnet werden. Sehr eingenartig, da Firefox Standardbrowser ist.

Das sind also die Probleme die mir aufgefallen sind
Hier sind noch die Logs von defogger und OTL:

OTL Log

Code:
ATTFilter
OTL logfile created on: 22.06.2011 19:50:38 - Run 4
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Ricardo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,77% Memory free
7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 790,73 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
 
Computer Name: RICI | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ricardo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ricardo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)
DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)
DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)
DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)
DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F B5 87 0E A2 C5 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.22 17:28:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.22 17:28:07 | 000,000,000 | ---D | M]
 
[2011.01.29 12:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Extensions
[2011.02.12 14:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Firefox\Profiles\qw4vk97c.default\extensions
[2011.01.30 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.30 18:17:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.07 20:58:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 20:58:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.07 20:58:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.07 20:58:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.07 20:58:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14ff2d3c-410b-11e0-ae63-90e6ba2e8cd2}\Shell - "" = AutoRun
O33 - MountPoints2\{14ff2d3c-410b-11e0-ae63-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{260b99cf-2bb4-11e0-9e6f-90e6ba2ea1e2}\Shell - "" = AutoRun
O33 - MountPoints2\{260b99cf-2bb4-11e0-9e6f-90e6ba2ea1e2}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{67f0228a-41dc-11e0-abde-90e6ba2e8cd2}\Shell - "" = AutoRun
O33 - MountPoints2\{67f0228a-41dc-11e0-abde-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{7d03377a-2b8e-11e0-a43a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7d03377a-2b8e-11e0-a43a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchBFII.exe
O33 - MountPoints2\{8104ab41-9882-11e0-8b31-90e6ba2e8cd2}\Shell - "" = AutoRun
O33 - MountPoints2\{8104ab41-9882-11e0-8b31-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.22 19:29:00 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe
[2011.06.22 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Malwarebytes
[2011.06.22 17:49:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.06.22 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.22 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.22 17:49:21 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.06.22 17:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.06.19 19:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.06.19 19:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.06.19 19:43:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2011.06.19 19:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.06.19 19:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.06.19 19:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.06.19 19:41:53 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2011.06.19 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Microsoft Help
[2011.06.19 12:50:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.06.17 03:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.06.17 03:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.06.17 02:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.06.16 19:17:38 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.06.16 19:17:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.06.16 19:17:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.06.16 19:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.06.16 19:16:30 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.06.16 17:16:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Custom Login Screen
[2011.06.10 14:18:31 | 000,158,760 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mdm.sys
[2011.06.10 14:18:31 | 000,151,592 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029unic.sys
[2011.06.10 14:18:31 | 000,139,304 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mgmt.sys
[2011.06.10 14:18:31 | 000,135,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029obex.sys
[2011.06.10 14:18:31 | 000,116,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029bus.sys
[2011.06.10 14:18:31 | 000,034,856 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029nd5.sys
[2011.06.10 14:18:31 | 000,019,496 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mdfl.sys
[2011.06.10 14:18:31 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029whnt.sys
[2011.06.10 14:18:31 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029wh.sys
[2011.06.10 14:18:31 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cmnt.sys
[2011.06.10 14:18:31 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cm.sys
[2011.06.10 14:18:31 | 000,013,864 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cr.sys
[2011.06.08 19:42:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.07 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Nem's Tools
[2011.06.07 16:30:41 | 000,000,000 | ---D | C] -- C:\Programme\Nem's Tools
[2011.06.07 15:29:24 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Fonts
[2011.06.02 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Half-Life 2
[2011.06.01 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn
[2011.06.01 15:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011.05.26 21:23:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011.05.26 21:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.05.26 21:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011.05.26 21:21:27 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2011.05.26 21:21:27 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2011.05.26 21:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2011.05.26 21:21:25 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.05.26 21:21:25 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.05.26 21:21:25 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.05.26 21:21:25 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.05.26 21:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.05.26 21:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
[2011.05.26 19:17:03 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.05.25 06:26:56 | 009,359,872 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011.05.25 05:53:28 | 023,336,960 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011.05.25 05:31:38 | 017,940,992 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011.05.25 05:07:58 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011.05.25 05:07:48 | 000,688,128 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011.05.25 05:04:16 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011.05.25 05:04:10 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.05.25 05:03:38 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.05.25 05:02:30 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.05.25 05:02:16 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011.05.25 05:02:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011.05.25 05:02:00 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011.05.25 05:01:54 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.05.25 05:01:50 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011.05.25 05:01:46 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011.05.25 05:00:00 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011.05.25 04:59:38 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011.05.25 04:59:26 | 003,810,816 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011.05.25 04:58:52 | 004,219,904 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011.05.25 04:50:38 | 004,017,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011.05.25 04:47:40 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011.05.25 04:47:38 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011.05.25 04:47:30 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011.05.25 04:47:28 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011.05.25 04:47:18 | 008,489,472 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011.05.25 04:43:52 | 006,847,488 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011.05.25 04:39:16 | 004,330,496 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011.05.25 04:33:04 | 005,486,592 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011.05.25 04:26:18 | 000,366,592 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011.05.25 04:26:12 | 000,262,144 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011.05.25 04:26:04 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011.05.25 04:25:58 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011.05.25 04:25:48 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011.05.25 04:25:42 | 000,309,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011.05.25 04:24:50 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011.05.25 04:24:44 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011.05.25 04:24:36 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011.05.25 04:24:08 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011.05.24 23:44:04 | 016,672,768 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011.05.24 23:43:50 | 012,798,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.22 19:30:32 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.22 19:30:32 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.22 19:29:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe
[2011.06.22 19:27:38 | 001,528,826 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.22 19:27:38 | 000,664,840 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.22 19:27:38 | 000,625,022 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.22 19:27:38 | 000,134,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.22 19:27:38 | 000,110,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.22 19:26:57 | 000,000,000 | ---- | M] () -- C:\Users\Ricardo\defogger_reenable
[2011.06.22 19:26:07 | 000,050,477 | ---- | M] () -- C:\Users\Ricardo\Desktop\Defogger.exe
[2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\qtmceqzy.job
[2011.06.22 19:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.22 19:23:06 | 3218,903,040 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.22 19:22:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.06.22 19:04:53 | 000,055,770 | ---- | M] () -- C:\Users\Ricardo\Desktop\error1.jpg
[2011.06.22 19:03:53 | 000,040,069 | ---- | M] () -- C:\Users\Ricardo\Desktop\error2.jpg
[2011.06.22 17:49:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.22 03:38:45 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\pegi-pt0.dll
[2011.06.22 03:29:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.19 02:45:50 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.17 03:39:15 | 000,417,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.17 00:14:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.17 00:11:30 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.26 21:22:22 | 000,000,568 | ---- | M] () -- C:\Users\Ricardo\Desktop\DiRT 3.lnk
[2011.05.26 21:21:25 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.05.26 21:21:25 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.05.26 21:21:25 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.05.26 21:21:25 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011.05.25 05:53:28 | 023,336,960 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011.05.25 05:31:38 | 017,940,992 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011.05.25 05:08:34 | 000,166,624 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.05.25 05:07:58 | 000,151,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011.05.25 05:07:48 | 000,688,128 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011.05.25 05:06:38 | 000,811,008 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2011.05.25 05:04:16 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011.05.25 05:04:10 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.05.25 05:02:30 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.05.25 05:02:16 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011.05.25 05:02:10 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011.05.25 05:02:00 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011.05.25 05:01:54 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.05.25 05:01:50 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011.05.25 05:01:46 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011.05.25 05:00:00 | 001,113,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011.05.25 04:59:38 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011.05.25 04:59:26 | 003,810,816 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011.05.25 04:58:52 | 004,219,904 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011.05.25 04:55:20 | 001,127,552 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.05.25 04:50:38 | 004,017,152 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011.05.25 04:49:54 | 001,127,552 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011.05.25 04:49:44 | 005,008,384 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2011.05.25 04:47:40 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011.05.25 04:47:38 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011.05.25 04:47:30 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011.05.25 04:47:28 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011.05.25 04:47:18 | 008,489,472 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011.05.25 04:43:52 | 006,847,488 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011.05.25 04:39:16 | 004,330,496 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011.05.25 04:33:04 | 005,486,592 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011.05.25 04:26:18 | 000,366,592 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011.05.25 04:26:12 | 000,262,144 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011.05.25 04:26:04 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011.05.25 04:25:58 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011.05.25 04:25:48 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011.05.25 04:24:58 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2011.05.25 04:24:50 | 000,031,744 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011.05.25 04:24:44 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011.05.25 04:24:36 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011.05.25 04:24:08 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011.05.25 04:19:00 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011.05.24 23:44:30 | 000,061,952 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.24 23:44:04 | 016,672,768 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011.05.24 23:43:50 | 012,798,976 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.22 19:26:57 | 000,000,000 | ---- | C] () -- C:\Users\Ricardo\defogger_reenable
[2011.06.22 19:26:06 | 000,050,477 | ---- | C] () -- C:\Users\Ricardo\Desktop\Defogger.exe
[2011.06.22 19:03:50 | 000,040,069 | ---- | C] () -- C:\Users\Ricardo\Desktop\error2.jpg
[2011.06.22 18:19:37 | 000,055,770 | ---- | C] () -- C:\Users\Ricardo\Desktop\error1.jpg
[2011.06.22 17:49:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.22 03:38:45 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\pegi-pt0.dll
[2011.06.22 03:38:45 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\qtmceqzy.job
[2011.06.17 03:47:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.06.17 00:11:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.05.26 21:22:22 | 000,000,568 | ---- | C] () -- C:\Users\Ricardo\Desktop\DiRT 3.lnk
[2011.05.25 05:08:34 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.05.25 04:55:20 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.05.25 04:49:54 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011.05.24 23:44:30 | 000,061,952 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.11 15:27:23 | 000,000,095 | ---- | C] () -- C:\Users\Ricardo\AppData\Local\fusioncache.dat
[2011.03.10 17:11:22 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.10 17:11:20 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.03.10 17:11:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.06 16:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.01.30 18:18:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.30 03:16:50 | 001,554,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.29 16:17:33 | 000,053,248 | ---- | C] () -- C:\Windows\PhysXLoader.dll
[2011.01.20 18:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.03.20 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\ICQ
[2011.06.01 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn
[2011.04.17 17:42:20 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Leadertech
[2011.02.13 17:00:50 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Rainmeter
[2011.06.19 19:38:53 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\SoftGrid Client
[2011.01.30 03:17:49 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\TP
[2011.04.29 01:23:15 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Tunngle
[2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\qtmceqzy.job
[2011.06.09 22:34:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Extras Log

Code:
ATTFilter
OTL Extras logfile created on: 22.06.2011 19:50:38 - Run 4
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Ricardo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,77% Memory free
7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 790,73 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
 
Computer Name: RICI | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GCFScape_is1" = GCFScape 1.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.22
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EADM" = EA Download Manager
"FAKEFACTORY CM10V10.90" = FAKEFACTORY Cinematic Mod V10
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base 2006
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Tunngle beta_is1" = Tunngle beta
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.04.2011 07:05:26 | Computer Name = Rici | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 09.04.2011 11:06:51 | Computer Name = Rici | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 15.04.2011 19:03:09 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 16.04.2011 12:38:05 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2Launcher.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4d627e32  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e046  ID des fehlerhaften
 Prozesses: 0xd30  Startzeit der fehlerhaften Anwendung: 0x01cbfc54a82da391  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2Launcher.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: e69fc0a8-6847-11e0-927e-90e6ba2e8cd2
 
Error - 25.04.2011 14:21:01 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 30.04.2011 08:06:10 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: portal2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d4c804d  Name des fehlerhaften Moduls: valve_avi.dll, Version: 0.0.0.0, Zeitstempel:
 0x4daf664a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004553  ID des fehlerhaften Prozesses:
 0xcb0  Startzeit der fehlerhaften Anwendung: 0x01cc072bcc606994  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Valve\Portal 2\portal2.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\valve\portal 2\bin\valve_avi.dll  Berichtskennung:
 3be70dd9-7322-11e0-9338-90e6ba2e8cd2
 
Error - 30.04.2011 14:53:25 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2Launcher.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4d627e32  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e046  ID des fehlerhaften
 Prozesses: 0xbfc  Startzeit der fehlerhaften Anwendung: 0x01cc0767e0a23a52  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2Launcher.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 202d39c9-735b-11e0-9338-90e6ba2e8cd2
 
Error - 01.05.2011 12:14:07 | Computer Name = Rici | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.1.0.104 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e58    Startzeit: 
01cc08178e3b121d    Endzeit: 37    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:
 07c319c4-740e-11e0-8b3e-90e6ba2e8cd2  
 
Error - 08.05.2011 06:44:11 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 08.05.2011 08:49:00 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DiRT.exe, Version: 1.2.0.0, Zeitstempel:
 0x470a16d0  Name des fehlerhaften Moduls: DiRT.exe, Version: 1.2.0.0, Zeitstempel:
 0x470a16d0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00562470  ID des fehlerhaften Prozesses:
 0xb30  Startzeit der fehlerhaften Anwendung: 0x01cc0d7e144cbe92  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Codemasters\DiRT\DiRT.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Codemasters\DiRT\DiRT.exe  Berichtskennung: 8b292997-7971-11e0-9d81-90e6ba2e8cd2
 
[ System Events ]
Error - 19.06.2011 17:02:20 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 19.06.2011 20:07:50 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 20.06.2011 06:21:03 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 20.06.2011 21:47:28 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 21.06.2011 11:43:41 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 21.06.2011 21:50:58 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 22.06.2011 11:31:06 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 22.06.2011 11:56:01 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 22.06.2011 13:00:14 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
Error - 22.06.2011 13:22:25 | Computer Name = Rici | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
--- --- ---


Defogger Log:
PHP-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:26 on 22/06/2011 (Ricardo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=- 
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht Name: error1.jpg Hits: 1271 Größe: 54,5 KB ID: 19425   Klicken Sie auf die Grafik für eine größere Ansicht Name: error2.jpg Hits: 1414 Größe: 39,1 KB ID: 19426  
Geändert von Rici (22.06.2011 um 19:54 Uhr)

 

Themen zu Windows Sicherheitscenter gesperrt/ Google redirect Trojaner
64-bit, 7-zip, adobe, aktiviere, aktivieren, aktuelle, angezeigt, black, brauche, c:\windows\system32\rundll32.exe, call of duty, datei, desktop, dienst, einfach, fehler, google, google redirect, grand theft auto, install.exe, installieren, installiert, langs, meldung, merkwürdig, metro, microsoft office starter 2010, msiinstaller, neustart, neuste, ntdll.dll, plug-in, redirect, richtlinie, sched.exe, searchplugins, shell32.dll, shortcut, sicherheitscenter, start menu, super, syswow64, trojane, trojaner, vdeck.exe, version, webcheck, wichtige, windows


« Anwendungen lassen sich nicht starten | Metropolitan Police Virus »


Ähnliche Themen: Windows Sicherheitscenter gesperrt/ Google redirect Trojaner


  1. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 25.11.2017 (12)
  2. Google Redirect Virus entfernen bei Windows 8
    Log-Analyse und Auswertung - 07.06.2015 (5)
  3. Windows-XP Google Redirect Virus?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (27)
  4. Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 31.07.2013 (20)
  5. Google Redirect Virus und Windows Sicherheitscenter deaktiviert und lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 10.03.2013 (16)
  6. Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen
    Log-Analyse und Auswertung - 26.12.2012 (32)
  7. Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 16.12.2012 (10)
  8. Redirect bei Google-Suchergebnissen und kein Einschalten von Windows-Sicherheitscenter möglich
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (1)
  9. Redirect + Windows-Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 06.09.2012 (17)
  10. Google Redirect, Windows Sicherheitscenter inaktiv
    Log-Analyse und Auswertung - 20.04.2012 (22)
  11. HILFE Bitte: Windows-Sicherheitscenter: Ihr Computer wurde gesperrt...
    Log-Analyse und Auswertung - 16.04.2012 (11)
  12. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 01.03.2012 (21)
  13. google redirect , windows-sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 05.01.2012 (2)
  14. goingonearth Redirect & Windows Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 21.06.2011 (24)
  15. Goingonearth redirect und Sicherheitscenter-Deaktivierung
    Log-Analyse und Auswertung - 13.06.2011 (4)
  16. Windows 7 Restore, Google Redirect.
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (2)
  17. Google redirect / Sicherheitscenter nicht aktivierbar
    Log-Analyse und Auswertung - 14.04.2011 (20)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Sicherheitscenter gesperrt/ Google redirect Trojaner - Hi, Ich komme bei meinem Trojaner/Virus-Problem einfach nicht weiter und bitte nun euch um Hilfe. Neulich habe ich ein Flash-Player-Update von einer Video-webseite heruntergeladen, da mir angezeigt wurde, dass ich - Windows Sicherheitscenter gesperrt/ Google redirect Trojaner...
Archiv
Du betrachtest: Windows Sicherheitscenter gesperrt/ Google redirect Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131