Malware protection entfernt - noch Reste auf Rechner?
Guten Abend,
mein Rechner (Windows Vista, Service Pack 2) hat mir mitgeteilt, dass er mit Viren verseucht sei.
Es ist ein scheinbarer Virenscan durchgelaufen, aber nicht von Kaspersky, sondern die Malware Protection. Zudem liessen sich keine Programme mehr ausführen.
Nach kurzem Schrecken habe ich das Internet getrennt,mein Virenschutzprogramm gestartet (Kaspersky) und von einem anderen Rechner mich auf die Suche nach Hilfe gemacht.
Kaspersky hat Viren erkannt, habe sie auch gelöscht, hat aber nichts daran geändert, dass die Programme sich nicht starten lassen. Und die Malware Protection war immer noch da...
Hier im Trojaner-Board bin ich fündig geworden:
Es war genau die beschriebene Malware http://www.trojaner-board.de/99655-m...entfernen.html
Habe sie nach dieser Anleitung entfernt.
Der Scan mit Malwarebytes Anti-Malware im abgesicherten Modus hat mir Malware Protection (Trojan.FakeAlert) als Ergebnis präsentiert. Habe die Datei in Quarantäne verschoben und dann auch gelöscht.
Logfile vom Malwarefund von Malwarebytes' Anti-Malware (mit Befund) Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6705
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19048
11.06.2011 13:30:23
mbam-log-2011-06-11 (13-30-23).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148513
Laufzeit: 4 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Protection (Trojan.FakeAlert) -> Value: Malware Protection -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Mia\AppData\Local\Temp\D567.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Nach Entfernung durch das Programm und nach erneuten Starten (normaler Modus) war alles okay, d.h. keine Infizierten Registrierungswerte oder Dateien mehr.
Im Anschluss darab habe ich auch den TDSSKiller runtergeladen und installiert.
(Anleitung: http://www.trojaner-board.de/82358-t...tml#post640150)
Hier war alles sauber.
Die Programme lassen sich nun wieder öffen und der Rechner funktioniert scheinbar normal.
Möchte nun aber ganz sicher gehen, dass keine versteckten Reste mehr im System sind.
Habe dann auch noch einen Scan mit OTL gemacht.
(Anleitung: http://www.trojaner-board.de/85104-o...-oldtimer.html)
Allerdings kann ich diese Logfiles nicht interpretieren und bitte um Hilfe. Code:
OTL logfile created on: 12.06.2011 19:42:42 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Mia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,48% Memory free
4,21 Gb Paging File | 2,96 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 10,67 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,46% Space Free | Partition Type: FAT32
Computer Name: Mia-LAPTOP | User Name: Mia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mia\Desktop\OTL.exe (OldTimer Tools)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WButton.exe ()
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Mia\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
========== Win32 Services (SafeList) ==========
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (KLFLTDEV) -- C:\Windows\System32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Firefox\Mozilla Firefox\components [2011.04.30 20:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Firefox\Mozilla Firefox\plugins [2011.04.30 20:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.03 23:58:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\THBExt [2009.07.26 16:45:20 | 000,000,000 | ---D | M]
[2010.12.18 19:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mia\AppData\Roaming\mozilla\Extensions
[2010.12.18 19:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.11 13:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mia\AppData\Roaming\mozilla\Firefox\Profiles\cc80b7ka.default\extensions
[2009.09.06 08:26:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mia\AppData\Roaming\mozilla\Firefox\Profiles\cc80b7ka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.06 12:14:19 | 000,005,126 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-1.xml
[2008.09.29 21:35:58 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-2.xml
[2008.11.14 23:21:33 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-3.xml
[2008.12.24 12:58:21 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-4.xml
[2008.12.27 00:07:58 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-5.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CtrlVol] File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ICQ] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Mia\Application Data\Pictures\Hintergrund\P8060075.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mia\Application Data\Pictures\Hintergrund\P8060075.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{eebfea7a-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{eebfea85-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{eebfeac0-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.06.12 19:41:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mia\Desktop\OTL.exe
[2011.06.12 12:06:26 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mia\Desktop\tdsskiller.exe
[2011.06.11 13:22:56 | 000,000,000 | ---D | C] -- C:\Users\Mia\AppData\Roaming\Malwarebytes
[2011.06.11 13:22:49 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 13:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 13:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 13:22:45 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 13:22:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.11 11:15:14 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mia\Desktop\hub.exe
[2011.06.01 07:59:27 | 000,000,000 | ---D | C] -- C:\Users\Mia\Desktop\Semestertreffen Papa
[2010.07.30 16:12:24 | 004,319,232 | ---- | C] (Öko-Institut e.V.) -- C:\Programme\Gemis.exe
[2010.07.02 16:42:08 | 000,594,944 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesCS.dll
[2010.07.02 16:42:06 | 000,611,328 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesES.dll
[2010.07.02 16:42:06 | 000,606,720 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesDE.dll
[2010.07.02 16:42:06 | 000,593,920 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesEN.dll
[2010.07.02 16:42:06 | 000,548,864 | ---- | C] (Oeko-Institut) -- C:\Programme\G4CountriesFR.dll
[2009.11.03 01:02:00 | 002,446,848 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcl140.bpl
[2009.11.03 01:02:00 | 001,785,344 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\rtl140.bpl
[2009.11.03 01:02:00 | 001,572,864 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\xmlrtl140.bpl
[2009.11.03 01:02:00 | 000,406,016 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\dbrtl140.bpl
[2009.11.03 01:02:00 | 000,320,512 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclimg140.bpl
[2009.11.03 01:02:00 | 000,314,368 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldb140.bpl
[2009.11.03 01:02:00 | 000,237,056 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclx140.bpl
[2009.11.03 01:02:00 | 000,212,992 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcl140.de
[2009.11.03 01:02:00 | 000,211,968 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcl140.fr
[2009.11.03 01:02:00 | 000,176,640 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\adortl140.bpl
[2009.11.03 01:02:00 | 000,087,040 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\rtl140.fr
[2009.11.03 01:02:00 | 000,087,040 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\rtl140.de
[2009.11.03 01:02:00 | 000,062,464 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldbx140.bpl
[2009.11.03 01:02:00 | 000,036,352 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclx140.fr
[2009.11.03 01:02:00 | 000,036,352 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclx140.de
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\xmlrtl140.fr
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\xmlrtl140.de
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclimg140.fr
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclimg140.de
[2009.11.03 01:02:00 | 000,030,720 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldb140.fr
[2009.11.03 01:02:00 | 000,030,720 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\dbrtl140.fr
[2009.11.03 01:02:00 | 000,030,720 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\dbrtl140.de
[2009.11.03 01:02:00 | 000,030,208 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldb140.de
[2009.11.03 01:02:00 | 000,024,064 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\adortl140.fr
[2009.11.03 01:02:00 | 000,024,064 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\adortl140.de
[2009.11.03 01:02:00 | 000,022,528 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldbx140.fr
[2009.11.03 01:02:00 | 000,022,528 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldbx140.de
[2007.07.12 04:57:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\Mia\AppData\Local\*.tmp files -> C:\Users\Mia\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.06.12 19:45:19 | 000,654,142 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.12 19:45:19 | 000,609,018 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.12 19:45:19 | 000,135,602 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.12 19:45:19 | 000,112,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.12 19:40:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mia\Desktop\OTL.exe
[2011.06.12 19:31:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.12 18:32:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 18:32:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 12:31:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.12 12:05:46 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mia\Desktop\tdsskiller.exe
[2011.06.12 10:32:28 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011.06.12 10:32:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.12 10:32:05 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.12 07:52:50 | 005,594,656 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2011.06.12 07:52:50 | 001,392,672 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2011.06.12 07:52:50 | 000,051,076 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2011.06.12 07:52:50 | 000,007,936 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2011.06.11 13:22:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.11 12:02:06 | 001,007,120 | ---- | M] () -- C:\rkill.com
[2011.06.11 11:14:44 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mia\Desktop\hub.exe
[2011.06.11 10:19:28 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{5BEC8B88-CD64-455B-B7C4-93F9AB9FC6D2}
[2011.06.09 20:59:30 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.09 20:58:59 | 000,002,673 | ---- | M] () -- C:\Users\Mia\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011.06.09 20:58:45 | 000,002,633 | ---- | M] () -- C:\Users\Mia\Desktop\Microsoft Office Excel 2007.lnk
[2011.06.09 20:57:25 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{7C3B0EBF-9673-484F-A4D6-C41D6A07BD6A}
[2011.06.07 23:39:28 | 000,079,360 | ---- | M] () -- C:\Users\Mia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.07 22:35:38 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{5C445305-29F7-42D0-89A4-F994A5F0E10C}
[2011.06.07 22:09:26 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{634699C0-36E3-4EE5-BB31-E3052B45804F}
[2011.06.07 16:00:28 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{A6A917B2-AE33-4E62-A0C7-80AFC662422E}
[2011.06.05 09:40:08 | 000,167,745 | ---- | M] () -- C:\Users\Mia\Desktop\VP1.3.6.pdf
[2011.06.04 00:13:43 | 000,489,682 | ---- | M] () -- C:\Users\Mia\Desktop\reise.pdf
[2011.06.04 00:08:22 | 000,489,655 | ---- | M] () -- C:\Users\Mia\Desktop\reise2.pdf
[2011.06.01 08:03:54 | 000,160,431 | ---- | M] () -- C:\Users\Mia\Desktop\LEL.pdf
[2011.06.01 08:01:35 | 000,401,148 | ---- | M] () -- C:\Users\Mia\Desktop\LEL.jpg
[2011.05.30 00:07:36 | 000,488,927 | ---- | M] () -- C:\Users\Mia\Desktop\Emden.pdf
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.23 17:26:56 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.05.16 12:28:25 | 000,002,545 | ---- | M] () -- C:\Users\Mia\Desktop\VPN Client.lnk
[2011.05.14 16:31:52 | 000,002,631 | ---- | M] () -- C:\Users\Mia\Desktop\Microsoft Office Word 2007.lnk
[1 C:\Users\Mia\AppData\Local\*.tmp files -> C:\Users\Mia\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.06.12 10:32:05 | 2137,186,304 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.11 13:22:49 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.11 13:19:14 | 001,007,120 | ---- | C] () -- C:\rkill.com
[2011.06.11 10:19:28 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{5BEC8B88-CD64-455B-B7C4-93F9AB9FC6D2}
[2011.06.09 20:57:25 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{7C3B0EBF-9673-484F-A4D6-C41D6A07BD6A}
[2011.06.07 22:35:38 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{5C445305-29F7-42D0-89A4-F994A5F0E10C}
[2011.06.07 22:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{634699C0-36E3-4EE5-BB31-E3052B45804F}
[2011.06.07 16:00:28 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{A6A917B2-AE33-4E62-A0C7-80AFC662422E}
[2011.06.05 10:11:33 | 000,167,745 | ---- | C] () -- C:\Users\Mia\Desktop\VP1.3.6.pdf
[2011.06.04 00:13:43 | 000,489,682 | ---- | C] () -- C:\Users\Mia\Desktop\reise.pdf
[2011.06.04 00:08:22 | 000,489,655 | ---- | C] () -- C:\Users\Mia\Desktop\reise2.pdf
[2011.06.01 08:03:49 | 000,160,431 | ---- | C] () -- C:\Users\Mia\Desktop\LEL.pdf
[2011.06.01 08:01:34 | 000,401,148 | ---- | C] () -- C:\Users\Mia\Desktop\LEL.jpg
[2011.05.30 00:07:36 | 000,488,927 | ---- | C] () -- C:\Users\Mia\Desktop\Emden.pdf
[2010.08.16 20:46:01 | 000,000,051 | ---- | C] () -- C:\Windows\Fendt Comic.ini
[2010.07.23 10:28:50 | 000,018,326 | ---- | C] () -- C:\Programme\gemis.g4o
[2010.07.21 12:53:04 | 000,003,502 | ---- | C] () -- C:\Programme\g4readmecs.htm
[2010.07.16 14:17:06 | 000,003,327 | ---- | C] () -- C:\Programme\g4readmeen.htm
[2010.07.16 13:54:58 | 000,003,904 | ---- | C] () -- C:\Programme\g4readmede.htm
[2010.07.09 20:31:10 | 000,007,148 | ---- | C] () -- C:\Programme\g4readmees.htm
[2010.07.09 20:30:12 | 000,006,486 | ---- | C] () -- C:\Programme\g4readmefr.htm
[2009.09.25 20:57:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.25 20:57:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.26 16:46:00 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009.07.26 16:46:00 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009.07.26 16:44:57 | 005,594,656 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.07.26 16:44:57 | 001,392,672 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009.04.30 12:54:14 | 000,026,577 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.01.23 09:32:08 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdsuinst.exe
[2009.01.23 09:25:12 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009.01.23 09:25:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2009.01.23 09:25:12 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2008.11.09 13:04:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.09 13:04:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.09 13:03:05 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.11.09 12:57:16 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.07.25 23:33:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.29 09:01:13 | 000,012,800 | ---- | C] () -- C:\Windows\jrew.exe
[2008.05.29 09:01:13 | 000,012,288 | ---- | C] () -- C:\Windows\jre.exe
[2008.05.29 08:58:23 | 000,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll
[2008.05.29 08:58:21 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008.05.29 08:58:17 | 000,086,016 | ---- | C] () -- C:\Windows\System32\AFFile.dll
[2008.05.29 08:58:16 | 000,307,200 | ---- | C] () -- C:\Windows\System32\ExportModeller.dll
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008.01.28 15:21:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.01.13 22:58:33 | 000,001,190 | ---- | C] () -- C:\Windows\mozver.dat
[2007.09.27 11:34:53 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.27 11:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.09.06 11:16:54 | 000,079,360 | ---- | C] () -- C:\Users\Mia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.06 10:46:08 | 000,553,174 | ---- | C] () -- C:\Users\Mia\AppData\Roaming\UserTile.png
[2007.09.06 09:03:51 | 000,007,226 | ---- | C] () -- C:\Users\Mia\AppData\Roaming\wklnhst.dat
[2007.09.06 08:45:41 | 000,000,093 | ---- | C] () -- C:\Users\Mia\AppData\Local\fusioncache.dat
[2007.07.12 04:57:45 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.09 17:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe
[2007.07.06 07:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.07.06 07:39:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.07.06 07:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.07.06 06:41:51 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.07.06 06:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.06.20 13:44:37 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007.06.20 13:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.06.20 13:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.06.11 14:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.06.11 14:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 17:33:31 | 000,654,142 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,135,602 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,370,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,018 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,112,262 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2004.09.16 16:26:50 | 000,001,901 | ---- | C] () -- C:\Programme\g4licencecs.htm
[2000.03.16 17:32:26 | 000,001,675 | ---- | C] () -- C:\Programme\g4licencede.htm
[2000.03.16 17:31:42 | 000,001,462 | ---- | C] () -- C:\Programme\g4licencees.htm
[2000.03.16 17:31:42 | 000,001,462 | ---- | C] () -- C:\Programme\g4licenceen.htm
< End of report >
Dankeschön!
Mia |
