Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Sicherheitscenter gesperrt/ Google redirect Trojaner (https://www.trojaner-board.de/100665-windows-sicherheitscenter-gesperrt-google-redirect-trojaner.html)

Rici 22.06.2011 19:31
Windows Sicherheitscenter gesperrt/ Google redirect Trojaner
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hi,

Ich komme bei meinem Trojaner/Virus-Problem einfach nicht weiter und bitte nun euch um Hilfe.
Neulich habe ich ein Flash-Player-Update von einer Video-webseite heruntergeladen, da mir angezeigt wurde, dass ich die neuste version brauche um fortfahren zu können.

http://www.trojaner-board.de/attachm...ner-error1.jpg

Das kam mir schon sehr merkwürdig vor, da ich schon die aktuelle Version installiert habe und dieses update offensichtlich nicht von adobe selber stammt.
Dennoch, habe ich es per Firefox-download auf meinem Desktop gespeichert.
Mit einem doppelklick wollte ich das update installieren, aber stattdessen passierte etwas sehr merkwürdiges. Die besagte datei verschwand einfach vom Desktop. Da wurde mir klar das ich wohl einen großen Fehler gemacht habe.

Nach Neustart, bemerkte ich auch schon eine Veränderung. Das Windows- Wartungscenter zeigte eine wichtige Meldung an:

Dienst 'Windows-Sicherheitscenter' aktivieren (Wichtig)

Jedoch habe ich das Sicherheitscenter nie deaktiviert. Wenn ich es aber wieder aktivieren will kommt diese Meldung:

http://www.trojaner-board.de/attachm...ror2.jpg?stc=1

Außerdem scheint Firefox mit dem Google Redirect Trojaner infiziert zu sein.
(Darunter scheinen Ja mehrer User zu leiden)
Denn wenn ich eines der Suchergebnisse anklicke werde ich immer zu sehr verdächtig aussehenden Seiten weitergeleitet, mit vielen pop-ups. Erst nach mehrmaligem klicken auf das Suchergebnis komme ich zur richtigen Seite.

Während dem Surfen mit Firefox kommen ab und zu auch pop-ups die in einem Windows Internetexplorer-Fenster geöffnet werden. Sehr eingenartig, da Firefox Standardbrowser ist.

Das sind also die Probleme die mir aufgefallen sind
Hier sind noch die Logs von defogger und OTL:

OTL Log

Code:
OTL logfile created on: 22.06.2011 19:50:38 - Run 4
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Ricardo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,77% Memory free
7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 790,73 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
 
Computer Name: RICI | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ricardo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ricardo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)
DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)
DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)
DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)
DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F B5 87 0E A2 C5 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.22 17:28:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.22 17:28:07 | 000,000,000 | ---D | M]
 
[2011.01.29 12:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Extensions
[2011.02.12 14:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Firefox\Profiles\qw4vk97c.default\extensions
[2011.01.30 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.30 18:17:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.07 20:58:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 20:58:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.07 20:58:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.07 20:58:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.07 20:58:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14ff2d3c-410b-11e0-ae63-90e6ba2e8cd2}\Shell - "" = AutoRun
O33 - MountPoints2\{14ff2d3c-410b-11e0-ae63-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{260b99cf-2bb4-11e0-9e6f-90e6ba2ea1e2}\Shell - "" = AutoRun
O33 - MountPoints2\{260b99cf-2bb4-11e0-9e6f-90e6ba2ea1e2}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{67f0228a-41dc-11e0-abde-90e6ba2e8cd2}\Shell - "" = AutoRun
O33 - MountPoints2\{67f0228a-41dc-11e0-abde-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{7d03377a-2b8e-11e0-a43a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7d03377a-2b8e-11e0-a43a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchBFII.exe
O33 - MountPoints2\{8104ab41-9882-11e0-8b31-90e6ba2e8cd2}\Shell - "" = AutoRun
O33 - MountPoints2\{8104ab41-9882-11e0-8b31-90e6ba2e8cd2}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.22 19:29:00 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe
[2011.06.22 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Malwarebytes
[2011.06.22 17:49:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.06.22 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.22 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.22 17:49:21 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.06.22 17:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.06.19 19:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.06.19 19:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.06.19 19:43:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2011.06.19 19:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.06.19 19:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.06.19 19:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.06.19 19:41:53 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2011.06.19 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Microsoft Help
[2011.06.19 12:50:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.06.17 03:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.06.17 03:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.06.17 02:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.06.16 19:17:38 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.06.16 19:17:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.06.16 19:17:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.06.16 19:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.06.16 19:16:30 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.06.16 17:16:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Custom Login Screen
[2011.06.10 14:18:31 | 000,158,760 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mdm.sys
[2011.06.10 14:18:31 | 000,151,592 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029unic.sys
[2011.06.10 14:18:31 | 000,139,304 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mgmt.sys
[2011.06.10 14:18:31 | 000,135,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029obex.sys
[2011.06.10 14:18:31 | 000,116,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029bus.sys
[2011.06.10 14:18:31 | 000,034,856 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029nd5.sys
[2011.06.10 14:18:31 | 000,019,496 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029mdfl.sys
[2011.06.10 14:18:31 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029whnt.sys
[2011.06.10 14:18:31 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029wh.sys
[2011.06.10 14:18:31 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cmnt.sys
[2011.06.10 14:18:31 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cm.sys
[2011.06.10 14:18:31 | 000,013,864 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1029cr.sys
[2011.06.08 19:42:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.07 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Nem's Tools
[2011.06.07 16:30:41 | 000,000,000 | ---D | C] -- C:\Programme\Nem's Tools
[2011.06.07 15:29:24 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Fonts
[2011.06.02 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Half-Life 2
[2011.06.01 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn
[2011.06.01 15:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011.05.26 21:23:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011.05.26 21:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.05.26 21:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011.05.26 21:21:27 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2011.05.26 21:21:27 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2011.05.26 21:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2011.05.26 21:21:25 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.05.26 21:21:25 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.05.26 21:21:25 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.05.26 21:21:25 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.05.26 21:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.05.26 21:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
[2011.05.26 19:17:03 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.05.25 06:26:56 | 009,359,872 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011.05.25 05:53:28 | 023,336,960 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011.05.25 05:31:38 | 017,940,992 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011.05.25 05:07:58 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011.05.25 05:07:48 | 000,688,128 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011.05.25 05:04:16 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011.05.25 05:04:10 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.05.25 05:03:38 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.05.25 05:02:30 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.05.25 05:02:16 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011.05.25 05:02:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011.05.25 05:02:00 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011.05.25 05:01:54 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.05.25 05:01:50 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011.05.25 05:01:46 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011.05.25 05:00:00 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011.05.25 04:59:38 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011.05.25 04:59:26 | 003,810,816 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011.05.25 04:58:52 | 004,219,904 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011.05.25 04:50:38 | 004,017,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011.05.25 04:47:40 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011.05.25 04:47:38 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011.05.25 04:47:30 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011.05.25 04:47:28 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011.05.25 04:47:18 | 008,489,472 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011.05.25 04:43:52 | 006,847,488 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011.05.25 04:39:16 | 004,330,496 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011.05.25 04:33:04 | 005,486,592 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011.05.25 04:26:18 | 000,366,592 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011.05.25 04:26:12 | 000,262,144 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011.05.25 04:26:04 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011.05.25 04:25:58 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011.05.25 04:25:48 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011.05.25 04:25:42 | 000,309,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011.05.25 04:24:50 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011.05.25 04:24:44 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011.05.25 04:24:36 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011.05.25 04:24:08 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011.05.24 23:44:04 | 016,672,768 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011.05.24 23:43:50 | 012,798,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.22 19:30:32 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.22 19:30:32 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.22 19:29:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe
[2011.06.22 19:27:38 | 001,528,826 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.22 19:27:38 | 000,664,840 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.22 19:27:38 | 000,625,022 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.22 19:27:38 | 000,134,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.22 19:27:38 | 000,110,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.22 19:26:57 | 000,000,000 | ---- | M] () -- C:\Users\Ricardo\defogger_reenable
[2011.06.22 19:26:07 | 000,050,477 | ---- | M] () -- C:\Users\Ricardo\Desktop\Defogger.exe
[2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\qtmceqzy.job
[2011.06.22 19:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.22 19:23:06 | 3218,903,040 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.22 19:22:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.06.22 19:04:53 | 000,055,770 | ---- | M] () -- C:\Users\Ricardo\Desktop\error1.jpg
[2011.06.22 19:03:53 | 000,040,069 | ---- | M] () -- C:\Users\Ricardo\Desktop\error2.jpg
[2011.06.22 17:49:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.22 03:38:45 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\pegi-pt0.dll
[2011.06.22 03:29:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.19 02:45:50 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.17 03:39:15 | 000,417,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.17 00:14:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.17 00:11:30 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.26 21:22:22 | 000,000,568 | ---- | M] () -- C:\Users\Ricardo\Desktop\DiRT 3.lnk
[2011.05.26 21:21:25 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.05.26 21:21:25 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.05.26 21:21:25 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.05.26 21:21:25 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011.05.25 05:53:28 | 023,336,960 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011.05.25 05:31:38 | 017,940,992 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011.05.25 05:08:34 | 000,166,624 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.05.25 05:07:58 | 000,151,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011.05.25 05:07:48 | 000,688,128 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011.05.25 05:06:38 | 000,811,008 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2011.05.25 05:04:16 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011.05.25 05:04:10 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.05.25 05:02:30 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.05.25 05:02:16 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011.05.25 05:02:10 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011.05.25 05:02:00 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011.05.25 05:01:54 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.05.25 05:01:50 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011.05.25 05:01:46 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011.05.25 05:00:00 | 001,113,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011.05.25 04:59:38 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011.05.25 04:59:26 | 003,810,816 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011.05.25 04:58:52 | 004,219,904 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011.05.25 04:55:20 | 001,127,552 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.05.25 04:50:38 | 004,017,152 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011.05.25 04:49:54 | 001,127,552 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011.05.25 04:49:44 | 005,008,384 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2011.05.25 04:47:40 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011.05.25 04:47:38 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011.05.25 04:47:30 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011.05.25 04:47:28 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011.05.25 04:47:18 | 008,489,472 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011.05.25 04:43:52 | 006,847,488 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011.05.25 04:39:16 | 004,330,496 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011.05.25 04:38:18 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011.05.25 04:38:14 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011.05.25 04:33:04 | 005,486,592 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011.05.25 04:26:18 | 000,366,592 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011.05.25 04:26:12 | 000,262,144 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011.05.25 04:26:04 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011.05.25 04:26:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011.05.25 04:25:58 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011.05.25 04:25:48 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011.05.25 04:24:58 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2011.05.25 04:24:50 | 000,031,744 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011.05.25 04:24:44 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011.05.25 04:24:36 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011.05.25 04:24:08 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011.05.25 04:19:00 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011.05.24 23:44:30 | 000,061,952 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.24 23:44:04 | 016,672,768 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011.05.24 23:43:50 | 012,798,976 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.22 19:26:57 | 000,000,000 | ---- | C] () -- C:\Users\Ricardo\defogger_reenable
[2011.06.22 19:26:06 | 000,050,477 | ---- | C] () -- C:\Users\Ricardo\Desktop\Defogger.exe
[2011.06.22 19:03:50 | 000,040,069 | ---- | C] () -- C:\Users\Ricardo\Desktop\error2.jpg
[2011.06.22 18:19:37 | 000,055,770 | ---- | C] () -- C:\Users\Ricardo\Desktop\error1.jpg
[2011.06.22 17:49:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.22 03:38:45 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\pegi-pt0.dll
[2011.06.22 03:38:45 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\qtmceqzy.job
[2011.06.17 03:47:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.06.17 00:11:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.05.26 21:22:22 | 000,000,568 | ---- | C] () -- C:\Users\Ricardo\Desktop\DiRT 3.lnk
[2011.05.25 05:08:34 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.05.25 04:55:20 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.05.25 04:49:54 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011.05.24 23:44:30 | 000,061,952 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.11 15:27:23 | 000,000,095 | ---- | C] () -- C:\Users\Ricardo\AppData\Local\fusioncache.dat
[2011.03.10 17:11:22 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.10 17:11:20 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.03.10 17:11:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.06 16:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.01.30 18:18:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.30 03:16:50 | 001,554,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.29 16:17:33 | 000,053,248 | ---- | C] () -- C:\Windows\PhysXLoader.dll
[2011.01.20 18:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.03.20 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\ICQ
[2011.06.01 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn
[2011.04.17 17:42:20 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Leadertech
[2011.02.13 17:00:50 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Rainmeter
[2011.06.19 19:38:53 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\SoftGrid Client
[2011.01.30 03:17:49 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\TP
[2011.04.29 01:23:15 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Tunngle
[2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\qtmceqzy.job
[2011.06.09 22:34:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Extras Log

Code:
OTL Extras logfile created on: 22.06.2011 19:50:38 - Run 4
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Ricardo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,77% Memory free
7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 790,73 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
 
Computer Name: RICI | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GCFScape_is1" = GCFScape 1.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.22
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EADM" = EA Download Manager
"FAKEFACTORY CM10V10.90" = FAKEFACTORY Cinematic Mod V10
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base 2006
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Tunngle beta_is1" = Tunngle beta
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.04.2011 07:05:26 | Computer Name = Rici | Source = MsiInstaller | ID = 10005
Description =
 
Error - 09.04.2011 11:06:51 | Computer Name = Rici | Source = MsiInstaller | ID = 10005
Description =
 
Error - 15.04.2011 19:03:09 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 16.04.2011 12:38:05 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2Launcher.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4d627e32  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e046  ID des fehlerhaften
 Prozesses: 0xd30  Startzeit der fehlerhaften Anwendung: 0x01cbfc54a82da391  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2Launcher.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: e69fc0a8-6847-11e0-927e-90e6ba2e8cd2
 
Error - 25.04.2011 14:21:01 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 30.04.2011 08:06:10 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: portal2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d4c804d  Name des fehlerhaften Moduls: valve_avi.dll, Version: 0.0.0.0, Zeitstempel:
 0x4daf664a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004553  ID des fehlerhaften Prozesses:
 0xcb0  Startzeit der fehlerhaften Anwendung: 0x01cc072bcc606994  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Valve\Portal 2\portal2.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\valve\portal 2\bin\valve_avi.dll  Berichtskennung:
 3be70dd9-7322-11e0-9338-90e6ba2e8cd2
 
Error - 30.04.2011 14:53:25 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2Launcher.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4d627e32  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e046  ID des fehlerhaften
 Prozesses: 0xbfc  Startzeit der fehlerhaften Anwendung: 0x01cc0767e0a23a52  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2Launcher.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 202d39c9-735b-11e0-9338-90e6ba2e8cd2
 
Error - 01.05.2011 12:14:07 | Computer Name = Rici | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.1.0.104 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e58    Startzeit:
01cc08178e3b121d    Endzeit: 37    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:
 07c319c4-740e-11e0-8b3e-90e6ba2e8cd2 
 
Error - 08.05.2011 06:44:11 | Computer Name = Rici | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 08.05.2011 08:49:00 | Computer Name = Rici | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DiRT.exe, Version: 1.2.0.0, Zeitstempel:
 0x470a16d0  Name des fehlerhaften Moduls: DiRT.exe, Version: 1.2.0.0, Zeitstempel:
 0x470a16d0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00562470  ID des fehlerhaften Prozesses:
 0xb30  Startzeit der fehlerhaften Anwendung: 0x01cc0d7e144cbe92  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Codemasters\DiRT\DiRT.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Codemasters\DiRT\DiRT.exe  Berichtskennung: 8b292997-7971-11e0-9d81-90e6ba2e8cd2
 
[ System Events ]
Error - 19.06.2011 17:02:20 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 19.06.2011 20:07:50 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 20.06.2011 06:21:03 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 20.06.2011 21:47:28 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 21.06.2011 11:43:41 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 21.06.2011 21:50:58 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 22.06.2011 11:31:06 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 22.06.2011 11:56:01 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 22.06.2011 13:00:14 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
Error - 22.06.2011 13:22:25 | Computer Name = Rici | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---


Defogger Log:
PHP-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:26 on 22/06/2011 (Ricardo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=- 

markusg 22.06.2011 19:35
also, ich würd gern mal wissen, wenn man weis das man das neueste update hatt, das update nicht von adobe stammt, warum um himmels willen instaliert man es dann.
du hattest doch echt alle hinweise auf deiner seite...
sende mir die seite mal als private nachicht.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

Rici 22.06.2011 19:55
Ja das war wohl sehr dumm von mir. Ich habe meinen ersten post nochmals editiert mit den Logs die in dem Thread
"Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" beschrieben werden

HTML-Code:
hxxp://www.trojaner-board.de/69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html

markusg 22.06.2011 20:00
achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:
:OTL
[2011.06.22 19:23:22 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\qtmceqzy.job
[2011.06.22 03:38:45 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\pegi-pt0.dll
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer , öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Rici 22.06.2011 20:22
so, hier ist das neue Logfile:
ps: Ich hoffe du hast meine MovedFiles.rar erhalten

PHP-Code:
All processes killed
========== OTL ==========
C:\Windows\Tasks\qtmceqzy.job moved successfully.
C:\Windows\SysWOW64\pegi-pt0.dll moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
UserAll Users
 
User: Default
 
User: Default User
 
User: Public
 
UserRicardo
->Flash cache emptied487 bytes
 
Total Flash Files Cleaned 0,00 mb
 
 
[EMPTYTEMP]
 
UserAll Users
 
User: Default
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
User: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
User: Public
 
UserRicardo
->Temp folder emptied348757 bytes
->Temporary Internet Files folder emptied623821 bytes
->FireFox cache emptied44178672 bytes
->Flash cache emptied0 bytes
 
%systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed311296 bytes
%systemroot%\System32 .tmp files removed1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied21936 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied67832 bytes
RecycleBin emptied0 bytes
 
Total Files Cleaned 45,00 mb
 
 
OTL by OldTimer Version 3.2.24.1 log created on 06222011_210940

Files\Folders moved on Reboot...
C:\Users\Ricardo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot... 

markusg 22.06.2011 20:35
hi, danke, aber nicht in php code posten bitte!
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Rici 22.06.2011 21:17
Soweit ich das beurteilen kann treten die symptome nich mehr auf (google redirect trojaner macht sich nicht bemerkbar, auf das windows sicherheitscenter kann ich auch wieder zugreifen)
Vielen Dank für deine Hilfe !! :dankeschoen:

das combo fix logfile:

Code:
ComboFix 11-06-22.01 - Ricardo 22.06.2011  21:42:12.2.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4093.2631 [GMT 2:00]
ausgeführt von:: c:\users\Ricardo\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-22 bis 2011-06-22  ))))))))))))))))))))))))))))))
.
.
2011-06-22 19:45 . 2011-06-22 19:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-06-22 19:09 . 2011-06-22 19:18        --------        d-----w-        C:\_OTL
2011-06-22 15:49 . 2011-06-22 15:49        --------        d-----w-        c:\users\Ricardo\AppData\Roaming\Malwarebytes
2011-06-22 15:49 . 2011-06-22 15:49        --------        d-----w-        c:\programdata\Malwarebytes
2011-06-22 15:49 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-22 15:49 . 2011-06-22 15:49        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-22 15:49 . 2011-05-29 07:11        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-06-21 13:42 . 2011-06-07 17:10        8873296        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5610912-62C1-49A5-8F08-B77E5789B50F}\mpengine.dll
2011-06-19 17:43 . 2011-06-19 17:43        --------        d-----w-        c:\programdata\ATI
2011-06-19 17:43 . 2011-06-19 17:43        --------        d-----w-        c:\program files (x86)\AMD APP
2011-06-19 17:43 . 2011-06-19 17:43        --------        d-----w-        c:\program files\Common Files\ATI Technologies
2011-06-19 17:43 . 2011-06-19 17:43        --------        d-----w-        c:\program files (x86)\Common Files\ATI Technologies
2011-06-19 17:42 . 2011-06-19 17:42        --------        d-----w-        c:\program files (x86)\ATI Technologies
2011-06-19 17:41 . 2011-06-19 17:42        --------        d-----w-        c:\program files\ATI Technologies
2011-06-19 15:12 . 2011-06-19 15:12        --------        d-----w-        c:\users\Ricardo\AppData\Local\Microsoft Help
2011-06-19 10:50 . 2011-06-19 10:50        --------        d-----r-        C:\MSOCache
2011-06-17 01:47 . 2011-06-17 01:47        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2011-06-16 17:16 . 2011-04-29 03:06        467456        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-06-16 17:16 . 2011-04-29 03:05        410112        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-06-16 17:16 . 2011-04-29 03:05        168448        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-06-16 17:16 . 2011-02-25 06:22        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2011-06-16 17:16 . 2011-02-25 05:34        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2011-06-16 17:16 . 2011-05-03 05:29        976896        ----a-w-        c:\windows\system32\inetcomm.dll
2011-06-16 17:16 . 2011-05-03 04:30        741376        ----a-w-        c:\windows\SysWow64\inetcomm.dll
2011-06-16 15:16 . 2011-06-16 15:16        --------        d-----w-        c:\users\Ricardo\Custom Login Screen
2011-06-10 12:18 . 2009-05-25 12:34        15912        ----a-w-        c:\windows\system32\drivers\s1029whnt.sys
2011-06-10 12:18 . 2009-05-25 12:34        15912        ----a-w-        c:\windows\system32\drivers\s1029wh.sys
2011-06-10 12:18 . 2009-05-25 12:34        151592        ----a-w-        c:\windows\system32\drivers\s1029unic.sys
2011-06-10 12:18 . 2009-05-25 12:34        139304        ----a-w-        c:\windows\system32\drivers\s1029mgmt.sys
2011-06-10 12:18 . 2009-05-25 12:34        135208        ----a-w-        c:\windows\system32\drivers\s1029obex.sys
2011-06-10 12:18 . 2009-05-25 12:34        34856        ----a-w-        c:\windows\system32\drivers\s1029nd5.sys
2011-06-10 12:18 . 2009-05-25 12:34        158760        ----a-w-        c:\windows\system32\drivers\s1029mdm.sys
2011-06-10 12:18 . 2009-05-25 12:34        19496        ----a-w-        c:\windows\system32\drivers\s1029mdfl.sys
2011-06-10 12:18 . 2009-05-25 12:34        14888        ----a-w-        c:\windows\system32\drivers\s1029cmnt.sys
2011-06-10 12:18 . 2009-05-25 12:34        14888        ----a-w-        c:\windows\system32\drivers\s1029cm.sys
2011-06-10 12:18 . 2009-05-25 12:34        13864        ----a-w-        c:\windows\system32\drivers\s1029cr.sys
2011-06-10 12:18 . 2009-05-25 12:34        116264        ----a-w-        c:\windows\system32\drivers\s1029bus.sys
2011-06-08 17:42 . 2011-06-22 01:29        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 14:31 . 2011-06-07 14:31        --------        d-----w-        c:\users\Ricardo\AppData\Local\Nem's Tools
2011-06-07 14:30 . 2011-06-07 14:30        --------        d-----w-        c:\program files\Nem's Tools
2011-06-07 13:29 . 2011-06-07 13:29        --------        d-----w-        c:\users\Ricardo\Fonts
2011-06-06 10:55 . 2011-06-06 10:55        183696        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-02 20:18 . 2011-06-16 15:17        --------        d-----w-        c:\users\Ricardo\Half-Life 2
2011-06-01 13:32 . 2011-06-01 13:56        --------        d-----w-        c:\users\Ricardo\AppData\Roaming\ImgBurn
2011-06-01 13:32 . 2011-06-01 13:32        --------        d-----w-        c:\program files (x86)\ImgBurn
2011-05-26 19:23 . 2011-05-26 19:23        --------        d-sh--w-        c:\programdata\DSS
2011-05-26 19:23 . 2011-05-26 19:23        --------        d-----w-        c:\programdata\Codemasters
2011-05-26 19:21 . 2011-03-19 13:16        1417216        ----a-w-        c:\windows\SysWow64\rapture3d_oal.dll
2011-05-26 19:21 . 2010-09-22 11:12        19087360        ----a-w-        c:\windows\SysWow64\mkl_blueripple.dll
2011-05-26 19:21 . 2011-05-26 19:21        --------        d-----w-        c:\program files (x86)\BRS
2011-05-26 19:21 . 2011-05-26 19:21        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2011-05-26 19:21 . 2011-05-26 19:21        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2011-05-26 19:21 . 2011-05-26 19:21        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2011-05-26 19:21 . 2011-05-26 19:21        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2011-05-26 19:21 . 2011-05-26 19:21        --------        d-----w-        c:\program files (x86)\OpenAL
2011-05-26 19:02 . 2011-05-26 19:02        --------        d-----w-        c:\program files (x86)\Codemasters
2011-05-26 17:17 . 2011-04-22 22:15        27520        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-05-25 04:26 . 2011-05-25 04:26        9359872        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53        23336960        ----a-w-        c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31        17940992        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07        151552        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-05-25 03:07        688128        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:04 . 2011-05-25 03:04        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04        485376        ----a-w-        c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03        204288        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01        16384        ----a-w-        c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59        3810816        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-05-25 02:58        4219904        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-05-25 02:50        4017152        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:47 . 2011-05-25 02:47        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47        8489472        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43        6847488        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-05-25 02:39        4330496        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38        53760        ----a-w-        c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38        53760        ----a-w-        c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33        5486592        ----a-w-        c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26        366592        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26        262144        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26        14848        ----a-w-        c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26        12800        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25        309760        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-05-25 02:24        31744        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24        38912        ----a-w-        c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-05-25 02:24        29184        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-05-24 21:44 . 2011-05-24 21:44        61952        ----a-w-        c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44        59904        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44        16672768        ----a-w-        c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43        12798976        ----a-w-        c:\windows\SysWow64\amdocl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 00:45 . 2011-03-10 15:11        103736        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2011-06-16 22:14 . 2011-03-10 15:11        66872        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2011-05-25 03:06 . 2010-11-18 10:29        811008        ----a-w-        c:\windows\system32\aticfx64.dll
2011-05-25 02:49 . 2010-11-18 10:14        5008384        ----a-w-        c:\windows\system32\atidxx64.dll
2011-05-25 02:24 . 2010-11-18 09:51        40960        ----a-w-        c:\windows\system32\atiuxp64.dll
2011-05-25 02:19 . 2010-11-18 09:59        58880        ----a-w-        c:\windows\system32\coinst.dll
2011-05-24 17:14 . 2009-10-26 09:10        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-10 14:05 . 2011-04-17 15:41        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2011-04-21 18:28 . 2011-04-21 18:28        53248        ----a-r-        c:\users\Ricardo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-13 13:59        5562240        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-13 14:45        142336        ----a-w-        c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-13 13:59        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-13 13:59        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-13 14:45        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe
2011-04-03 19:36 . 2009-08-18 10:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-03 19:36 . 2009-08-18 09:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-30 18:46 . 2011-03-30 18:46        114704        ----a-w-        c:\windows\system32\drivers\AtihdW76.sys
2011-03-27 04:02 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-03-27 04:02 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 2245120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\qw4vk97c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3257828804-1019481006-1586634685-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:59,cf,fc,42,99,94,b0,d7,5e,c6,02,2c,2e,12,46,1f,1b,1d,87,9a,65,59,c1,
  f4,d6,26,5d,7f,7e,51,d0,f9,5c,2d,24,e8,15,ec,e3,48,34,38,b1,76,57,98,b5,c4,\
"??"=hex:c8,6d,21,87,84,f3,a5,05,32,b4,40,d3,22,0e,ee,d5
.
[HKEY_USERS\S-1-5-21-3257828804-1019481006-1586634685-1003\Software\SecuROM\License information*]
"datasecu"=hex:c5,a2,bf,3a,7b,13,29,cf,46,8b,59,6a,e9,2d,09,d1,3a,4c,a4,c4,21,
  75,ae,d1,c2,fa,1f,e6,73,e1,db,07,9b,de,8c,b2,f1,de,ce,f4,30,fc,9f,0f,28,e9,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-22  21:48:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-22 19:48
.
Vor Suchlauf: 10 Verzeichnis(se), 848.974.925.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 848.816.140.288 Bytes frei
.
- - End Of File - - A71D8B6224B5C96A2CF981D7AB02DA7B

markusg 23.06.2011 10:27
ich sehe malwarebytes ist instaliert.
poste alle logs, unter logdateien zu finden, mit funden.

Rici 23.06.2011 17:38
soll ich einen quick scan machen oder full scan ?

markusg 23.06.2011 17:46
einen full scan

Rici 23.06.2011 18:34
hier der malwarebytes log:
glücklicherweise keine Funde

Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6928

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

23.06.2011 19:28:48
mbam-log-2011-06-23 (19-28-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 316407
Laufzeit: 37 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg 23.06.2011 18:38
lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Rici 23.06.2011 19:03
Den CCleaner benutze ich regelmäßig, hier die Liste:

Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        25.03.2011        4,53MB        9.20.00.0                                      unnötig
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        22.06.2011        6,00MB        10.3.181.26                  notwendig
Adobe Reader X (10.1.0) - Deutsch        Adobe Systems Incorporated        16.06.2011        165,4MB        10.1.0                notwendig
ATI Catalyst Install Manager        ATI Technologies, Inc.        18.06.2011        22,5MB        3.0.829.0                            notwendig
Avira AntiVir Personal - Free Antivirus        Avira GmbH        21.06.2011        74,3MB        10.0.0.650                            notwendig
Call of Duty: Black Ops        Treyarch        28.01.2011                                                                      notwendig       
Call of Duty: Black Ops - Multiplayer        Treyarch        28.01.2011                                                      notwendig       
CCleaner        Piriform        25.05.2011                3.07                                                          notwendig
Crysis® 2        Electronic Arts        15.04.2011        7.757MB        1.0.0.0                                                      notwendig
DiRT 3        Codemasters        25.05.2011                1.0.0000.130                                                          notwendig
EA Download Manager        Electronic Arts, Inc.        18.03.2011                7.3.3.7                                      notwendig
FAKEFACTORY Cinematic Mod V10        FAKEFACTORY        14.05.2011                V10.90                                        notwendig
GCFScape 1.8.2        Ryan Gregg        06.06.2011        1,18MB                                                                      notwendig
Grand Theft Auto IV        Rockstar Games        02.04.2011                1.00.0000                                            notwendig
Half-Life 2        Valve        13.05.2011                                                                                      notwendig
Half-Life 2: Episode One        Valve        13.05.2011                                                                      notwendig
Half-Life 2: Episode Two        Valve        13.05.2011                                                                      notwendig
Half-Life 2: Lost Coast        Valve        13.05.2011                                                                              notwendig
ICQ7.4        ICQ        19.03.2011                7.4                                                                          notwendig
ImgBurn        LIGHTNING UK!        31.05.2011                2.5.5.0                                                                unnötig
Logitech SetPoint 6.22        Logitech        20.04.2011        39,1MB        6.22.24                                              notwendig
Malwarebytes' Anti-Malware Version 1.51.0.1200        Malwarebytes Corporation        22.06.2011        13,8MB        1.51.0.1200  notwendig
Metro 2033        THQ        28.01.2011                                                                                          notwendig
Microsoft .NET Framework 1.1        Microsoft        09.03.2011        34,8MB        1.1.4322                                          notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        27.06.2010        38,8MB        4.0.30319                notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        27.06.2010        2,94MB        4.0.30319 unnötig
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        06.05.2011        31,3MB        3.5.88.0          notwendig
Microsoft Games for Windows Marketplace        Microsoft Corporation        06.05.2011        6,04MB        3.5.50.0                          notwendig
Microsoft Office 2010        Microsoft Corporation        16.05.2010        6,31MB        14.0.4763.1000                                    notwendig
Microsoft Office Klick-und-Los 2010        Microsoft Corporation        29.01.2011                14.0.4763.1000                    notwendig
Microsoft Office Starter 2010 - Deutsch        Microsoft Corporation        29.01.2011                14.0.4763.1000                    notwendig
Microsoft Silverlight        Microsoft Corporation        16.06.2011        168,4MB        4.0.60531.0                                      notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        10.08.2010        1,72MB        3.1.0000                  unnötig
Microsoft Sync Framework Runtime Native v1.0 (x86)        Microsoft Corporation        10.08.2010        0,61MB        1.0.1215.0        notwendig
Microsoft Sync Framework Services Native v1.0 (x86)        Microsoft Corporation        10.08.2010        1,45MB        1.0.1215.0        notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        10.03.2011        0,25MB        8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0,29MB        8.0.61001                              notwendig
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        09.03.2011        0,69MB        8.0.61000                              notwendig
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        06.05.2011        0,57MB        8.0.51011              notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        08.03.2011        0,21MB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        29.01.2011        0,20MB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        06.05.2011        0,77MB        9.0.30729.5570  notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        06.05.2011        0,58MB        9.0.30729.5570  notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        24.03.2011        1,71MB        9.0.21022                notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        06.03.2011        0,77MB        9.0.30729                notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,77MB        9.0.30729.6161          notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        15.04.2011        0,23MB        9.0.30729                notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        28.01.2011        0,58MB        9.0.30729                notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        05.02.2011        0,58MB        9.0.30729.4148          notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,59MB        9.0.30729.6161          notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        06.05.2011        13,7MB        10.0.30319              notwendig
Microsoft Xbox 360 Accessories 1.2        Microsoft        16.04.2011        7,82MB        1.20.146.0                                              notwendig
Mozilla Firefox 5.0 (x86 de)        Mozilla        22.06.2011        31,2MB        5.0                                                                      notwendig
NVIDIA PhysX        NVIDIA Corporation        28.01.2011        80,1MB        9.10.0222                                                notwendig
OpenAL                25.05.2011                                                                                                notwendig
Paint.NET v3.5.8        dotPDN LLC        12.05.2011        10,4MB        3.58.0                                                  notwendig
PunkBuster Services        Even Balance, Inc.        09.03.2011                0.986                                            notwendig
Rapture3D 2.4.8 Game        Blue Ripple Sound        25.05.2011                                                                notwendig
Source SDK        Valve        13.05.2011                                                                                        notwendig
Source SDK Base 2006        Valve        13.05.2011                                                                                notwendig
Source SDK Base 2007        Valve        13.05.2011                                                                                notwendig
Steam        Valve Corporation        28.01.2011        1,49MB        1.0.0.0                                                          notwendig
Super Meat Boy                24.03.2011                                                                                        notwendig
Super Meat Boy Editor                06.05.2011                                                                                notwendig
Tunngle beta        Tunngle.net GmbH        05.02.2011                                                                        unnötig
Unreal Tournament 3 (LG)        Epic Games        06.03.2011        7.336MB        1.00.0000                                        notwendig
VIA Plattform-Geräte-Manager        VIA Technologies, Inc.        19.01.2011        2,62MB        1.34                                    notwendig
Windows Live Essentials        Microsoft Corporation        10.08.2010                14.0.8117.0416                                  notwendig
Windows Live ID Sign-in Assistant        Microsoft Corporation        02.04.2011        10,0MB        6.500.3165.0                    notwendig
Windows Live Sync        Microsoft Corporation        10.08.2010        2,79MB        14.0.8117.416                                    notwendig
Windows Live-Uploadtool        Microsoft Corporation        10.08.2010        0,22MB        14.0.8014.1029                                  notwendig
WinRAR 4.00 (64-Bit)        win.rar GmbH        07.04.2011                4.00.0                                                  notwendig

markusg 23.06.2011 19:15
sehr aufgeräumt.
wir können das system, wenn keine probs mehr vorliegen, noch absichern.

Rici 23.06.2011 19:23
Hey dankeschön das ist echt ein super job den du hier machst !
wie genau sieht das aus mit der Absicherung ?


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19