| |
| |||||||
Log-Analyse und Auswertung: Windows Sicherheitscenter gesperrt/ Google redirect TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.06.2011, 19:31
| #1 |
 |  Windows Sicherheitscenter gesperrt/ Google redirect Trojaner Hi, Ich komme bei meinem Trojaner/Virus-Problem einfach nicht weiter und bitte nun euch um Hilfe. Neulich habe ich ein Flash-Player-Update von einer Video-webseite heruntergeladen, da mir angezeigt wurde, dass ich die neuste version brauche um fortfahren zu können.  Das kam mir schon sehr merkwürdig vor, da ich schon die aktuelle Version installiert habe und dieses update offensichtlich nicht von adobe selber stammt. Dennoch, habe ich es per Firefox-download auf meinem Desktop gespeichert. Mit einem doppelklick wollte ich das update installieren, aber stattdessen passierte etwas sehr merkwürdiges. Die besagte datei verschwand einfach vom Desktop. Da wurde mir klar das ich wohl einen großen Fehler gemacht habe. Nach Neustart, bemerkte ich auch schon eine Veränderung. Das Windows- Wartungscenter zeigte eine wichtige Meldung an: Dienst 'Windows-Sicherheitscenter' aktivieren (Wichtig) Jedoch habe ich das Sicherheitscenter nie deaktiviert. Wenn ich es aber wieder aktivieren will kommt diese Meldung:  Außerdem scheint Firefox mit dem Google Redirect Trojaner infiziert zu sein. (Darunter scheinen Ja mehrer User zu leiden) Denn wenn ich eines der Suchergebnisse anklicke werde ich immer zu sehr verdächtig aussehenden Seiten weitergeleitet, mit vielen pop-ups. Erst nach mehrmaligem klicken auf das Suchergebnis komme ich zur richtigen Seite. Während dem Surfen mit Firefox kommen ab und zu auch pop-ups die in einem Windows Internetexplorer-Fenster geöffnet werden. Sehr eingenartig, da Firefox Standardbrowser ist. Das sind also die Probleme die mir aufgefallen sind Hier sind noch die Logs von defogger und OTL: OTL Log Code:
ATTFilter OTL logfile created on: 22.06.2011 19:50:38 - Run 4 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Ricardo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,77% Memory free 7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 790,73 Gb Free Space | 84,89% Space Free | Partition Type: NTFS Computer Name: RICI | User Name: Ricardo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ricardo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Ricardo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation) DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation) DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation) DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation) DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation) DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation) DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F B5 87 0E A2 C5 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.22 17:28:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.22 17:28:07 | 000,000,000 | ---D | M] [2011.01.29 12:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Extensions [2011.02.12 14:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Firefox\Profiles\qw4vk97c.default\extensions [2011.01.30 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.01.30 18:17:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.03.07 20:58:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.07 20:58:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.07 20:58:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.07 20:58:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.07 20:58:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{14ff2d3c-410b-11e0-ae63-90e6ba2e8cd2}\Shell - "" = AutoRun O33 - MountPoints2\{14ff2d3c-410b-11e0-ae63-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{260b99cf-2bb4-11e0-9e6f-90e6ba2ea1e2}\Shell - "" = AutoRun O33 - MountPoints2\{260b99cf-2bb4-11e0-9e6f-90e6ba2ea1e2}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{67f0228a-41dc-11e0-abde-90e6ba2e8cd2}\Shell - "" = AutoRun O33 - MountPoints2\{67f0228a-41dc-11e0-abde-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{7d03377a-2b8e-11e0-a43a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7d03377a-2b8e-11e0-a43a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchBFII.exe O33 - MountPoints2\{8104ab41-9882-11e0-8b31-90e6ba2e8cd2}\Shell - "" = AutoRun O33 - MountPoints2\{8104ab41-9882-11e0-8b31-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.22 19:29:00 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe [2011.06.22 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Malwarebytes [2011.06.22 17:49:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.06.22 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.22 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.22 17:49:21 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.22 17:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.06.19 19:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.06.19 19:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.06.19 19:43:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2011.06.19 19:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.06.19 19:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.06.19 19:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.06.19 19:41:53 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2011.06.19 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Microsoft Help [2011.06.19 12:50:57 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.06.17 03:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.06.17 03:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.06.17 02:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.06.16 19:17:38 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.06.16 19:17:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.06.16 19:17:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.06.16 19:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.06.16 19:16:30 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.06.16 17:16:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Custom Login Screen [2011.06.10 14:18:31 | 000,158,760 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mdm.sys [2011.06.10 14:18:31 | 000,151,592 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029unic.sys [2011.06.10 14:18:31 | 000,139,304 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mgmt.sys [2011.06.10 14:18:31 | 000,135,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029obex.sys [2011.06.10 14:18:31 | 000,116,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029bus.sys [2011.06.10 14:18:31 | 000,034,856 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029nd5.sys [2011.06.10 14:18:31 | 000,019,496 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mdfl.sys [2011.06.10 14:18:31 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029whnt.sys [2011.06.10 14:18:31 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029wh.sys [2011.06.10 14:18:31 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cmnt.sys [2011.06.10 14:18:31 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cm.sys [2011.06.10 14:18:31 | 000,013,864 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cr.sys [2011.06.08 19:42:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.07 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Nem's Tools [2011.06.07 16:30:41 | 000,000,000 | ---D | C] -- C:\Programme\Nem's Tools [2011.06.07 15:29:24 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Fonts [2011.06.02 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Half-Life 2 [2011.06.01 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn [2011.06.01 15:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2011.05.26 21:23:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2011.05.26 21:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2011.05.26 21:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2011.05.26 21:21:27 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll [2011.05.26 21:21:27 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2011.05.26 21:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2011.05.26 21:21:25 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011.05.26 21:21:25 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011.05.26 21:21:25 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2011.05.26 21:21:25 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2011.05.26 21:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2011.05.26 21:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters [2011.05.26 19:17:03 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2011.05.25 06:26:56 | 009,359,872 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2011.05.25 05:53:28 | 023,336,960 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll [2011.05.25 05:31:38 | 017,940,992 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2011.05.25 05:07:58 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2011.05.25 05:07:48 | 000,688,128 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll [2011.05.25 05:04:16 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll [2011.05.25 05:04:10 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.05.25 05:03:38 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.05.25 05:02:30 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.05.25 05:02:16 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll [2011.05.25 05:02:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll [2011.05.25 05:02:00 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll [2011.05.25 05:01:54 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.05.25 05:01:50 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2011.05.25 05:01:46 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2011.05.25 05:00:00 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll [2011.05.25 04:59:38 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll [2011.05.25 04:59:26 | 003,810,816 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2011.05.25 04:58:52 | 004,219,904 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2011.05.25 04:50:38 | 004,017,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2011.05.25 04:47:40 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2011.05.25 04:47:38 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2011.05.25 04:47:30 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2011.05.25 04:47:28 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2011.05.25 04:47:18 | 008,489,472 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2011.05.25 04:43:52 | 006,847,488 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2011.05.25 04:39:16 | 004,330,496 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2011.05.25 04:38:18 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2011.05.25 04:38:18 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2011.05.25 04:38:14 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2011.05.25 04:38:14 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2011.05.25 04:33:04 | 005,486,592 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2011.05.25 04:26:18 | 000,366,592 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2011.05.25 04:26:12 | 000,262,144 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2011.05.25 04:26:04 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2011.05.25 04:26:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2011.05.25 04:26:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll [2011.05.25 04:25:58 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2011.05.25 04:25:48 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2011.05.25 04:25:42 | 000,309,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2011.05.25 04:24:50 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2011.05.25 04:24:44 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2011.05.25 04:24:36 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2011.05.25 04:24:08 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2011.05.24 23:44:04 | 016,672,768 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll [2011.05.24 23:43:50 | 012,798,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.22 19:30:32 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.22 19:30:32 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.22 19:29:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe [2011.06.22 19:27:38 | 001,528,826 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.22 19:27:38 | 000,664,840 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.22 19:27:38 | 000,625,022 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.22 19:27:38 | 000,134,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.22 19:27:38 | 000,110,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.22 19:26:57 | 000,000,000 | ---- | M] () -- C:\Users\Ricardo\defogger_reenable [2011.06.22 19:26:07 | 000,050,477 | ---- | M] () -- C:\Users\Ricardo\Desktop\Defogger.exe [2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\qtmceqzy.job [2011.06.22 19:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.22 19:23:06 | 3218,903,040 | -HS- | M] () -- C:\hiberfil.sys [2011.06.22 19:22:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.06.22 19:04:53 | 000,055,770 | ---- | M] () -- C:\Users\Ricardo\Desktop\error1.jpg [2011.06.22 19:03:53 | 000,040,069 | ---- | M] () -- C:\Users\Ricardo\Desktop\error2.jpg [2011.06.22 17:49:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.22 03:38:45 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\pegi-pt0.dll [2011.06.22 03:29:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.19 02:45:50 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.17 03:39:15 | 000,417,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.17 00:14:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.17 00:11:30 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.26 21:22:22 | 000,000,568 | ---- | M] () -- C:\Users\Ricardo\Desktop\DiRT 3.lnk [2011.05.26 21:21:25 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011.05.26 21:21:25 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011.05.26 21:21:25 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2011.05.26 21:21:25 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2011.05.25 05:53:28 | 023,336,960 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll [2011.05.25 05:31:38 | 017,940,992 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2011.05.25 05:08:34 | 000,166,624 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2011.05.25 05:07:58 | 000,151,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2011.05.25 05:07:48 | 000,688,128 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll [2011.05.25 05:06:38 | 000,811,008 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll [2011.05.25 05:04:16 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll [2011.05.25 05:04:10 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.05.25 05:02:30 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.05.25 05:02:16 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll [2011.05.25 05:02:10 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll [2011.05.25 05:02:00 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll [2011.05.25 05:01:54 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.05.25 05:01:50 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2011.05.25 05:01:46 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2011.05.25 05:00:00 | 001,113,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll [2011.05.25 04:59:38 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll [2011.05.25 04:59:26 | 003,810,816 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2011.05.25 04:58:52 | 004,219,904 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2011.05.25 04:55:20 | 001,127,552 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2011.05.25 04:50:38 | 004,017,152 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2011.05.25 04:49:54 | 001,127,552 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [2011.05.25 04:49:44 | 005,008,384 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll [2011.05.25 04:47:40 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2011.05.25 04:47:38 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2011.05.25 04:47:30 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2011.05.25 04:47:28 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2011.05.25 04:47:18 | 008,489,472 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2011.05.25 04:43:52 | 006,847,488 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2011.05.25 04:39:16 | 004,330,496 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2011.05.25 04:38:18 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2011.05.25 04:38:18 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2011.05.25 04:38:14 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2011.05.25 04:38:14 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2011.05.25 04:33:04 | 005,486,592 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2011.05.25 04:26:18 | 000,366,592 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2011.05.25 04:26:12 | 000,262,144 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2011.05.25 04:26:04 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2011.05.25 04:26:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2011.05.25 04:26:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll [2011.05.25 04:25:58 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2011.05.25 04:25:48 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2011.05.25 04:24:58 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll [2011.05.25 04:24:50 | 000,031,744 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2011.05.25 04:24:44 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2011.05.25 04:24:36 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2011.05.25 04:24:08 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2011.05.25 04:19:00 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll [2011.05.24 23:44:30 | 000,061,952 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll [2011.05.24 23:44:26 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll [2011.05.24 23:44:04 | 016,672,768 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll [2011.05.24 23:43:50 | 012,798,976 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.22 19:26:57 | 000,000,000 | ---- | C] () -- C:\Users\Ricardo\defogger_reenable [2011.06.22 19:26:06 | 000,050,477 | ---- | C] () -- C:\Users\Ricardo\Desktop\Defogger.exe [2011.06.22 19:03:50 | 000,040,069 | ---- | C] () -- C:\Users\Ricardo\Desktop\error2.jpg [2011.06.22 18:19:37 | 000,055,770 | ---- | C] () -- C:\Users\Ricardo\Desktop\error1.jpg [2011.06.22 17:49:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.22 03:38:45 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\pegi-pt0.dll [2011.06.22 03:38:45 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\qtmceqzy.job [2011.06.17 03:47:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.17 00:11:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.05.26 21:22:22 | 000,000,568 | ---- | C] () -- C:\Users\Ricardo\Desktop\DiRT 3.lnk [2011.05.25 05:08:34 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2011.05.25 04:55:20 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2011.05.25 04:49:54 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2011.05.24 23:44:30 | 000,061,952 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.11 15:27:23 | 000,000,095 | ---- | C] () -- C:\Users\Ricardo\AppData\Local\fusioncache.dat [2011.03.10 17:11:22 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.10 17:11:20 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.03.10 17:11:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.02.06 16:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.01.30 18:18:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.30 03:16:50 | 001,554,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.29 16:17:33 | 000,053,248 | ---- | C] () -- C:\Windows\PhysXLoader.dll [2011.01.20 18:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.03.20 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\ICQ [2011.06.01 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn [2011.04.17 17:42:20 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Leadertech [2011.02.13 17:00:50 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Rainmeter [2011.06.19 19:38:53 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\SoftGrid Client [2011.01.30 03:17:49 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\TP [2011.04.29 01:23:15 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Tunngle [2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\qtmceqzy.job [2011.06.09 22:34:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras Log Code:
ATTFilter OTL Extras logfile created on: 22.06.2011 19:50:38 - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Ricardo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,77% Memory free
7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 790,73 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Computer Name: RICI | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GCFScape_is1" = GCFScape 1.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.22
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EADM" = EA Download Manager
"FAKEFACTORY CM10V10.90" = FAKEFACTORY Cinematic Mod V10
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base 2006
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Tunngle beta_is1" = Tunngle beta
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.04.2011 07:05:26 | Computer Name = Rici | Source = MsiInstaller | ID = 10005
Description =
Error - 09.04.2011 11:06:51 | Computer Name = Rici | Source = MsiInstaller | ID = 10005
Description =
Error - 15.04.2011 19:03:09 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 16.04.2011 12:38:05 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2Launcher.exe, Version: 1.0.0.0,
Zeitstempel: 0x4d627e32 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e046 ID des fehlerhaften
Prozesses: 0xd30 Startzeit der fehlerhaften Anwendung: 0x01cbfc54a82da391 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2Launcher.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e69fc0a8-6847-11e0-927e-90e6ba2e8cd2
Error - 25.04.2011 14:21:01 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 30.04.2011 08:06:10 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: portal2.exe, Version: 0.0.0.0, Zeitstempel:
0x4d4c804d Name des fehlerhaften Moduls: valve_avi.dll, Version: 0.0.0.0, Zeitstempel:
0x4daf664a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004553 ID des fehlerhaften Prozesses:
0xcb0 Startzeit der fehlerhaften Anwendung: 0x01cc072bcc606994 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Valve\Portal 2\portal2.exe Pfad des fehlerhaften
Moduls: c:\program files (x86)\valve\portal 2\bin\valve_avi.dll Berichtskennung:
3be70dd9-7322-11e0-9338-90e6ba2e8cd2
Error - 30.04.2011 14:53:25 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2Launcher.exe, Version: 1.0.0.0,
Zeitstempel: 0x4d627e32 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e046 ID des fehlerhaften
Prozesses: 0xbfc Startzeit der fehlerhaften Anwendung: 0x01cc0767e0a23a52 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2Launcher.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 202d39c9-735b-11e0-9338-90e6ba2e8cd2
Error - 01.05.2011 12:14:07 | Computer Name = Rici | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.1.0.104 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e58 Startzeit:
01cc08178e3b121d Endzeit: 37 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
07c319c4-740e-11e0-8b3e-90e6ba2e8cd2
Error - 08.05.2011 06:44:11 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 08.05.2011 08:49:00 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DiRT.exe, Version: 1.2.0.0, Zeitstempel:
0x470a16d0 Name des fehlerhaften Moduls: DiRT.exe, Version: 1.2.0.0, Zeitstempel:
0x470a16d0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00562470 ID des fehlerhaften Prozesses:
0xb30 Startzeit der fehlerhaften Anwendung: 0x01cc0d7e144cbe92 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Codemasters\DiRT\DiRT.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Codemasters\DiRT\DiRT.exe Berichtskennung: 8b292997-7971-11e0-9d81-90e6ba2e8cd2
[ System Events ]
Error - 19.06.2011 17:02:20 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 19.06.2011 20:07:50 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 20.06.2011 06:21:03 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 20.06.2011 21:47:28 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 21.06.2011 11:43:41 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 21.06.2011 21:50:58 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 22.06.2011 11:31:06 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 22.06.2011 11:56:01 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 22.06.2011 13:00:14 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
Error - 22.06.2011 13:22:25 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
< End of report >
Defogger Log: PHP-Code: Geändert von Rici (22.06.2011 um 19:54 Uhr) |
|
22.06.2011, 19:35
| #2 |
| /// Malware-holic   | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner also, ich würd gern mal wissen, wenn man weis das man das neueste update hatt, das update nicht von adobe stammt, warum um himmels willen instaliert man es dann.
__________________du hattest doch echt alle hinweise auf deiner seite... sende mir die seite mal als private nachicht. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
22.06.2011, 19:55
| #3 |
| | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner Ja das war wohl sehr dumm von mir. Ich habe meinen ersten post nochmals editiert mit den Logs die in dem Thread
__________________"Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" beschrieben werden HTML-Code: hxxp://www.trojaner-board.de/69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html Geändert von Rici (22.06.2011 um 20:02 Uhr) |
|
22.06.2011, 20:00
| #4 |
| /// Malware-holic | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\qtmceqzy.job
[2011.06.22 03:38:45 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\pegi-pt0.dll
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer , öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.06.2011, 20:22
| #5 |
| | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner so, hier ist das neue Logfile: ps: Ich hoffe du hast meine MovedFiles.rar erhalten PHP-Code: |
|
22.06.2011, 20:35
| #6 |
| /// Malware-holic | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner hi, danke, aber nicht in php code posten bitte! bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> Windows Sicherheitscenter gesperrt/ Google redirect Trojaner |
|
22.06.2011, 21:17
| #7 |
| | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner Soweit ich das beurteilen kann treten die symptome nich mehr auf (google redirect trojaner macht sich nicht bemerkbar, auf das windows sicherheitscenter kann ich auch wieder zugreifen) Vielen Dank für deine Hilfe !!  das combo fix logfile: Code:
ATTFilter ComboFix 11-06-22.01 - Ricardo 22.06.2011 21:42:12.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4093.2631 [GMT 2:00]
ausgeführt von:: c:\users\Ricardo\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-22 bis 2011-06-22 ))))))))))))))))))))))))))))))
.
.
2011-06-22 19:45 . 2011-06-22 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 19:09 . 2011-06-22 19:18 -------- d-----w- C:\_OTL
2011-06-22 15:49 . 2011-06-22 15:49 -------- d-----w- c:\users\Ricardo\AppData\Roaming\Malwarebytes
2011-06-22 15:49 . 2011-06-22 15:49 -------- d-----w- c:\programdata\Malwarebytes
2011-06-22 15:49 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-22 15:49 . 2011-06-22 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-22 15:49 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 13:42 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5610912-62C1-49A5-8F08-B77E5789B50F}\mpengine.dll
2011-06-19 17:43 . 2011-06-19 17:43 -------- d-----w- c:\programdata\ATI
2011-06-19 17:43 . 2011-06-19 17:43 -------- d-----w- c:\program files (x86)\AMD APP
2011-06-19 17:43 . 2011-06-19 17:43 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-06-19 17:43 . 2011-06-19 17:43 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-06-19 17:42 . 2011-06-19 17:42 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-06-19 17:41 . 2011-06-19 17:42 -------- d-----w- c:\program files\ATI Technologies
2011-06-19 15:12 . 2011-06-19 15:12 -------- d-----w- c:\users\Ricardo\AppData\Local\Microsoft Help
2011-06-19 10:50 . 2011-06-19 10:50 -------- d-----r- C:\MSOCache
2011-06-17 01:47 . 2011-06-17 01:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-16 17:16 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 17:16 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 17:16 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 17:16 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 17:16 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 17:16 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 17:16 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-16 15:16 . 2011-06-16 15:16 -------- d-----w- c:\users\Ricardo\Custom Login Screen
2011-06-10 12:18 . 2009-05-25 12:34 15912 ----a-w- c:\windows\system32\drivers\s1029whnt.sys
2011-06-10 12:18 . 2009-05-25 12:34 15912 ----a-w- c:\windows\system32\drivers\s1029wh.sys
2011-06-10 12:18 . 2009-05-25 12:34 151592 ----a-w- c:\windows\system32\drivers\s1029unic.sys
2011-06-10 12:18 . 2009-05-25 12:34 139304 ----a-w- c:\windows\system32\drivers\s1029mgmt.sys
2011-06-10 12:18 . 2009-05-25 12:34 135208 ----a-w- c:\windows\system32\drivers\s1029obex.sys
2011-06-10 12:18 . 2009-05-25 12:34 34856 ----a-w- c:\windows\system32\drivers\s1029nd5.sys
2011-06-10 12:18 . 2009-05-25 12:34 158760 ----a-w- c:\windows\system32\drivers\s1029mdm.sys
2011-06-10 12:18 . 2009-05-25 12:34 19496 ----a-w- c:\windows\system32\drivers\s1029mdfl.sys
2011-06-10 12:18 . 2009-05-25 12:34 14888 ----a-w- c:\windows\system32\drivers\s1029cmnt.sys
2011-06-10 12:18 . 2009-05-25 12:34 14888 ----a-w- c:\windows\system32\drivers\s1029cm.sys
2011-06-10 12:18 . 2009-05-25 12:34 13864 ----a-w- c:\windows\system32\drivers\s1029cr.sys
2011-06-10 12:18 . 2009-05-25 12:34 116264 ----a-w- c:\windows\system32\drivers\s1029bus.sys
2011-06-08 17:42 . 2011-06-22 01:29 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 14:31 . 2011-06-07 14:31 -------- d-----w- c:\users\Ricardo\AppData\Local\Nem's Tools
2011-06-07 14:30 . 2011-06-07 14:30 -------- d-----w- c:\program files\Nem's Tools
2011-06-07 13:29 . 2011-06-07 13:29 -------- d-----w- c:\users\Ricardo\Fonts
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-02 20:18 . 2011-06-16 15:17 -------- d-----w- c:\users\Ricardo\Half-Life 2
2011-06-01 13:32 . 2011-06-01 13:56 -------- d-----w- c:\users\Ricardo\AppData\Roaming\ImgBurn
2011-06-01 13:32 . 2011-06-01 13:32 -------- d-----w- c:\program files (x86)\ImgBurn
2011-05-26 19:23 . 2011-05-26 19:23 -------- d-sh--w- c:\programdata\DSS
2011-05-26 19:23 . 2011-05-26 19:23 -------- d-----w- c:\programdata\Codemasters
2011-05-26 19:21 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-05-26 19:21 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-05-26 19:21 . 2011-05-26 19:21 -------- d-----w- c:\program files (x86)\BRS
2011-05-26 19:21 . 2011-05-26 19:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-26 19:21 . 2011-05-26 19:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-05-26 19:21 . 2011-05-26 19:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-26 19:21 . 2011-05-26 19:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-26 19:21 . 2011-05-26 19:21 -------- d-----w- c:\program files (x86)\OpenAL
2011-05-26 19:02 . 2011-05-26 19:02 -------- d-----w- c:\program files (x86)\Codemasters
2011-05-26 17:17 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-05-25 03:07 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-05-25 02:58 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-05-25 02:39 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 00:45 . 2011-03-10 15:11 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-16 22:14 . 2011-03-10 15:11 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-25 03:06 . 2010-11-18 10:29 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-05-25 02:49 . 2010-11-18 10:14 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-05-25 02:24 . 2010-11-18 09:51 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-05-25 02:19 . 2010-11-18 09:59 58880 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 17:14 . 2009-10-26 09:10 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 14:05 . 2011-04-17 15:41 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-21 18:28 . 2011-04-21 18:28 53248 ----a-r- c:\users\Ricardo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-13 13:59 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-13 14:45 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-13 13:59 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-13 13:59 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-13 14:45 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-03 19:36 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-03 19:36 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-27 04:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-27 04:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 2245120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\qw4vk97c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3257828804-1019481006-1586634685-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:59,cf,fc,42,99,94,b0,d7,5e,c6,02,2c,2e,12,46,1f,1b,1d,87,9a,65,59,c1,
f4,d6,26,5d,7f,7e,51,d0,f9,5c,2d,24,e8,15,ec,e3,48,34,38,b1,76,57,98,b5,c4,\
"??"=hex:c8,6d,21,87,84,f3,a5,05,32,b4,40,d3,22,0e,ee,d5
.
[HKEY_USERS\S-1-5-21-3257828804-1019481006-1586634685-1003\Software\SecuROM\License information*]
"datasecu"=hex:c5,a2,bf,3a,7b,13,29,cf,46,8b,59,6a,e9,2d,09,d1,3a,4c,a4,c4,21,
75,ae,d1,c2,fa,1f,e6,73,e1,db,07,9b,de,8c,b2,f1,de,ce,f4,30,fc,9f,0f,28,e9,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-22 21:48:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-22 19:48
.
Vor Suchlauf: 10 Verzeichnis(se), 848.974.925.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 848.816.140.288 Bytes frei
.
- - End Of File - - A71D8B6224B5C96A2CF981D7AB02DA7B
Geändert von Rici (22.06.2011 um 21:42 Uhr) |
|
23.06.2011, 10:27
| #8 |
| /// Malware-holic | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner ich sehe Malwarebytes ist instaliert. poste alle logs, unter logdateien zu finden, mit funden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.06.2011, 17:38
| #9 |
| | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner soll ich einen quick scan machen oder full scan ? |
|
23.06.2011, 17:46
| #10 |
| /// Malware-holic | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner einen full scan
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.06.2011, 18:34
| #11 |
| | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner hier der Malwarebytes log: glücklicherweise keine Funde Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6928
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
23.06.2011 19:28:48
mbam-log-2011-06-23 (19-28-48).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 316407
Laufzeit: 37 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
23.06.2011, 18:38
| #12 |
| /// Malware-holic | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner lade den CCleaner standard: CCleaner - Standard falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.06.2011, 19:03
| #13 |
| | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner Den CCleaner benutze ich regelmäßig, hier die Liste: Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 25.03.2011 4,53MB 9.20.00.0 unnötig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 22.06.2011 6,00MB 10.3.181.26 notwendig
Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 16.06.2011 165,4MB 10.1.0 notwendig
ATI Catalyst Install Manager ATI Technologies, Inc. 18.06.2011 22,5MB 3.0.829.0 notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 21.06.2011 74,3MB 10.0.0.650 notwendig
Call of Duty: Black Ops Treyarch 28.01.2011 notwendig
Call of Duty: Black Ops - Multiplayer Treyarch 28.01.2011 notwendig
CCleaner Piriform 25.05.2011 3.07 notwendig
Crysis® 2 Electronic Arts 15.04.2011 7.757MB 1.0.0.0 notwendig
DiRT 3 Codemasters 25.05.2011 1.0.0000.130 notwendig
EA Download Manager Electronic Arts, Inc. 18.03.2011 7.3.3.7 notwendig
FAKEFACTORY Cinematic Mod V10 FAKEFACTORY 14.05.2011 V10.90 notwendig
GCFScape 1.8.2 Ryan Gregg 06.06.2011 1,18MB notwendig
Grand Theft Auto IV Rockstar Games 02.04.2011 1.00.0000 notwendig
Half-Life 2 Valve 13.05.2011 notwendig
Half-Life 2: Episode One Valve 13.05.2011 notwendig
Half-Life 2: Episode Two Valve 13.05.2011 notwendig
Half-Life 2: Lost Coast Valve 13.05.2011 notwendig
ICQ7.4 ICQ 19.03.2011 7.4 notwendig
ImgBurn LIGHTNING UK! 31.05.2011 2.5.5.0 unnötig
Logitech SetPoint 6.22 Logitech 20.04.2011 39,1MB 6.22.24 notwendig
Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 22.06.2011 13,8MB 1.51.0.1200 notwendig
Metro 2033 THQ 28.01.2011 notwendig
Microsoft .NET Framework 1.1 Microsoft 09.03.2011 34,8MB 1.1.4322 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 2,94MB 4.0.30319 unnötig
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 06.05.2011 31,3MB 3.5.88.0 notwendig
Microsoft Games for Windows Marketplace Microsoft Corporation 06.05.2011 6,04MB 3.5.50.0 notwendig
Microsoft Office 2010 Microsoft Corporation 16.05.2010 6,31MB 14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 29.01.2011 14.0.4763.1000 notwendig
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 29.01.2011 14.0.4763.1000 notwendig
Microsoft Silverlight Microsoft Corporation 16.06.2011 168,4MB 4.0.60531.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.08.2010 1,72MB 3.1.0000 unnötig
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 10.08.2010 0,61MB 1.0.1215.0 notwendig
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 10.08.2010 1,45MB 1.0.1215.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 10.03.2011 0,25MB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.61001 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 09.03.2011 0,69MB 8.0.61000 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 06.05.2011 0,57MB 8.0.51011 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 08.03.2011 0,21MB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.01.2011 0,20MB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 06.05.2011 0,77MB 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 06.05.2011 0,58MB 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 24.03.2011 1,71MB 9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 06.03.2011 0,77MB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,77MB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 15.04.2011 0,23MB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.01.2011 0,58MB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 05.02.2011 0,58MB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,59MB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 06.05.2011 13,7MB 10.0.30319 notwendig
Microsoft Xbox 360 Accessories 1.2 Microsoft 16.04.2011 7,82MB 1.20.146.0 notwendig
Mozilla Firefox 5.0 (x86 de) Mozilla 22.06.2011 31,2MB 5.0 notwendig
NVIDIA PhysX NVIDIA Corporation 28.01.2011 80,1MB 9.10.0222 notwendig
OpenAL 25.05.2011 notwendig
Paint.NET v3.5.8 dotPDN LLC 12.05.2011 10,4MB 3.58.0 notwendig
PunkBuster Services Even Balance, Inc. 09.03.2011 0.986 notwendig
Rapture3D 2.4.8 Game Blue Ripple Sound 25.05.2011 notwendig
Source SDK Valve 13.05.2011 notwendig
Source SDK Base 2006 Valve 13.05.2011 notwendig
Source SDK Base 2007 Valve 13.05.2011 notwendig
Steam Valve Corporation 28.01.2011 1,49MB 1.0.0.0 notwendig
Super Meat Boy 24.03.2011 notwendig
Super Meat Boy Editor 06.05.2011 notwendig
Tunngle beta Tunngle.net GmbH 05.02.2011 unnötig
Unreal Tournament 3 (LG) Epic Games 06.03.2011 7.336MB 1.00.0000 notwendig
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 19.01.2011 2,62MB 1.34 notwendig
Windows Live Essentials Microsoft Corporation 10.08.2010 14.0.8117.0416 notwendig
Windows Live ID Sign-in Assistant Microsoft Corporation 02.04.2011 10,0MB 6.500.3165.0 notwendig
Windows Live Sync Microsoft Corporation 10.08.2010 2,79MB 14.0.8117.416 notwendig
Windows Live-Uploadtool Microsoft Corporation 10.08.2010 0,22MB 14.0.8014.1029 notwendig
WinRAR 4.00 (64-Bit) win.rar GmbH 07.04.2011 4.00.0 notwendig
|
|
23.06.2011, 19:15
| #14 |
| /// Malware-holic | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner sehr aufgeräumt. wir können das system, wenn keine probs mehr vorliegen, noch absichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.06.2011, 19:23
| #15 |
| | Windows Sicherheitscenter gesperrt/ Google redirect Trojaner Hey dankeschön das ist echt ein super job den du hier machst ! wie genau sieht das aus mit der Absicherung ? |
|
| Themen zu Windows Sicherheitscenter gesperrt/ Google redirect Trojaner |
| 64-bit, 7-zip, adobe, aktiviere, aktivieren, aktuelle, angezeigt, black, brauche, c:\windows\system32\rundll32.exe, call of duty, datei, desktop, dienst, einfach, fehler, google, google redirect, grand theft auto, install.exe, installieren, installiert, langs, meldung, merkwürdig, metro, microsoft office starter 2010, msiinstaller, neustart, neuste, ntdll.dll, plug-in, redirect, richtlinie, sched.exe, searchplugins, shell32.dll, shortcut, sicherheitscenter, start menu, super, syswow64, trojane, trojaner, vdeck.exe, version, webcheck, wichtige, windows |
Linear-Darstellung
