| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 habe ich jetzt auchWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.04.2011, 15:35
| #1 |
| |  TR/Kazy.mekml.1 habe ich jetzt auch Hallo alle zusammen, ich bin neu hier, habe allerdings schon diverse Beträge gelesen, die dasselbe Problem behandeln. Ich hab Windows 7 Ultimate 64Bit und habe die selben Symptome wie die meisten auch: - schwarzer Bildschirm - AntiVir meint, meine Festplatte sei kaputt - Am Anfang kam die Meldung, dass nicht genug RAM Speicher vorhanden sei - und dann kommt noch die Meldung von Windows, dass die Datei \\System32\\496A8300 nicht gespeichert werden konnte und die Dateien verloren gegangen sind. Wenn ich irgendwas mit der Anzeige mache startet mein PC neu. Wenn ich mich nicht irre muss das, was bei den anderen geholfen hat, bei jedem individuell durchgeführt werden. Deswegen poste ich meine Ergebnisse auch mal. Ich habe die Anweisungen (via OTL) von MarkusG aus einem anderen Beitrag verfolgt und Folgendes habe ich erhalten: OTL: Code:
ATTFilter OTL logfile created on: 23.04.2011 14:40:03 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Valentin\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): c:\pagefile.sys 2048 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,05 Gb Total Space | 18,98 Gb Free Space | 32,14% Space Free | Partition Type: NTFS Drive D: | 537,10 Gb Total Space | 184,89 Gb Free Space | 34,42% Space Free | Partition Type: NTFS Computer Name: VALENTIN-PC | User Name: Valentin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Valentin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\dAmLSTWYyWMb.exe (WinTrust) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\Valentin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 86 36 EA E9 03 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.27 16:20:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.27 16:20:33 | 000,000,000 | ---D | M] [2010.06.04 15:45:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Valentin\AppData\Roaming\mozilla\Extensions [2011.04.22 20:22:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Valentin\AppData\Roaming\mozilla\Firefox\Profiles\3rbryf28.default\extensions [2011.04.08 17:24:07 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Valentin\AppData\Roaming\mozilla\Firefox\Profiles\3rbryf28.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.23 16:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.30 14:50:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.30 14:50:37 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.30 14:50:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.30 14:50:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.30 14:50:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [dAmLSTWYyWMb] C:\ProgramData\dAmLSTWYyWMb.exe (WinTrust) O4 - Startup: C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Valentin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Valentin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Valentin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Valentin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{036ece3e-6fe8-11df-8382-001fd09f063c}\Shell - "" = AutoRun O33 - MountPoints2\{036ece3e-6fe8-11df-8382-001fd09f063c}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: compst3g - (C:\Windows\system32\cleaetup.dll) - File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2020.08.01 01:50:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2020.08.01 01:50:29 | 000,000,000 | -HSD | C] -- C:\Boot [2020.08.01 00:54:32 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2020.08.01 00:52:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2020.08.01 00:51:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2020.06.01 15:27:19 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Roaming\Avira [2020.06.01 15:25:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2020.06.01 15:25:00 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2020.06.01 15:25:00 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2020.06.01 15:25:00 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2020.06.01 15:25:00 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2020.06.01 15:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2020.06.01 15:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2020.06.01 15:23:36 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2020.06.01 01:00:50 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2020.06.01 01:00:50 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Searches [2020.06.01 01:00:50 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2020.06.01 01:00:42 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Roaming\Identities [2020.06.01 01:00:40 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Contacts [2020.06.01 01:00:39 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\VirtualStore [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Vorlagen [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\AppData\Local\Verlauf [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\AppData\Local\Temporary Internet Files [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Startmenü [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\SendTo [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Recent [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Netzwerkumgebung [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Lokale Einstellungen [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Documents\Eigene Videos [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Documents\Eigene Musik [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Eigene Dateien [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Documents\Eigene Bilder [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Druckumgebung [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Cookies [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\AppData\Local\Anwendungsdaten [2020.06.01 01:00:32 | 000,000,000 | -HSD | C] -- C:\Users\Valentin\Anwendungsdaten [2020.06.01 01:00:31 | 000,000,000 | --SD | C] -- C:\Users\Valentin\AppData\Roaming\Microsoft [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Videos [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Saved Games [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Pictures [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Music [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Links [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Favorites [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Downloads [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Documents [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\Desktop [2020.06.01 01:00:31 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2020.06.01 01:00:31 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\Temp [2020.06.01 01:00:31 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\Microsoft [2020.06.01 01:00:31 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Roaming\Media Center Programs [2020.06.01 01:00:31 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData [2020.06.01 01:00:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2020.06.01 01:00:19 | 000,000,000 | -HSD | C] -- C:\Recovery [2020.06.01 01:00:19 | 000,000,000 | -HSD | C] -- C:\Programme [2020.06.01 01:00:19 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2020.06.01 01:00:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2020.06.01 01:00:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2020.06.01 01:00:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2020.06.01 01:00:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2020.06.01 01:00:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2020.06.01 01:00:18 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2020.06.01 01:00:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2020.06.01 01:00:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.04.23 14:39:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Valentin\Desktop\OTL.exe [2011.04.23 13:58:32 | 000,000,000 | RH-D | C] -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9 [2011.04.23 12:19:46 | 000,569,344 | ---- | C] (WinTrust) -- C:\ProgramData\dAmLSTWYyWMb.exe [2011.04.12 09:57:24 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\{45660C38-F7EF-4AFE-892D-1B9D979A26B2} [2011.04.11 23:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2011.04.11 23:31:56 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\{3A6FEF45-152F-4894-8C42-DF9B9A7466E7} [2011.04.08 17:43:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.04.07 21:29:18 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\{B11F038C-A5E5-4EE1-B773-4797E4192DA7} [2011.04.07 21:29:18 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\{25ECAA11-B8E8-4D8C-9480-D1BD11E35230} [2011.04.07 15:55:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2011.04.07 15:55:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.04.07 15:55:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2011.04.07 15:54:34 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services [2011.04.07 15:54:06 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework [2011.04.07 15:54:06 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2011.04.07 15:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2011.04.07 15:52:28 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services [2011.04.07 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.04.07 15:52:04 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\Microsoft Help [2011.04.07 15:51:57 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.04.07 15:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.04.07 15:51:42 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.04.07 15:32:15 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\Desktop\x64 [2011.04.06 14:49:56 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\Documents\Eden Games [2011.04.06 14:49:08 | 000,000,000 | -H-D | C] -- C:\Users\Valentin\AppData\Local\CrashRpt [2011.04.06 14:12:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2011.03.26 01:48:06 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2011.01.07 16:50:18 | 000,695,296 | -H-- | C] (AnjoCaido) -- C:\Users\Valentin\AppData\Roaming\MinecraftSP.exe [2009.09.04 19:01:10 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DXSETUP.exe [2009.09.04 19:01:08 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dsetup32.dll [2009.09.04 19:01:08 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DSETUP.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2020.08.01 00:56:34 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2020.08.01 00:56:34 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2020.06.01 01:01:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.04.23 14:39:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Valentin\Desktop\OTL.exe [2011.04.23 14:08:05 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 14:08:05 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 14:08:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.23 14:01:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2011.04.23 13:58:30 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.23 13:58:29 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011.04.23 13:58:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.23 13:58:11 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2011.04.23 13:57:16 | 000,003,680 | ---- | M] () -- C:\bootsqm.dat [2011.04.23 13:33:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.04.23 12:32:32 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.23 12:32:32 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.23 12:32:32 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.23 12:32:32 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.23 12:32:31 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.23 12:19:46 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\dAmLSTWYyWMb.exe [2011.04.23 11:46:56 | 001,747,089 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 11.png [2011.04.23 11:46:51 | 002,441,235 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 10.png [2011.04.23 11:46:27 | 002,011,842 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 9.png [2011.04.23 11:45:04 | 002,432,288 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 8.png [2011.04.23 11:44:23 | 002,620,817 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 7.png [2011.04.23 11:43:26 | 003,552,171 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 6.png [2011.04.23 11:42:18 | 003,596,307 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 5.png [2011.04.23 11:41:35 | 003,308,528 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 4.png [2011.04.23 11:40:07 | 002,055,517 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 3.png [2011.04.23 11:39:46 | 001,845,414 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 2.png [2011.04.23 11:38:57 | 001,551,310 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 1.png [2011.04.23 11:38:11 | 001,974,082 | -H-- | M] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain.png [2011.04.22 20:55:44 | 000,152,376 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2011.04.11 23:59:33 | 000,029,001 | -HS- | M] () -- C:\Users\Valentin\Desktop\Folder.jpg [2011.04.11 23:59:33 | 000,005,911 | -HS- | M] () -- C:\Users\Valentin\Desktop\AlbumArtSmall.jpg [2011.04.10 12:50:58 | 000,006,900 | -H-- | M] () -- C:\Users\Valentin\AppData\Roaming\wklnhst.dat [2011.04.08 17:43:02 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.08 17:41:31 | 020,586,196 | -H-- | M] () -- C:\Users\Valentin\Documents\vlc-1.1.8-win32.exe [2011.04.08 13:46:42 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.07 16:01:42 | 000,441,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.05 16:54:11 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.05 16:54:05 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2011.04.05 16:54:05 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.26 15:19:08 | 000,001,239 | -H-- | M] () -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011.03.26 01:48:06 | 004,284,416 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2020.08.01 01:50:29 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2020.08.01 00:56:14 | 000,001,345 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2020.08.01 00:56:07 | 000,001,326 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2020.08.01 00:51:42 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys [2020.06.01 15:22:58 | 000,001,547 | -H-- | C] () -- C:\Users\Valentin\Desktop\Eigene Dateien.lnk [2020.06.01 01:01:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2020.06.01 01:00:56 | 000,001,409 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2020.06.01 01:00:51 | 000,001,443 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.04.23 13:57:16 | 000,003,680 | ---- | C] () -- C:\bootsqm.dat [2011.04.23 11:46:56 | 001,747,089 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 11.png [2011.04.23 11:46:32 | 002,441,235 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 10.png [2011.04.23 11:46:08 | 002,011,842 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 9.png [2011.04.23 11:45:03 | 002,432,288 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 8.png [2011.04.23 11:44:22 | 002,620,817 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 7.png [2011.04.23 11:43:25 | 003,552,171 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 6.png [2011.04.23 11:42:18 | 003,596,307 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 5.png [2011.04.23 11:41:35 | 003,308,528 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 4.png [2011.04.23 11:40:07 | 002,055,517 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 3.png [2011.04.23 11:39:45 | 001,845,414 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 2.png [2011.04.23 11:38:57 | 001,551,310 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain 1.png [2011.04.23 11:37:22 | 001,974,082 | -H-- | C] () -- C:\Users\Valentin\Desktop\Terje Sorgjerd - The Mountain.png [2011.04.11 23:59:33 | 000,029,001 | -HS- | C] () -- C:\Users\Valentin\Desktop\Folder.jpg [2011.04.11 23:59:33 | 000,005,911 | -HS- | C] () -- C:\Users\Valentin\Desktop\AlbumArtSmall.jpg [2011.04.08 17:43:02 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.08 17:40:55 | 020,586,196 | -H-- | C] () -- C:\Users\Valentin\Documents\vlc-1.1.8-win32.exe [2011.03.26 15:19:08 | 000,001,239 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011.03.18 21:52:06 | 000,000,254 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\installer.bat [2011.01.07 16:50:18 | 000,341,622 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\minecraft_name_alt.jar [2011.01.07 16:50:18 | 000,232,501 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\Minecraft.exe [2011.01.07 16:50:18 | 000,000,016 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\lastlogin [2010.12.06 18:31:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.04 21:38:46 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.12.03 16:50:16 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.09.27 17:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2010.09.16 19:53:57 | 010,956,800 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.09.02 19:18:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2010.08.12 22:43:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.07.02 23:41:53 | 000,152,376 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.06.16 21:04:45 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.06.16 21:04:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.06.16 21:04:43 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.06.16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.06.08 20:34:22 | 000,006,900 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\wklnhst.dat [2010.06.07 15:09:52 | 000,000,004 | -H-- | C] () -- C:\Users\Valentin\AppData\Roaming\dhxiuw.dat [2010.06.04 19:24:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.06.04 16:34:39 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.09.04 19:01:20 | 001,550,796 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab [2009.09.04 19:01:20 | 001,412,894 | ---- | C] () -- C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab [2009.09.04 19:01:20 | 001,127,209 | ---- | C] () -- C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab [2009.09.04 19:01:20 | 000,994,154 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab [2009.09.04 19:01:20 | 000,273,960 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XAudio_x64.cab [2009.09.04 19:01:20 | 000,272,603 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XAudio_x86.cab [2009.09.04 19:01:20 | 000,182,361 | ---- | C] () -- C:\Program Files (x86)\OCT2006_XACT_x64.cab [2009.09.04 19:01:20 | 000,138,009 | ---- | C] () -- C:\Program Files (x86)\OCT2006_XACT_x86.cab [2009.09.04 19:01:20 | 000,121,786 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XACT_x64.cab [2009.09.04 19:01:20 | 000,092,676 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XACT_x86.cab [2009.09.04 19:01:20 | 000,086,029 | ---- | C] () -- C:\Program Files (x86)\Oct2005_xinput_x64.cab [2009.09.04 19:01:20 | 000,054,522 | ---- | C] () -- C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab [2009.09.04 19:01:20 | 000,045,351 | ---- | C] () -- C:\Program Files (x86)\Oct2005_xinput_x86.cab [2009.09.04 19:01:20 | 000,021,843 | ---- | C] () -- C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab [2009.09.04 19:01:18 | 001,906,870 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab [2009.09.04 19:01:18 | 001,802,058 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab [2009.09.04 19:01:18 | 001,709,360 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab [2009.09.04 19:01:18 | 000,965,421 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab [2009.09.04 19:01:18 | 000,803,876 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab [2009.09.04 19:01:18 | 000,196,754 | ---- | C] () -- C:\Program Files (x86)\NOV2007_XACT_x64.cab [2009.09.04 19:01:18 | 000,148,264 | ---- | C] () -- C:\Program Files (x86)\NOV2007_XACT_x86.cab [2009.09.04 19:01:18 | 000,046,144 | ---- | C] () -- C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab [2009.09.04 19:01:18 | 000,018,496 | ---- | C] () -- C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab [2009.09.04 19:01:14 | 001,973,702 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab [2009.09.04 19:01:14 | 001,612,446 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab [2009.09.04 19:01:14 | 001,067,160 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab [2009.09.04 19:01:14 | 001,040,737 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab [2009.09.04 19:01:14 | 000,864,600 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab [2009.09.04 19:01:14 | 000,275,036 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XAudio_x64.cab [2009.09.04 19:01:14 | 000,273,010 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XAudio_x86.cab [2009.09.04 19:01:14 | 000,251,186 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XAudio_x64.cab [2009.09.04 19:01:14 | 000,226,242 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XAudio_x86.cab [2009.09.04 19:01:14 | 000,122,336 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XACT_x64.cab [2009.09.04 19:01:14 | 000,121,506 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XACT_x64.cab [2009.09.04 19:01:14 | 000,093,726 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XACT_x86.cab [2009.09.04 19:01:14 | 000,092,732 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XACT_x86.cab [2009.09.04 19:01:14 | 000,054,600 | ---- | C] () -- C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab [2009.09.04 19:01:14 | 000,021,867 | ---- | C] () -- C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab [2009.09.04 19:01:14 | 000,021,298 | ---- | C] () -- C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab [2009.09.04 19:01:12 | 001,769,862 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab [2009.09.04 19:01:12 | 001,443,274 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab [2009.09.04 19:01:12 | 000,844,884 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab [2009.09.04 19:01:12 | 000,818,260 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab [2009.09.04 19:01:12 | 000,269,620 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XAudio_x64.cab [2009.09.04 19:01:12 | 000,269,016 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XAudio_x86.cab [2009.09.04 19:01:12 | 000,121,054 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XACT_x64.cab [2009.09.04 19:01:12 | 000,093,128 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XACT_x86.cab [2009.09.04 19:01:12 | 000,055,050 | ---- | C] () -- C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab [2009.09.04 19:01:12 | 000,021,905 | ---- | C] () -- C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab [2009.09.04 19:01:10 | 001,792,600 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab [2009.09.04 19:01:10 | 001,607,766 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab [2009.09.04 19:01:10 | 001,607,278 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab [2009.09.04 19:01:10 | 001,463,878 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab [2009.09.04 19:01:10 | 001,362,796 | ---- | C] () -- C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab [2009.09.04 19:01:10 | 001,336,002 | ---- | C] () -- C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab [2009.09.04 19:01:10 | 001,064,925 | ---- | C] () -- C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab [2009.09.04 19:01:10 | 000,867,828 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab [2009.09.04 19:01:10 | 000,849,919 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab [2009.09.04 19:01:10 | 000,699,044 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab [2009.09.04 19:01:10 | 000,698,464 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab [2009.09.04 19:01:10 | 000,197,114 | ---- | C] () -- C:\Program Files (x86)\JUN2007_XACT_x64.cab [2009.09.04 19:01:10 | 000,178,359 | ---- | C] () -- C:\Program Files (x86)\Feb2006_XACT_x64.cab [2009.09.04 19:01:10 | 000,152,901 | ---- | C] () -- C:\Program Files (x86)\JUN2007_XACT_x86.cab [2009.09.04 19:01:10 | 000,055,154 | ---- | C] () -- C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab [2009.09.04 19:01:08 | 013,264,168 | ---- | C] () -- C:\Program Files (x86)\dxnt.cab [2009.09.04 19:01:08 | 001,247,499 | ---- | C] () -- C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab [2009.09.04 19:01:08 | 001,084,712 | ---- | C] () -- C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab [2009.09.04 19:01:08 | 001,013,225 | ---- | C] () -- C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab [2009.09.04 19:01:08 | 000,194,667 | ---- | C] () -- C:\Program Files (x86)\FEB2007_XACT_x64.cab [2009.09.04 19:01:08 | 000,180,777 | ---- | C] () -- C:\Program Files (x86)\JUN2006_XACT_x64.cab [2009.09.04 19:01:08 | 000,147,983 | ---- | C] () -- C:\Program Files (x86)\FEB2007_XACT_x86.cab [2009.09.04 19:01:08 | 000,133,663 | ---- | C] () -- C:\Program Files (x86)\JUN2006_XACT_x86.cab [2009.09.04 19:01:08 | 000,132,409 | ---- | C] () -- C:\Program Files (x86)\Feb2006_XACT_x86.cab [2009.09.04 19:01:08 | 000,095,637 | ---- | C] () -- C:\Program Files (x86)\dxupdate.cab [2009.09.04 19:01:08 | 000,044,440 | ---- | C] () -- C:\Program Files (x86)\dxdllreg_x86.cab [2009.09.04 19:01:06 | 000,145,591 | ---- | C] () -- C:\Program Files (x86)\DEC2006_XACT_x86.cab [2009.09.04 19:01:04 | 003,319,732 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab [2009.09.04 19:01:04 | 003,112,103 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab [2009.09.04 19:01:04 | 001,574,376 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab [2009.09.04 19:01:04 | 001,571,154 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab [2009.09.04 19:01:04 | 001,357,968 | ---- | C] () -- C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab [2009.09.04 19:01:04 | 001,155,483 | ---- | C] () -- C:\Program Files (x86)\BDANT.cab [2009.09.04 19:01:04 | 001,079,448 | ---- | C] () -- C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab [2009.09.04 19:01:04 | 000,975,148 | ---- | C] () -- C:\Program Files (x86)\BDAXP.cab [2009.09.04 19:01:04 | 000,930,108 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab [2009.09.04 19:01:04 | 000,919,036 | ---- | C] () -- C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab [2009.09.04 19:01:04 | 000,900,598 | ---- | C] () -- C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab [2009.09.04 19:01:04 | 000,728,456 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab [2009.09.04 19:01:04 | 000,273,264 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XAudio_x64.cab [2009.09.04 19:01:04 | 000,272,634 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XAudio_x86.cab [2009.09.04 19:01:04 | 000,271,404 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XAudio_x64.cab [2009.09.04 19:01:04 | 000,271,038 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XAudio_x86.cab [2009.09.04 19:01:04 | 000,232,635 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab [2009.09.04 19:01:04 | 000,212,799 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab [2009.09.04 19:01:04 | 000,192,467 | ---- | C] () -- C:\Program Files (x86)\DEC2006_XACT_x64.cab [2009.09.04 19:01:04 | 000,192,131 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab [2009.09.04 19:01:04 | 000,191,712 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab [2009.09.04 19:01:04 | 000,136,301 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab [2009.09.04 19:01:04 | 000,122,408 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XACT_x64.cab [2009.09.04 19:01:04 | 000,121,764 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XACT_x64.cab [2009.09.04 19:01:04 | 000,105,036 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab [2009.09.04 19:01:04 | 000,093,098 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XACT_x86.cab [2009.09.04 19:01:04 | 000,092,996 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XACT_x86.cab [2009.09.04 19:01:02 | 001,464,664 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab [2009.09.04 19:01:00 | 001,800,152 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab [2009.09.04 19:01:00 | 001,794,076 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab [2009.09.04 19:01:00 | 001,708,144 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab [2009.09.04 19:01:00 | 001,350,534 | ---- | C] () -- C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab [2009.09.04 19:01:00 | 001,077,644 | ---- | C] () -- C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab [2009.09.04 19:01:00 | 000,867,604 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab [2009.09.04 19:01:00 | 000,852,286 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab [2009.09.04 19:01:00 | 000,849,167 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab [2009.09.04 19:01:00 | 000,796,859 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab [2009.09.04 19:01:00 | 000,198,088 | ---- | C] () -- C:\Program Files (x86)\AUG2007_XACT_x64.cab [2009.09.04 19:01:00 | 000,182,903 | ---- | C] () -- C:\Program Files (x86)\AUG2006_XACT_x64.cab [2009.09.04 19:01:00 | 000,153,004 | ---- | C] () -- C:\Program Files (x86)\AUG2007_XACT_x86.cab [2009.09.04 19:01:00 | 000,137,235 | ---- | C] () -- C:\Program Files (x86)\AUG2006_XACT_x86.cab [2009.09.04 19:01:00 | 000,096,817 | ---- | C] () -- C:\Program Files (x86)\APR2007_xinput_x64.cab [2009.09.04 19:01:00 | 000,087,142 | ---- | C] () -- C:\Program Files (x86)\AUG2006_xinput_x64.cab [2009.09.04 19:01:00 | 000,053,294 | ---- | C] () -- C:\Program Files (x86)\APR2007_xinput_x86.cab [2009.09.04 19:01:00 | 000,046,058 | ---- | C] () -- C:\Program Files (x86)\AUG2006_xinput_x86.cab [2009.09.04 19:00:58 | 004,162,630 | ---- | C] () -- C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab [2009.09.04 19:00:58 | 001,607,358 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab [2009.09.04 19:00:58 | 001,606,031 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab [2009.09.04 19:00:58 | 000,916,430 | ---- | C] () -- C:\Program Files (x86)\Apr2006_MDX1_x86.cab [2009.09.04 19:00:58 | 000,698,612 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab [2009.09.04 19:00:58 | 000,695,857 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab [2009.09.04 19:00:58 | 000,195,758 | ---- | C] () -- C:\Program Files (x86)\APR2007_XACT_x64.cab [2009.09.04 19:00:58 | 000,179,125 | ---- | C] () -- C:\Program Files (x86)\Apr2006_XACT_x64.cab [2009.09.04 19:00:58 | 000,151,225 | ---- | C] () -- C:\Program Files (x86)\APR2007_XACT_x86.cab [2009.09.04 19:00:58 | 000,133,095 | ---- | C] () -- C:\Program Files (x86)\Apr2006_XACT_x86.cab [2009.09.04 19:00:58 | 000,087,101 | ---- | C] () -- C:\Program Files (x86)\Apr2006_xinput_x64.cab [2009.09.04 19:00:58 | 000,046,002 | ---- | C] () -- C:\Program Files (x86)\Apr2006_xinput_x86.cab [2009.09.04 19:00:56 | 001,397,822 | ---- | C] () -- C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab [2009.09.04 19:00:56 | 001,347,354 | ---- | C] () -- C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab [2009.09.04 19:00:56 | 001,115,221 | ---- | C] () -- C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab [2009.09.04 19:00:56 | 001,078,954 | ---- | C] () -- C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe ========== LOP Check ========== [2011.03.19 00:01:46 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\.minecraft [2011.01.07 17:17:09 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\.minecraft server [2010.12.23 23:55:12 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\.minecraft wiki [2011.01.07 16:50:18 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\bin [2010.09.25 13:39:25 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Canneverbe Limited [2011.02.25 19:32:16 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Cartograph [2010.06.04 16:52:13 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\DAEMON Tools Lite [2010.09.21 16:24:37 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\DAEMON Tools Net [2010.11.24 17:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Diercke Globus Online [2011.04.09 23:17:45 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.28 18:41:10 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Erhuq [2011.04.22 23:21:59 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\ICQ [2010.07.14 10:08:06 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Leadertech [2010.11.28 20:41:19 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Lyda [2010.09.19 18:04:45 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\OpenOffice.org [2010.07.05 21:47:02 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Red Kawa [2011.01.07 16:50:19 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\resources [2011.03.20 15:17:53 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Rovio [2010.12.23 23:58:04 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\saves [2010.06.20 12:08:44 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Spore [2011.01.03 00:30:12 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Stardock [2010.11.05 22:42:51 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\TeamViewer [2010.06.08 20:34:28 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Template [2010.11.23 17:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\texturepacks [2011.04.08 13:47:50 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\TS3Client [2011.03.19 00:01:23 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Tunngle [2010.09.25 13:14:14 | 000,000,000 | -H-D | M] -- C:\Users\Valentin\AppData\Roaming\Ubisoft [2011.03.18 16:21:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.23 13:58:29 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011.04.23 14:01:02 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2011 14:40:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Valentin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,05 Gb Total Space | 18,98 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
Drive D: | 537,10 Gb Total Space | 184,89 Gb Free Space | 34,42% Space Free | Partition Type: NTFS
Computer Name: VALENTIN-PC | User Name: Valentin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011c
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"Demigod" = Demigod
"DivX Setup.divx.com" = DivX-Setup
"FIFA 11_is1" = FIFA 11
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Impulse" = Impulse
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PIXresizer_is1" = PIXresizer 2.0.4
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steam App 49900" = Plain Sight
"TeamViewer 5" = TeamViewer 5
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2011 06:19:49 | Computer Name = Valentin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe_Flash_Player.exe, Version:
1.7.8800.0, Zeitstempel: 0x4d776bb8 Name des fehlerhaften Moduls: Adobe_Flash_Player.exe,
Version: 1.7.8800.0, Zeitstempel: 0x4d776bb8 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00001149 ID des fehlerhaften Prozesses: 0xea4 Startzeit der fehlerhaften Anwendung:
0x01cc019ff99073a9 Pfad der fehlerhaften Anwendung: C:\Users\Valentin\AppData\Local\Temp\Adobe_Flash_Player.exe
Pfad
des fehlerhaften Moduls: C:\Users\Valentin\AppData\Local\Temp\Adobe_Flash_Player.exe
Berichtskennung:
37a435f5-6d93-11e0-98cb-001fd09f063c
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.04.2011 07:32:41 | Computer Name = Valentin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 23.04.2011 06:28:53 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 23.04.2011 06:33:32 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 23.04.2011 06:33:46 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
Error - 23.04.2011 06:38:21 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 23.04.2011 06:42:33 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 23.04.2011 06:59:55 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 23.04.2011 07:04:36 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 23.04.2011 07:25:17 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 23.04.2011 08:00:58 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 23.04.2011 08:05:13 | Computer Name = Valentin-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
< End of report >
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6424
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.04.2011 16:34:08
mbam-log-2011-04-23 (16-34-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 446910
Laufzeit: 1 Stunde(n), 6 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8
Infizierte Speicherprozesse:
c:\programdata\damlstwyywmb.exe (Trojan.FakeAlert) -> 3064 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dAmLSTWYyWMb (Trojan.FakeAlert) -> Value: dAmLSTWYyWMb -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\damlstwyywmb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\null0.42756901297188854.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Valentin\AppData\Local\Temp\0.7064111504389886.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Valentin\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\Spiele\command & conquer 4\CNC4.exe (Hacktool.Gen) -> Quarantined and deleted successfully.
c:\Users\Valentin\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{8c3fdd81-7ae0-4605-a46a-2488b179f2a3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Danke schonmal für die Hilfe! MfG Valentin P.S.: Nachdem ich Malwarebytes durchlaufen lassen hab, kam die Frage ob es die oben auftretenden "wasauchimmer" löschen soll. Ich hab "ok" angeklickt und nach dem Neustart war alles so wie immer. Bin ich jetzt aus der Gefahrenzone oder ist das Ding immer noch auf meinem PC? Geändert von jambobamboo (23.04.2011 um 15:58 Uhr) Grund: Geschehniss nach dem Post |
|
25.04.2011, 15:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.mekml.1 habe ich jetzt auchZitat:
 Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!
__________________ |
|
| Themen zu TR/Kazy.mekml.1 habe ich jetzt auch |
| 32-bit, 64-bit, adblock, analysis, anfang, antivir, avgntflt.sys, avira, bho, black, bonjour, c:\windows\system32\rundll32.exe, call of duty, cdburnerxp, converter, disabletaskmgr, document, error, excel.exe, festplatte, firefox, flash player, google earth, grand theft auto, helper, install.exe, jdownloader, langs, location, logfile, microsoft office word, mozilla, mp3, object, oldtimer, picasa, plug-in, problem, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, senden, server, shell32.dll, sptd.sys, staropen, start menu, studio, system, syswow64, visual studio, webcheck, windows, windows 7 ultimate |
Linear-Darstellung
