Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Virus (Auswertung OTL.txt) (https://www.trojaner-board.de/111782-bundespolizei-virus-auswertung-otl-txt.html)

jürgen69 18.03.2012 16:56
Bundespolizei Virus (Auswertung OTL.txt)
 
Hallo :)

Ich bin, wie viele andere Personen auch, vom Bundespolizeivirus betroffen und kann den abgesicherten Modus nicht mehr starten.
Wie in einem anderen Thread beschrieben, habe ich die OTL Dateien erstellt und bräuchte nun Hilfe bei deren Auswertung.
Falls mir jemand die Dateien auswerten und sagen könnte, wie ich weiter vorgehen muss, wäre ich sehr dankbar !

vielen Dank

Swisstreasure 18.03.2012 19:06
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

jürgen69 18.03.2012 19:21
Danke schonmal für deine Hilfe.

Deine Anleitung erscheint mir relativ klar bis auf den ersten Schritt... Wie soll ich Malwarebytes auf dem PC installieren, wenn ich nicht ins Windows komme?
Sobald ich meinen PC normal hochfahre kommt ja direkt der screen, dass ich das Geld überweisen soll und ich kann nichts mehr anklicken oder installieren...

Swisstreasure 18.03.2012 19:23
Meld mich wieder

jürgen69 18.03.2012 19:24
Sobald ich den Pc im abgesicherten Modus starte, startet der PC automatisch nach ca 5 Sekunden neu...

Swisstreasure 18.03.2012 22:12
Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

jürgen69 18.03.2012 22:36
So habe als Ergebnis folgendes herausbekommen:
Code:
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 14-03-2012
Ran by SYSTEM at 18-03-2012 23:29:42
Running from H:\
Windows 7 Home Premium  (X86) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [1687824 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [2094352 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [258512 2011-10-11] (Avira Operations GmbH & Co. KG)
HKU\Mirko\...\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 [119608 2011-04-13] (ICQ, LLC.)
HKU\Mirko\...\Run: [Steam] "D:\Spiele\Steam\Steam.exe" -silent [x]
HKU\Mirko\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Mirko\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-02] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

================================ Services (Whitelisted) ==================

2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86224 2011-10-11] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110032 2011-10-11] (Avira Operations GmbH & Co. KG)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1045256 2011-04-14] (Acresso Software Inc.)
2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [298824 2011-07-01] ()
2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-05-25] (AnchorFree Inc.)
3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [63976 2011-07-01] ()
2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2011-05-25] ()
2 mitsijm2011; "C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe" [462336 2010-01-23] ()
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-03-01] (NVIDIA Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-09-29] ()
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2011-10-11] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-02-15] (Avira GmbH)
1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-11] (Avira GmbH)
3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2011-05-25] (AnchorFree Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
2 NPF_devolo; C:\Windows\System32\drivers\npf_devolo.sys [35840 2008-11-28] (CACE Technologies)
1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-05-25] (AnchorFree Inc)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [317728 2011-05-26] (Marvell)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-18 22:39 - 2012-03-18 22:42 - 0065244 ____A C:\OTL.Txt
2012-03-17 19:55 - 2012-03-17 19:55 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0450155C-8D23-4EFA-B5D1-D79FE30DAB59}
2012-03-17 19:52 - 2012-03-17 19:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FEFC00E7-93A8-442A-978C-7E39BDAF67FB}
2012-03-17 19:49 - 2012-03-17 19:58 - 0804194 ____A C:\Windows\ntbtlog.txt
2012-03-17 19:46 - 2012-03-17 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CE1F9541-6225-42E0-9F8D-505A3683E8BF}
2012-03-17 19:46 - 2012-03-17 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2135514A-0268-4F17-8962-A7B6FD5A0530}
2012-03-17 16:39 - 2012-03-17 19:05 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-03-17 15:48 - 2012-03-17 15:48 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3E10A6E3-BF43-4F6D-8642-A4C9BA54460C}
2012-03-17 15:45 - 2012-03-17 15:45 - 0000000 ____D C:\Users\Mirko\AppData\Local\{28312DEB-F493-4A36-89D4-44A9F811078D}
2012-03-17 15:18 - 2012-03-17 15:18 - 0001057 ____A C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6773563434665045.exe.lnk
2012-03-17 15:11 - 2012-03-17 15:11 - 0000000 ____D C:\Users\Mirko\AppData\Local\{615F3950-6032-4383-9DA0-6D3B191AF1C3}
2012-03-17 02:30 - 2012-03-01 00:59 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-03-17 02:30 - 2012-03-01 00:59 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-03-17 02:30 - 2012-03-01 00:59 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-03-17 02:30 - 2012-03-01 00:59 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-03-17 02:30 - 2012-03-01 00:59 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-03-17 02:30 - 2012-03-01 00:59 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-03-17 02:30 - 2012-03-01 00:59 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-03-17 02:30 - 2012-03-01 00:59 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-03-17 00:22 - 2012-03-17 00:22 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DD200355-122D-489C-B119-E4B2E3CE50BB}
2012-03-17 00:21 - 2012-03-17 00:22 - 0000000 ____D C:\Users\Mirko\AppData\Local\{838CA04F-63BA-4179-B9AF-6F606D1C6EFA}
2012-03-15 16:33 - 2012-03-15 16:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CF18799E-161B-47F3-85C5-8A2FE82AE568}
2012-03-15 16:33 - 2012-03-15 16:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3C33CE78-8B75-4832-AE07-3F9B0CD2586B}
2012-03-14 23:14 - 2011-11-19 15:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-14 23:14 - 2011-11-19 15:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 21:33 - 2012-03-14 21:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{784F5B8A-1D31-4BAD-A682-8E3131FC762C}
2012-03-14 20:04 - 2012-03-14 20:04 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B15E9425-479A-4421-A3FE-6ABF5BED320D}
2012-03-14 19:45 - 2012-03-14 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3F67D0E6-FCD7-46EB-86E2-8B7D44C78867}
2012-03-14 19:45 - 2012-03-14 19:45 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BE58192C-B8D8-4B90-B114-A8DF7ED74030}
2012-03-14 19:44 - 2012-02-10 06:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 19:44 - 2012-02-03 04:54 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 19:43 - 2012-02-17 06:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 19:43 - 2012-02-17 05:14 - 0183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 19:43 - 2012-02-17 05:13 - 0024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 19:43 - 2012-01-25 06:32 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 19:43 - 2012-01-25 06:32 - 0058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 19:43 - 2012-01-25 06:27 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-12 23:47 - 2012-03-12 23:47 - 0000000 ____D C:\Users\Mirko\AppData\Local\{D23A4E70-7595-4F59-823C-660A17A594B2}
2012-03-12 23:47 - 2012-03-12 23:47 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1711D047-5EDA-4C2A-A3E4-D9D514465999}
2012-03-12 23:37 - 2012-03-12 23:38 - 0000000 ____D C:\Users\Mirko\AppData\Local\{950947C9-DA09-4054-B61E-F79174DA7098}
2012-03-12 23:37 - 2012-03-12 23:37 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0DC93FE6-21C1-4D31-A3D5-42613D4C3FA6}
2012-03-11 12:51 - 2012-03-11 12:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{50CB342D-C587-49D6-A511-8A2E6640589C}
2012-03-11 12:50 - 2012-03-11 12:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9091A904-0C16-45DC-BC1E-81610F3B44F2}
2012-03-10 13:07 - 2012-03-10 13:07 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0A74EB33-D3AA-48C7-9D0D-E1A6918CB114}
2012-03-10 13:01 - 2012-03-10 13:01 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E4A4E985-D429-479E-9942-1D5123435AED}
2012-03-10 13:01 - 2012-03-10 13:01 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4420D810-FED1-428D-92B8-BE4A398E6FDC}
2012-03-09 14:02 - 2012-03-09 14:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F7195F82-27A7-4BF6-8358-F8FB306EA2CE}
2012-03-09 14:02 - 2012-03-09 14:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E962E83B-0C8A-4B05-8CB5-F3F2F71DFB6C}
2012-03-09 12:35 - 2012-03-09 12:35 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E186CF0A-3733-40AA-8A99-0B84539A004C}
2012-03-09 12:34 - 2012-03-09 12:35 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1FB1BF71-85D5-45FF-9C04-677EBF9B3A25}
2012-03-08 13:58 - 2012-03-08 13:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CB9E5680-5B0D-447C-9490-3B8F3248425E}
2012-03-08 13:52 - 2012-03-08 13:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9514293D-05AB-481A-94DB-7E21F6D327AD}
2012-03-08 13:52 - 2012-03-08 13:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5E684DA0-3F5E-4B05-A87D-40BA2FFB9D25}
2012-03-08 13:49 - 2012-03-08 13:49 - 0000000 ____D C:\Users\Mirko\Desktop\Neuer Ordner
2012-03-08 13:47 - 2012-03-08 13:48 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6FFEBC7C-F2AA-4C57-9B65-9698C8D2E559}
2012-03-08 13:47 - 2012-03-08 13:47 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BD5E3F62-64C0-4177-B1EE-D4B1931F6CD6}
2012-03-07 22:06 - 2012-03-07 22:06 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\WinRAR
2012-03-07 22:06 - 2012-03-07 22:06 - 0000000 ____D C:\Program Files\WinRAR
2012-03-07 21:42 - 2012-03-07 21:42 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F74A7AAE-2761-4C17-9708-B8E9A1143009}
2012-03-07 21:42 - 2012-03-07 21:42 - 0000000 ____D C:\Users\Mirko\AppData\Local\{8C40ACC5-4B2B-4643-B630-72507EC40461}
2012-03-07 20:17 - 2012-03-07 20:17 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FA4B0869-2DB8-4888-9622-6C16848B5716}
2012-03-07 20:17 - 2012-03-07 20:17 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F69BAB43-0537-43F9-B914-C9E20D31CC63}
2012-03-06 22:10 - 2012-03-06 22:11 - 0000000 ____D C:\Users\Mirko\AppData\Local\{31AD5E9D-8B5C-4CCD-90F2-FABCCFA8763D}
2012-03-06 22:10 - 2012-03-06 22:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B99276B6-9388-4AB8-ABF2-1A27C67B570A}
2012-03-06 21:30 - 2012-03-06 21:30 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A90297AE-352D-4ABF-A262-33D9837D602F}
2012-03-06 21:29 - 2012-03-06 21:30 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2EC6BC29-5557-475F-BB49-3CED94A1F910}
2012-03-05 23:31 - 2012-03-05 23:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{512CA563-6226-4F0D-876B-0914910288F0}
2012-03-05 23:31 - 2012-03-05 23:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4B924EA3-7F1B-4296-87DA-BFAD8CE8D4AE}
2012-03-05 14:01 - 2012-03-05 14:01 - 0000000 ____D C:\Users\Mirko\AppData\Local\{98BA5536-A39A-4642-8429-F67C9C4BF026}
2012-03-05 13:39 - 2012-03-05 13:39 - 0000000 ____D C:\Users\Mirko\AppData\Local\{EFB94444-2ABE-4FAF-A132-E5253D01196D}
2012-03-05 13:39 - 2012-03-05 13:39 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4D2FCFCC-DAD5-4B31-B4D1-9F6C82F0BEA4}
2012-03-04 11:57 - 2012-03-04 11:57 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C90D8238-C89F-4BE0-A376-44CF8D5F900E}
2012-03-04 11:56 - 2012-03-04 11:57 - 0000000 ____D C:\Users\Mirko\AppData\Local\{99163C48-B2DB-4602-AABA-4E65C5B21DF5}
2012-03-03 20:58 - 2012-03-03 20:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{77839E18-3631-49F3-9436-5712A2696897}
2012-02-29 13:26 - 2012-02-29 13:26 - 0416064 ____A C:\Windows\System32\nvStreaming.exe
2012-02-27 21:10 - 2012-02-27 21:11 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A7672DE6-E988-4A51-84B0-5CC9833D60A3}
2012-02-27 21:10 - 2012-02-27 21:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C6A56313-37D9-4F1B-9410-658A52B5A06D}
2012-02-27 21:05 - 2012-02-27 21:05 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6B534BAF-1E47-4BCB-9779-24B400112277}
2012-02-27 20:54 - 2012-02-27 20:54 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FA003975-C086-49C8-94C6-839252838CED}
2012-02-27 20:18 - 2012-02-27 20:18 - 0000000 ____D C:\Users\Mirko\AppData\Local\{ED9056F1-C93F-446B-954E-5E8D44ED3152}
2012-02-27 19:56 - 2012-02-27 19:56 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A347AB25-F19C-4029-8E18-E3CD421C6109}
2012-02-27 19:55 - 2012-02-27 19:56 - 0000000 ____D C:\Users\Mirko\AppData\Local\{AB38F090-F74D-41B3-BD3B-9A88AA671012}
2012-02-25 20:45 - 2012-03-18 22:38 - 0000000 ____D C:\users\UpdatusUser
2012-02-25 20:45 - 2012-02-25 20:45 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Vorlagen
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Startmenü
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Videos
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-02-25 20:45 - 2009-07-14 09:56 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2012-02-25 18:34 - 2012-02-25 18:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{59A80B29-220D-46B3-9394-07B29A7A58AB}
2012-02-25 18:34 - 2012-02-25 18:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2DF89DFE-63F3-4052-961D-1275A8068DFF}
2012-02-24 20:13 - 2012-02-24 20:13 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3759F4B4-83A3-4B2F-A98E-E87967B579D5}
2012-02-24 20:13 - 2012-02-24 20:13 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2A9B8FDC-42A4-4C48-B378-102330A95621}
2012-02-24 19:32 - 2012-02-24 19:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BB677BEE-815B-4BB7-8653-2B74E8E51880}
2012-02-24 19:32 - 2012-02-24 19:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B27DF6A7-101E-47FE-AF31-74419004425E}
2012-02-22 21:31 - 2012-02-22 21:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{AC12CA8D-B93D-43B8-A495-62806630D648}
2012-02-22 21:31 - 2012-02-22 21:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0E88C5D7-CBAE-43DD-8986-3CF710C47F6E}
2012-02-22 20:15 - 2012-02-22 20:15 - 0000000 ____D C:\Users\Mirko\AppData\Local\{05F0B6D6-55A6-4988-ADCC-7E331E1E251E}
2012-02-22 20:14 - 2012-02-22 20:15 - 0000000 ____D C:\Users\Mirko\AppData\Local\{33BE397C-68F9-40F4-89A3-9A554D2FC764}
2012-02-20 19:28 - 2012-02-20 19:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CD4E1979-64D5-41F5-8052-EB74C6867017}
2012-02-20 19:27 - 2012-02-20 19:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{474FC755-C538-401B-8685-FD460D49833D}
2012-02-20 18:49 - 2012-02-20 18:49 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C9729181-E033-49E1-B68C-B9799411299A}
2012-02-20 18:48 - 2012-02-20 18:49 - 0000000 ____D C:\Users\Mirko\AppData\Local\{197305BC-0566-438E-8E17-3D757A49FD46}
2012-02-17 20:48 - 2011-12-14 04:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-17 20:48 - 2011-12-14 04:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-17 20:48 - 2011-12-14 04:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-17 20:48 - 2011-12-14 03:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-17 20:48 - 2011-12-14 03:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-17 20:48 - 2011-12-14 03:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-17 20:48 - 2011-12-14 03:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-17 20:48 - 2011-12-14 03:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-17 20:48 - 2011-12-14 03:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-17 20:48 - 2011-12-14 03:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-17 20:48 - 2011-12-14 03:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-17 20:48 - 2011-12-14 03:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-17 20:48 - 2011-12-14 03:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-17 19:46 - 2012-02-17 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C0718014-6E19-4842-9A39-B081F38CEF3C}
2012-02-17 19:45 - 2012-02-17 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A812A777-178F-4C30-A879-6603653A54B7}
2012-02-17 18:41 - 2012-02-17 18:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{93AAF228-5A47-4024-BF67-3502F2C665C9}
2012-02-17 18:41 - 2012-02-17 18:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{73BA2A76-E2C6-4AF9-B03D-6502E7C601AA}
2012-02-17 18:37 - 2012-01-04 09:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-17 18:37 - 2012-01-04 09:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-17 18:37 - 2011-12-30 06:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-17 18:37 - 2011-12-16 08:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-17 18:28 - 2012-02-17 18:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0B8CEAAD-2FAE-4468-BDE1-46C89377A5FF}
2012-02-17 18:27 - 2012-02-17 18:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9459F81F-57DD-4F76-88C8-68FA52A7FF56}


============ 3 Months Modified Files and Folders ===============

2012-03-18 23:29 - 2012-03-18 23:29 - 0000000 ____D C:\FRST
2012-03-18 23:21 - 2011-09-20 00:46 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-03-18 23:21 - 2011-09-20 00:46 - 0000000 ____D C:\ProgramData\NVIDIA
2012-03-18 23:21 - 2009-07-14 05:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-18 23:21 - 2009-07-14 05:39 - 0047690 ____A C:\Windows\setupact.log
2012-03-18 23:20 - 2011-04-13 22:39 - 2616545280 __ASH C:\hiberfil.sys
2012-03-18 23:19 - 2011-09-02 19:36 - 0000000 ____D C:\Users\Mirko\AppData\Local\PMB Files
2012-03-18 23:19 - 2011-07-04 17:08 - 0000000 ____D C:\Users\Mirko\Tracing
2012-03-18 23:19 - 2011-07-03 20:04 - 0000000 ____D C:\Users\Mirko\AppData\Local\Deployment
2012-03-18 22:42 - 2012-03-18 22:39 - 0065244 ____A C:\OTL.Txt
2012-03-18 22:38 - 2012-02-25 20:45 - 0000000 ____D C:\users\UpdatusUser
2012-03-18 22:38 - 2011-04-13 22:54 - 0000000 ____D C:\users\Mirko
2012-03-17 19:58 - 2012-03-17 19:49 - 0804194 ____A C:\Windows\ntbtlog.txt
2012-03-17 19:55 - 2012-03-17 19:55 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0450155C-8D23-4EFA-B5D1-D79FE30DAB59}
2012-03-17 19:54 - 2011-04-13 22:42 - 2045560 ____A C:\Windows\WindowsUpdate.log
2012-03-17 19:54 - 2009-07-14 05:34 - 0015120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-17 19:54 - 2009-07-14 05:34 - 0015120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-17 19:52 - 2012-03-17 19:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FEFC00E7-93A8-442A-978C-7E39BDAF67FB}
2012-03-17 19:51 - 2011-04-13 23:31 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\Dropbox
2012-03-17 19:46 - 2012-03-17 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CE1F9541-6225-42E0-9F8D-505A3683E8BF}
2012-03-17 19:46 - 2012-03-17 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2135514A-0268-4F17-8962-A7B6FD5A0530}
2012-03-17 19:05 - 2012-03-17 16:39 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-03-17 15:48 - 2012-03-17 15:48 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3E10A6E3-BF43-4F6D-8642-A4C9BA54460C}
2012-03-17 15:45 - 2012-03-17 15:45 - 0000000 ____D C:\Users\Mirko\AppData\Local\{28312DEB-F493-4A36-89D4-44A9F811078D}
2012-03-17 15:18 - 2012-03-17 15:18 - 0001057 ____A C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6773563434665045.exe.lnk
2012-03-17 15:11 - 2012-03-17 15:11 - 0000000 ____D C:\Users\Mirko\AppData\Local\{615F3950-6032-4383-9DA0-6D3B191AF1C3}
2012-03-17 15:11 - 2011-05-06 15:45 - 0000000 ____D C:\Program Files\Common Files\Steam
2012-03-17 02:35 - 2011-06-23 21:37 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\Skype
2012-03-17 02:35 - 2011-04-13 23:23 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\ICQ
2012-03-17 02:35 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-03-17 02:34 - 2011-04-13 23:34 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-17 02:32 - 2011-09-23 17:50 - 0000000 ____D C:\NVIDIA
2012-03-17 00:22 - 2012-03-17 00:22 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DD200355-122D-489C-B119-E4B2E3CE50BB}
2012-03-17 00:22 - 2012-03-17 00:21 - 0000000 ____D C:\Users\Mirko\AppData\Local\{838CA04F-63BA-4179-B9AF-6F606D1C6EFA}
2012-03-15 16:33 - 2012-03-15 16:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CF18799E-161B-47F3-85C5-8A2FE82AE568}
2012-03-15 16:33 - 2012-03-15 16:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3C33CE78-8B75-4832-AE07-3F9B0CD2586B}
2012-03-15 16:31 - 2009-07-14 05:33 - 0401968 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 23:14 - 2011-04-13 23:08 - 54215544 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-14 21:33 - 2012-03-14 21:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{784F5B8A-1D31-4BAD-A682-8E3131FC762C}
2012-03-14 20:04 - 2012-03-14 20:04 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B15E9425-479A-4421-A3FE-6ABF5BED320D}
2012-03-14 19:46 - 2012-03-14 19:45 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3F67D0E6-FCD7-46EB-86E2-8B7D44C78867}
2012-03-14 19:45 - 2012-03-14 19:45 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BE58192C-B8D8-4B90-B114-A8DF7ED74030}
2012-03-12 23:47 - 2012-03-12 23:47 - 0000000 ____D C:\Users\Mirko\AppData\Local\{D23A4E70-7595-4F59-823C-660A17A594B2}
2012-03-12 23:47 - 2012-03-12 23:47 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1711D047-5EDA-4C2A-A3E4-D9D514465999}
2012-03-12 23:38 - 2012-03-12 23:37 - 0000000 ____D C:\Users\Mirko\AppData\Local\{950947C9-DA09-4054-B61E-F79174DA7098}
2012-03-12 23:37 - 2012-03-12 23:37 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0DC93FE6-21C1-4D31-A3D5-42613D4C3FA6}
2012-03-11 12:51 - 2012-03-11 12:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{50CB342D-C587-49D6-A511-8A2E6640589C}
2012-03-11 12:51 - 2012-03-11 12:50 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9091A904-0C16-45DC-BC1E-81610F3B44F2}
2012-03-10 13:07 - 2012-03-10 13:07 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0A74EB33-D3AA-48C7-9D0D-E1A6918CB114}
2012-03-10 13:04 - 2011-04-19 21:56 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\vlc
2012-03-10 13:03 - 2011-04-13 23:23 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\Winamp
2012-03-10 13:01 - 2012-03-10 13:01 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E4A4E985-D429-479E-9942-1D5123435AED}
2012-03-10 13:01 - 2012-03-10 13:01 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4420D810-FED1-428D-92B8-BE4A398E6FDC}
2012-03-09 15:03 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-03-09 14:02 - 2012-03-09 14:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F7195F82-27A7-4BF6-8358-F8FB306EA2CE}
2012-03-09 14:02 - 2012-03-09 14:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E962E83B-0C8A-4B05-8CB5-F3F2F71DFB6C}
2012-03-09 12:35 - 2012-03-09 12:35 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E186CF0A-3733-40AA-8A99-0B84539A004C}
2012-03-09 12:35 - 2012-03-09 12:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1FB1BF71-85D5-45FF-9C04-677EBF9B3A25}
2012-03-08 13:58 - 2012-03-08 13:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CB9E5680-5B0D-447C-9490-3B8F3248425E}
2012-03-08 13:52 - 2012-03-08 13:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9514293D-05AB-481A-94DB-7E21F6D327AD}
2012-03-08 13:52 - 2012-03-08 13:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5E684DA0-3F5E-4B05-A87D-40BA2FFB9D25}
2012-03-08 13:51 - 2011-04-13 23:00 - 1498506 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-08 13:49 - 2012-03-08 13:49 - 0000000 ____D C:\Users\Mirko\Desktop\Neuer Ordner
2012-03-08 13:48 - 2012-03-08 13:47 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6FFEBC7C-F2AA-4C57-9B65-9698C8D2E559}
2012-03-08 13:47 - 2012-03-08 13:47 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BD5E3F62-64C0-4177-B1EE-D4B1931F6CD6}
2012-03-07 22:06 - 2012-03-07 22:06 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\WinRAR
2012-03-07 22:06 - 2012-03-07 22:06 - 0000000 ____D C:\Program Files\WinRAR
2012-03-07 21:42 - 2012-03-07 21:42 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F74A7AAE-2761-4C17-9708-B8E9A1143009}
2012-03-07 21:42 - 2012-03-07 21:42 - 0000000 ____D C:\Users\Mirko\AppData\Local\{8C40ACC5-4B2B-4643-B630-72507EC40461}
2012-03-07 20:17 - 2012-03-07 20:17 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FA4B0869-2DB8-4888-9622-6C16848B5716}
2012-03-07 20:17 - 2012-03-07 20:17 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F69BAB43-0537-43F9-B914-C9E20D31CC63}
2012-03-06 22:11 - 2012-03-06 22:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{31AD5E9D-8B5C-4CCD-90F2-FABCCFA8763D}
2012-03-06 22:10 - 2012-03-06 22:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B99276B6-9388-4AB8-ABF2-1A27C67B570A}
2012-03-06 21:30 - 2012-03-06 21:30 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A90297AE-352D-4ABF-A262-33D9837D602F}
2012-03-06 21:30 - 2012-03-06 21:29 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2EC6BC29-5557-475F-BB49-3CED94A1F910}
2012-03-05 23:31 - 2012-03-05 23:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{512CA563-6226-4F0D-876B-0914910288F0}
2012-03-05 23:31 - 2012-03-05 23:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4B924EA3-7F1B-4296-87DA-BFAD8CE8D4AE}
2012-03-05 14:01 - 2012-03-05 14:01 - 0000000 ____D C:\Users\Mirko\AppData\Local\{98BA5536-A39A-4642-8429-F67C9C4BF026}
2012-03-05 13:39 - 2012-03-05 13:39 - 0000000 ____D C:\Users\Mirko\AppData\Local\{EFB94444-2ABE-4FAF-A132-E5253D01196D}
2012-03-05 13:39 - 2012-03-05 13:39 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4D2FCFCC-DAD5-4B31-B4D1-9F6C82F0BEA4}
2012-03-04 11:57 - 2012-03-04 11:57 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C90D8238-C89F-4BE0-A376-44CF8D5F900E}
2012-03-04 11:57 - 2012-03-04 11:56 - 0000000 ____D C:\Users\Mirko\AppData\Local\{99163C48-B2DB-4602-AABA-4E65C5B21DF5}
2012-03-03 20:59 - 2011-04-13 23:34 - 0001017 ____A C:\Users\Mirko\Desktop\Dropbox.lnk
2012-03-03 20:59 - 2011-04-13 23:33 - 0000997 ____A C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-03 20:58 - 2012-03-03 20:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{77839E18-3631-49F3-9436-5712A2696897}
2012-03-01 00:59 - 2012-03-17 02:30 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-03-01 00:59 - 2012-03-17 02:30 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-03-01 00:59 - 2012-03-17 02:30 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-03-01 00:59 - 2012-03-17 02:30 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-03-01 00:59 - 2012-03-17 02:30 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-03-01 00:59 - 2012-03-17 02:30 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-03-01 00:59 - 2012-03-17 02:30 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-03-01 00:59 - 2012-03-17 02:30 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-03-01 00:59 - 2011-09-23 17:51 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-03-01 00:59 - 2011-09-23 17:51 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-03-01 00:59 - 2011-05-21 05:01 - 2301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-03-01 00:59 - 2011-02-23 07:27 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-03-01 00:59 - 2009-07-13 23:09 - 7713088 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-02-29 21:56 - 2011-09-20 00:46 - 3881792 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 21:55 - 2011-09-20 00:46 - 2719040 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-02-29 21:53 - 2011-09-20 00:46 - 2561344 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-02-29 21:53 - 2011-09-20 00:46 - 0645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 21:53 - 2011-09-20 00:46 - 0108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 21:53 - 2011-09-20 00:46 - 0062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-29 13:26 - 2012-02-29 13:26 - 0416064 ____A C:\Windows\System32\nvStreaming.exe
2012-02-27 21:11 - 2012-02-27 21:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A7672DE6-E988-4A51-84B0-5CC9833D60A3}
2012-02-27 21:10 - 2012-02-27 21:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C6A56313-37D9-4F1B-9410-658A52B5A06D}
2012-02-27 21:05 - 2012-02-27 21:05 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6B534BAF-1E47-4BCB-9779-24B400112277}
2012-02-27 20:54 - 2012-02-27 20:54 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FA003975-C086-49C8-94C6-839252838CED}
2012-02-27 20:18 - 2012-02-27 20:18 - 0000000 ____D C:\Users\Mirko\AppData\Local\{ED9056F1-C93F-446B-954E-5E8D44ED3152}
2012-02-27 19:56 - 2012-02-27 19:56 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A347AB25-F19C-4029-8E18-E3CD421C6109}
2012-02-27 19:56 - 2012-02-27 19:55 - 0000000 ____D C:\Users\Mirko\AppData\Local\{AB38F090-F74D-41B3-BD3B-9A88AA671012}
2012-02-25 20:45 - 2012-02-25 20:45 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Vorlagen
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Startmenü
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Videos
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2012-02-25 20:45 - 2012-02-25 20:45 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-02-25 18:34 - 2012-02-25 18:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{59A80B29-220D-46B3-9394-07B29A7A58AB}
2012-02-25 18:34 - 2012-02-25 18:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2DF89DFE-63F3-4052-961D-1275A8068DFF}
2012-02-24 20:13 - 2012-02-24 20:13 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3759F4B4-83A3-4B2F-A98E-E87967B579D5}
2012-02-24 20:13 - 2012-02-24 20:13 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2A9B8FDC-42A4-4C48-B378-102330A95621}
2012-02-24 19:32 - 2012-02-24 19:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BB677BEE-815B-4BB7-8653-2B74E8E51880}
2012-02-24 19:32 - 2012-02-24 19:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B27DF6A7-101E-47FE-AF31-74419004425E}
2012-02-23 09:18 - 2011-04-13 23:08 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 21:31 - 2012-02-22 21:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{AC12CA8D-B93D-43B8-A495-62806630D648}
2012-02-22 21:31 - 2012-02-22 21:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0E88C5D7-CBAE-43DD-8986-3CF710C47F6E}
2012-02-22 20:15 - 2012-02-22 20:15 - 0000000 ____D C:\Users\Mirko\AppData\Local\{05F0B6D6-55A6-4988-ADCC-7E331E1E251E}
2012-02-22 20:15 - 2012-02-22 20:14 - 0000000 ____D C:\Users\Mirko\AppData\Local\{33BE397C-68F9-40F4-89A3-9A554D2FC764}
2012-02-20 19:28 - 2012-02-20 19:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CD4E1979-64D5-41F5-8052-EB74C6867017}
2012-02-20 19:28 - 2012-02-20 19:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{474FC755-C538-401B-8685-FD460D49833D}
2012-02-20 18:49 - 2012-02-20 18:49 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C9729181-E033-49E1-B68C-B9799411299A}
2012-02-20 18:49 - 2012-02-20 18:48 - 0000000 ____D C:\Users\Mirko\AppData\Local\{197305BC-0566-438E-8E17-3D757A49FD46}
2012-02-20 18:47 - 2011-04-13 22:55 - 0000174 ___SH C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-20 18:45 - 2011-07-04 17:03 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-17 20:44 - 2011-04-13 23:21 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-02-17 19:46 - 2012-02-17 19:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C0718014-6E19-4842-9A39-B081F38CEF3C}
2012-02-17 19:46 - 2012-02-17 19:45 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A812A777-178F-4C30-A879-6603653A54B7}
2012-02-17 18:41 - 2012-02-17 18:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{93AAF228-5A47-4024-BF67-3502F2C665C9}
2012-02-17 18:41 - 2012-02-17 18:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{73BA2A76-E2C6-4AF9-B03D-6502E7C601AA}
2012-02-17 18:28 - 2012-02-17 18:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0B8CEAAD-2FAE-4468-BDE1-46C89377A5FF}
2012-02-17 18:27 - 2012-02-17 18:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9459F81F-57DD-4F76-88C8-68FA52A7FF56}
2012-02-17 06:34 - 2012-03-14 19:43 - 0826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 05:14 - 2012-03-14 19:43 - 0183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 05:13 - 2012-03-14 19:43 - 0024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 20:15 - 2012-02-15 20:15 - 0000000 ____D C:\Users\Mirko\AppData\Local\{56A74B23-5C8C-4699-9844-6C0A9BCCE419}
2012-02-15 20:15 - 2012-02-15 20:15 - 0000000 ____D C:\Users\Mirko\AppData\Local\{05730CCA-A3C7-4631-9D29-038FB1E2A904}
2012-02-15 19:35 - 2011-10-16 21:18 - 0137416 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-02-14 19:58 - 2012-02-14 19:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{41687A02-7D0E-4E36-BA19-DE20CE7E061E}
2012-02-14 19:58 - 2012-02-14 19:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{39288098-27A9-4C14-B70E-66592973B29F}
2012-02-14 18:40 - 2012-02-14 18:40 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9ABE9666-E999-4270-80EC-CB93DDBE0B7A}
2012-02-14 18:40 - 2012-02-14 18:40 - 0000000 ____D C:\Users\Mirko\AppData\Local\{40CDD55C-7B87-4E68-BBBF-7E34FBEAA8EE}
2012-02-13 20:37 - 2012-02-13 20:36 - 0000000 ____D C:\Users\Mirko\AppData\Local\{672A775A-0EDA-47E6-BF65-33AD80925A6E}
2012-02-13 20:36 - 2012-02-13 20:36 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1881B5C5-E7A8-45CF-9610-4F14DF20E69A}
2012-02-13 18:54 - 2012-02-13 18:54 - 0000000 ____D C:\Users\Mirko\AppData\Local\{71EF622F-CBF4-4875-A5C8-191BDA7652FC}
2012-02-13 18:54 - 2012-02-13 18:53 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B425B048-540A-4616-ABF0-7FE512F4D644}
2012-02-13 17:17 - 2012-02-13 17:17 - 0000000 ____D C:\Users\Mirko\AppData\Local\{93F8576F-7215-4AFF-863C-614618C61C39}
2012-02-13 17:17 - 2012-02-13 17:16 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9DE8EF9B-B021-496D-8258-2FB20B32E68D}
2012-02-12 19:17 - 2012-02-12 19:17 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E71E3684-D424-4F93-8380-297558C1A839}
2012-02-12 19:17 - 2012-02-12 19:17 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5CBDC6BE-0853-4B0F-878D-596ED4C8F9A3}
2012-02-12 18:26 - 2012-02-12 18:26 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C8CFE387-0316-4462-8D28-7A3AA4F55487}
2012-02-12 18:22 - 2012-02-12 18:22 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B546E188-F9F1-4B3C-BEC2-DD273D3B2F69}
2012-02-12 18:21 - 2012-02-12 18:21 - 0000000 ____D C:\Users\Mirko\AppData\Local\{15276D90-8AE6-4FBF-A96F-72BE257852E6}
2012-02-12 18:19 - 2012-02-12 18:18 - 0000000 ____D C:\Users\Mirko\AppData\Local\{20BA0EFF-7AB1-4FA4-BFBE-FE53102706F0}
2012-02-12 18:18 - 2012-02-12 18:18 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9923F636-61B7-4065-9A67-3EECF0210476}
2012-02-10 06:38 - 2012-03-14 19:44 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-08 23:51 - 2012-02-08 23:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DE47105B-882B-42A3-B07D-B156A545A9E1}
2012-02-08 23:51 - 2012-02-08 23:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DBA56054-7CAD-401A-9888-127D1B18204A}
2012-02-08 23:33 - 2012-02-08 23:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C23967B0-1E23-4CF5-93B5-FA9464897F89}
2012-02-08 23:32 - 2012-02-08 23:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{690BD672-95E5-4E71-87AD-AE19AFDEED6C}
2012-02-08 19:52 - 2012-02-08 19:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F55C4AA5-3576-4D57-8357-11ECDF86CDD3}
2012-02-08 19:51 - 2012-02-08 19:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{75319829-DB09-428C-93F2-53C94555C41D}
2012-02-06 17:50 - 2012-02-06 17:50 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B13CE63A-6165-43ED-BDBC-A76A92B36A15}
2012-02-06 17:49 - 2012-02-06 17:49 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9CCB3A5D-068E-4941-B791-DC2FABDE3A75}
2012-02-03 20:42 - 2012-02-03 20:42 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1ECF584D-22A3-4092-8CDB-CBB68E295F6D}
2012-02-03 18:52 - 2012-02-03 18:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E721D3DB-5FB8-4A04-A95C-A93851260615}
2012-02-03 18:52 - 2012-02-03 18:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{D4331679-B067-4DBE-B65D-B2926DCD3B0B}
2012-02-03 04:54 - 2012-03-14 19:44 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 21:21 - 2012-02-02 21:21 - 0000000 ____D C:\Users\Mirko\AppData\Local\{24409264-137C-403C-B2FE-B4A8456D06CA}
2012-02-02 21:21 - 2012-02-02 21:20 - 0000000 ____D C:\Users\Mirko\AppData\Local\{40F5A90E-5BD6-4D90-8C69-26CE195BBC27}
2012-02-02 20:40 - 2012-02-02 20:40 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2D4EADF6-ED72-4736-85BA-D94E112E169E}
2012-02-02 20:40 - 2012-02-02 20:40 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0F7152F9-62C2-48F5-9296-36DDC5A93622}
2012-02-02 19:27 - 2012-02-02 19:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4CF9C31A-C872-4E8C-9501-16AF8F5585D0}
2012-02-02 19:27 - 2012-02-02 19:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{31316BAC-DAFB-4D08-9321-A3C3D679443E}
2012-02-01 23:12 - 2012-02-01 23:12 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BE29F7C4-F240-44B1-8409-2BBE8312537C}
2012-02-01 21:49 - 2012-02-01 21:49 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5E8E8B79-FCBC-4686-9A10-EB83FB72E1C0}
2012-02-01 21:27 - 2012-02-01 21:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B8B9D7D4-B93F-4C58-9DC2-EC034C197FAD}
2012-02-01 21:27 - 2012-02-01 21:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B4419D61-48B1-4AD5-BD6D-7990538122AB}
2012-02-01 21:27 - 2012-02-01 21:27 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2283B092-CA73-4BE2-BDC2-18F400090FF9}
2012-02-01 20:24 - 2012-02-01 20:24 - 0000000 ____D C:\Users\Mirko\AppData\Local\{7DDB9154-DA94-4EE5-B0A5-C8D3558A2AFC}
2012-02-01 20:24 - 2012-02-01 20:24 - 0000000 ____D C:\Users\Mirko\AppData\Local\{7497A17B-5B2B-4F04-A7D1-616182784FCE}
2012-02-01 19:33 - 2012-02-01 19:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{52455798-5646-4F1F-874E-FE617BB032D4}
2012-02-01 19:33 - 2012-02-01 19:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C20F62DF-8684-496D-A487-9DF0525A62C8}
2012-01-31 21:35 - 2012-01-31 21:35 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B65AC318-55E9-44AF-9832-A3E1FF0FCE1E}
2012-01-31 21:35 - 2012-01-31 21:35 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A58DE2F4-E556-4843-A24A-0CA797F5482E}
2012-01-31 19:59 - 2012-01-31 19:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{49137185-2849-480B-84EE-9CDF1A0CCD83}
2012-01-31 19:58 - 2012-01-31 19:58 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3C8E2D89-7B0F-4401-B9EA-1A4185F3C9DA}
2012-01-30 23:19 - 2012-01-30 23:19 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A44DAB0D-B185-420E-9C33-74F31F2F51AC}
2012-01-30 23:19 - 2012-01-30 23:19 - 0000000 ____D C:\Users\Mirko\AppData\Local\{20AF7421-3A7D-4D9B-891C-9A047C1FEEC5}
2012-01-30 23:18 - 2012-01-30 23:18 - 0000000 ____D C:\Users\Mirko\AppData\Local\{929151AF-7542-4E83-9216-B2DF83CBEE34}
2012-01-30 23:18 - 2012-01-30 23:18 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5EF2E0DB-5A08-4993-9C3A-0954F0BA5D0D}
2012-01-30 18:04 - 2012-01-30 18:04 - 0000000 ____D C:\Users\All Users\SplitMediaLabs
2012-01-30 18:04 - 2012-01-30 18:04 - 0000000 ____D C:\ProgramData\SplitMediaLabs
2012-01-30 18:04 - 2012-01-30 18:04 - 0000000 ____D C:\Program Files\SplitMediaLabs
2012-01-30 18:03 - 2012-01-30 18:03 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\SplitMediaLabs
2012-01-30 17:52 - 2012-01-30 17:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C59F6B62-4C0C-4F6B-9586-8E010BC5C3A9}
2012-01-30 17:51 - 2012-01-30 17:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3257EBC3-F843-40D5-BC78-D24D945CC7AC}
2012-01-29 23:05 - 2012-01-29 23:05 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6AA4CD06-FFD3-4B9A-A35C-33A45DFAA467}
2012-01-29 23:05 - 2012-01-29 23:05 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5F5343C0-227B-4F86-8404-5F34266B7AB7}
2012-01-29 22:46 - 2012-01-29 22:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{7E0534DD-A17F-4B91-83DB-BA800AF671C5}
2012-01-29 22:46 - 2012-01-29 22:45 - 0000000 ____D C:\Users\Mirko\AppData\Local\{ED3B5FC6-FFA1-4404-99E0-EAC22FA9564A}
2012-01-29 20:41 - 2012-01-29 20:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{8704A40D-3703-4246-A9A2-7BD8CBE47619}
2012-01-29 20:41 - 2012-01-29 20:40 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E64D65E4-F894-4BF4-A96C-0F6C3E78BF14}
2012-01-29 17:52 - 2012-01-29 17:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{7AF5CE5B-6AA8-4E75-B9A5-0CAB144E54C1}
2012-01-29 17:52 - 2012-01-29 17:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{33CAE601-2212-4364-84EF-A8A19938EC8B}
2012-01-29 16:42 - 2011-07-27 17:52 - 0000000 ____D C:\Users\Mirko\AppData\Roaming\Xfire
2012-01-29 16:42 - 2011-07-27 17:52 - 0000000 ____D C:\Users\All Users\Xfire
2012-01-29 16:42 - 2011-07-27 17:52 - 0000000 ____D C:\ProgramData\Xfire
2012-01-29 16:14 - 2012-01-29 16:14 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F785EE98-61F7-45A7-A9CF-AC28C56B847C}
2012-01-29 16:14 - 2012-01-29 16:14 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C5DAAA6B-0947-4215-B0D7-AAAC705DD200}
2012-01-28 15:21 - 2012-01-28 15:21 - 0000000 ____D C:\Users\Mirko\AppData\Local\{CE33B3F1-ED04-417E-AB0A-1B432DD945D5}
2012-01-28 15:21 - 2012-01-28 15:21 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0E6DEB0B-C50E-469C-989A-31DC415F6ABA}
2012-01-27 20:19 - 2012-01-27 20:19 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A2CB42F6-C06A-4F49-A65F-E958EE3E9447}
2012-01-27 20:19 - 2012-01-27 20:19 - 0000000 ____D C:\Users\Mirko\AppData\Local\{22A8D8B2-7D28-470C-B23A-2AE50E1B5993}
2012-01-26 23:02 - 2012-01-26 23:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{AEF8930B-BEFB-4510-BB82-939D3B433627}
2012-01-26 23:02 - 2012-01-26 23:01 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E8AD47A4-71FF-46B2-A26F-C79266EF4328}
2012-01-26 22:33 - 2012-01-26 22:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1F957309-E8AB-496A-B869-44FF4156D022}
2012-01-26 22:33 - 2012-01-26 22:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{71971D7C-13FF-451B-B2D4-6A0A2E7C807F}
2012-01-25 20:06 - 2012-01-25 20:06 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6758638D-9579-42C6-B29C-94EE0590E432}
2012-01-25 20:04 - 2012-01-25 20:03 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B3E97ED0-75DF-4C80-9E7A-F8F00736AB2D}
2012-01-25 20:03 - 2012-01-25 20:03 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C8D06197-74F5-499D-A1CA-837FEE6018BC}
2012-01-25 06:32 - 2012-03-14 19:43 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:32 - 2012-03-14 19:43 - 0058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27 - 2012-03-14 19:43 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 20:28 - 2012-01-24 20:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{ADD9C292-6486-4CF8-8309-10A386B3B632}
2012-01-24 20:28 - 2012-01-24 20:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{827DD93F-B0A7-4324-AF9E-366A4C842FA4}
2012-01-24 20:07 - 2012-01-24 20:07 - 0000000 ____D C:\Users\Mirko\AppData\Local\{10808522-1702-4479-A511-8AD2D192FB0E}
2012-01-24 20:07 - 2012-01-24 20:06 - 0000000 ____D C:\Users\Mirko\AppData\Local\{549F9B7A-F8B9-4365-8C8D-99DEB6F05D7D}
2012-01-24 20:02 - 2012-01-24 20:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{D60C8C79-AE2F-4E4D-84DD-B7DC65D83CDE}
2012-01-24 19:52 - 2012-01-24 19:52 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B62F2CCA-2E6B-4B13-9F06-2AE306CBFD7D}
2012-01-24 19:52 - 2012-01-24 19:51 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2EAC2DBA-B7F0-4D57-BA64-85F511DEB91C}
2012-01-21 23:22 - 2012-01-21 23:21 - 0000000 ____D C:\Users\Mirko\AppData\Local\{40BEABDB-A50B-4C01-8C1D-BFF560E2B69F}
2012-01-21 23:21 - 2012-01-21 23:21 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A43DF208-110B-48F4-AF53-5AB47CD75F13}
2012-01-21 21:25 - 2012-01-21 21:25 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2F672718-5A3F-4D3A-A9F7-B523D861455D}
2012-01-21 21:25 - 2012-01-21 21:25 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2D5FD7FF-B555-463D-AD9A-14C997ABB35D}
2012-01-20 16:34 - 2012-01-20 16:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F95D12D4-49D1-43C0-AE6D-965D522EA3DA}
2012-01-20 16:34 - 2012-01-20 16:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{73ADDC5C-7C7A-415D-B013-E1AC29D4C365}
2012-01-19 22:48 - 2012-01-19 22:48 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B422F259-5B3F-4811-A202-F6E645D2EE9C}
2012-01-19 22:48 - 2012-01-19 22:48 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0D23FCB0-B926-4E58-8CA4-82AC0D998EB9}
2012-01-19 17:33 - 2012-01-19 17:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C90C45EE-66AE-4A9E-9FAB-DAC7F12B56CD}
2012-01-19 17:32 - 2012-01-19 17:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{55BC3870-E44D-4337-AC44-BF591E563D44}
2012-01-19 10:19 - 2011-10-12 20:24 - 0014977 ____A C:\Users\Mirko\Documents\plot.log
2012-01-19 10:15 - 2012-01-19 10:15 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A2894117-DC50-4350-B07F-B0BF2DE51491}
2012-01-19 10:15 - 2012-01-19 10:15 - 0000000 ____D C:\Users\Mirko\AppData\Local\{49A8924E-AE3B-42B3-94EF-E64A961AEFB0}
2012-01-18 21:46 - 2012-01-18 21:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FD987520-D696-4B60-9869-A1E97EDFA95F}
2012-01-18 21:46 - 2012-01-18 21:46 - 0000000 ____D C:\Users\Mirko\AppData\Local\{7B44B835-9538-479C-B289-E2CB6B4509C6}
2012-01-18 21:24 - 2012-01-18 21:24 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0A84149A-FD42-4C78-83AA-D7D119A08C1E}
2012-01-18 21:24 - 2012-01-18 21:23 - 0000000 ____D C:\Users\Mirko\AppData\Local\{7189FAD6-7B45-481D-B5C3-5C6F779C3B4F}
2012-01-18 21:13 - 2012-01-18 21:13 - 0000000 ____D C:\Users\Mirko\AppData\Local\{72D29145-9F1A-4126-85E9-CC303C6B449E}
2012-01-18 21:13 - 2012-01-18 21:12 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DE683757-469E-4673-9783-E1CB04125A5E}
2012-01-18 19:30 - 2011-04-13 22:54 - 0000000 ____D C:\Users\Mirko\AppData\Local\VirtualStore
2012-01-18 16:05 - 2012-01-18 15:42 - 0225334 ____A C:\Users\Mirko\Documents\Hauptansicht ALLES ZICKE ZACKE.pdf
2012-01-18 15:15 - 2012-01-18 15:14 - 0000000 ____D C:\Users\Mirko\AppData\Local\{66B9C758-901B-4F04-AA6F-74AE2CEFF07B}
2012-01-18 15:14 - 2012-01-18 15:14 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E55A2336-2DF7-4A62-AECC-09D7DE9AA2FF}
2012-01-17 22:55 - 2012-01-17 22:55 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FB5F76AE-F017-4C7D-8D9D-D1E762207B75}
2012-01-17 22:55 - 2012-01-17 22:55 - 0000000 ____D C:\Users\Mirko\AppData\Local\{083E0F94-F402-4E7D-A9F1-1E17C08BDCF3}
2012-01-17 22:04 - 2012-01-17 22:04 - 0000000 ____D C:\Users\Mirko\AppData\Local\{83C26C30-CC78-4759-906B-ACA02CFE2CE6}
2012-01-17 22:04 - 2012-01-17 22:03 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9B631580-1CB1-4E73-A6B3-A3214AACC9B5}
2012-01-17 17:41 - 2012-01-17 17:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{AB2F86A4-045B-4A00-B5E9-51DA67C070FF}
2012-01-17 17:41 - 2012-01-17 17:40 - 0000000 ____D C:\Users\Mirko\AppData\Local\{ACC20186-CC10-42C4-AADE-91944C413627}
2012-01-17 17:33 - 2012-01-17 17:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{EB93ECFC-627A-40CD-8807-1F5AB6C686B6}
2012-01-17 17:32 - 2012-01-17 17:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FC242A83-EA31-4571-88DF-591587F88522}
2012-01-15 21:53 - 2012-01-15 21:53 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A6F3D785-39E7-4F70-BB3A-68BB183F265C}
2012-01-15 21:53 - 2012-01-15 21:53 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6277578E-9F1B-43F4-86DF-A7F05B144E7F}
2012-01-15 21:39 - 2012-01-15 21:39 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1B8A624E-D9E8-4B66-82C9-8DBB753B12DA}
2012-01-15 21:39 - 2012-01-15 21:39 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0EBF51E1-6D18-4580-A557-B4BF894840B5}
2012-01-15 17:44 - 2012-01-15 17:44 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FF0AE5A6-A84C-4CF1-97F6-B9AA60487EAB}
2012-01-15 17:44 - 2012-01-15 17:44 - 0000000 ____D C:\Users\Mirko\AppData\Local\{06CDA789-805E-4F44-BDA2-BE932C761287}
2012-01-14 20:34 - 2012-01-14 20:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{393FAD55-364E-411F-9B85-EBFFFACF85C9}
2012-01-14 20:34 - 2012-01-14 20:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5D69A229-B824-437C-AD6F-8B9E56E6A93A}
2012-01-13 20:33 - 2012-01-13 20:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F4EA8F50-0769-4D77-9BE6-973134E23AB6}
2012-01-13 20:33 - 2012-01-13 20:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6E5AB6E7-B3D6-4C23-B3E8-7A58F0F2AD4D}
2012-01-13 18:47 - 2012-01-12 20:21 - 3604454 ____A C:\Users\Mirko\Desktop\KP3 Hauptansicht 3.0 beschriftet final.dwg
2012-01-13 18:31 - 2012-01-13 18:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{18B5E386-0F11-40E0-91EF-2EBD3611DD9A}
2012-01-13 18:25 - 2012-01-13 18:25 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C2002901-AC08-4876-8A37-A45CB932D9A5}
2012-01-13 17:29 - 2012-01-13 17:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3A281466-702F-41C3-A767-F7796BD5D326}
2012-01-13 17:28 - 2012-01-13 17:28 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A0A73958-F887-488A-83BF-B0997B81BCFA}
2012-01-13 17:09 - 2012-01-13 17:09 - 0000000 ____D C:\Users\Mirko\AppData\Local\{2F3F527D-546D-4E3A-8E40-3817F567E72D}
2012-01-13 17:09 - 2012-01-13 17:08 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A4CF08B1-9B64-4A2B-A3E9-278E5B65B050}
2012-01-12 21:33 - 2012-01-12 21:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{90506DFD-77F2-4FD8-AEE1-A826CA8A5758}
2012-01-12 21:33 - 2012-01-12 21:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5DD3A4E6-FF9A-486A-AFBB-35D675A36871}
2012-01-12 21:31 - 2012-01-12 21:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B8DD4FEA-321A-4C5D-A0C5-182A269D169D}
2012-01-12 21:31 - 2012-01-12 21:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{ABB1E034-B2E1-44D7-9254-DAA2D054F652}
2012-01-12 20:06 - 2012-01-12 20:06 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9580BBE7-589C-4889-8FD2-8E9EDC475992}
2012-01-12 20:06 - 2012-01-12 20:06 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3F062D39-616B-4F84-BF48-AE0C0B51A394}
2012-01-12 18:38 - 2012-01-12 18:37 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9377C15F-5CFD-4DEC-8852-D7F197A1AA6B}
2012-01-12 18:37 - 2012-01-12 18:37 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DB632091-A552-4B83-AB73-80F9CE04E456}
2012-01-11 22:08 - 2012-01-11 22:08 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FDE99EF9-A11E-4751-8C4C-2B5A17479E6A}
2012-01-11 22:08 - 2012-01-11 22:08 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A9B17BE1-30C0-4B52-AFB8-98127384F1DA}
2012-01-11 21:44 - 2012-01-11 21:44 - 0000000 ____D C:\Users\Mirko\AppData\Local\{A7156A79-DB67-435C-82FD-D07D06E7D927}
2012-01-11 21:44 - 2012-01-11 21:44 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0FAFD9A3-EEB7-43B3-843A-3D9F2B55D0A5}
2012-01-10 19:50 - 2012-01-10 19:50 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5F2F18CF-5ACD-4017-8EC0-ADBD36D87AA9}
2012-01-10 19:50 - 2012-01-10 19:50 - 0000000 ____D C:\Users\Mirko\AppData\Local\{26FE46E8-FD06-4586-8472-9B6BB634027E}
2012-01-09 19:58 - 2012-01-09 19:57 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9E7A628C-BEF5-4209-B254-C9D819B67C1C}
2012-01-09 19:57 - 2012-01-09 19:57 - 0000000 ____D C:\Users\Mirko\AppData\Local\{8B5726E9-5CD5-44F4-917A-4CAE5FA18803}
2012-01-09 18:30 - 2012-01-09 18:30 - 0000000 ____D C:\Users\Mirko\AppData\Local\{517C0C54-44B7-4429-AE11-442FDA567692}
2012-01-09 18:30 - 2012-01-09 18:29 - 0000000 ____D C:\Users\Mirko\AppData\Local\{D8CF11F8-B674-4BF8-9B45-0F1F2EAFCD38}
2012-01-08 19:50 - 2012-01-08 19:49 - 0000000 ____D C:\Users\Mirko\AppData\Local\{023D3B27-3597-46E6-84E7-ED84D8EED1AD}
2012-01-08 19:49 - 2012-01-08 19:49 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C9DB2034-F97D-47A1-BFAB-B42FBD3F16D5}
2012-01-08 19:29 - 2012-01-08 19:29 - 0000000 ____D C:\Users\Mirko\AppData\Local\{58B156B4-14C9-4724-B4AA-C45430898C66}
2012-01-08 19:29 - 2012-01-08 19:29 - 0000000 ____D C:\Users\Mirko\AppData\Local\{542DE498-EA06-474F-A12A-F003DCB3FFA4}
2012-01-08 17:43 - 2012-01-08 17:43 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E1B533C9-FC13-417F-85CB-4911F201A64E}
2012-01-08 17:43 - 2012-01-08 17:43 - 0000000 ____D C:\Users\Mirko\AppData\Local\{97454D99-6266-4E83-925E-F3BC1860D221}
2012-01-06 21:07 - 2012-01-06 21:06 - 0000000 ____D C:\Users\Mirko\AppData\Local\{BE4751C6-66DE-4B5B-AB1B-D8F38DF74C18}
2012-01-06 21:06 - 2012-01-06 21:06 - 0000000 ____D C:\Users\Mirko\AppData\Local\{E0AE547C-559F-49DC-AEC8-6B1152DC4F97}
2012-01-06 13:22 - 2012-01-06 13:22 - 0000000 ____D C:\Users\Mirko\AppData\Local\{FD8CD1F1-AC34-4E81-9460-2E2A50121FBD}
2012-01-06 13:22 - 2012-01-06 13:22 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6AB81258-5814-4B01-861A-78B4178DD47B}
2012-01-05 20:59 - 2012-01-05 20:59 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DDE45469-F234-4962-A307-070A195FDC16}
2012-01-05 20:59 - 2012-01-05 20:59 - 0000000 ____D C:\Users\Mirko\AppData\Local\{65E7346C-F1FB-4C0F-9893-E9FB81F90B85}
2012-01-05 18:11 - 2012-01-05 18:11 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F79A4206-DCD2-4756-8DA9-A1FAD101F62D}
2012-01-05 18:11 - 2012-01-05 18:11 - 0000000 ____D C:\Users\Mirko\AppData\Local\{D7BEC406-BFC2-4D9F-99C9-6ACFB4BFD97F}
2012-01-05 17:55 - 2012-01-05 17:54 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6466477B-7C02-4A07-95EA-54C48519E894}
2012-01-05 17:54 - 2012-01-05 17:54 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5B3A5000-1EDF-426F-BF9E-3133297353B8}
2012-01-04 09:59 - 2012-02-17 18:37 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 09:58 - 2012-02-17 18:37 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-03 23:03 - 2012-01-03 23:03 - 0000000 ____D C:\Users\Mirko\AppData\Local\{DA4FEF58-EA58-4FEF-917E-6A03C25CA1E7}
2012-01-03 23:03 - 2012-01-03 23:03 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9B11EFFC-7680-4EA1-AB3E-62CE55DFA94D}
2012-01-02 23:12 - 2011-09-29 22:38 - 0215104 ____A C:\Windows\System32\PnkBstrB.xtr
2012-01-02 23:12 - 2011-09-29 22:36 - 0138576 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2012-01-02 23:12 - 2011-09-29 22:35 - 0215104 ____A C:\Windows\System32\PnkBstrB.exe
2012-01-02 23:12 - 2011-09-29 22:35 - 0215104 ____A C:\Windows\System32\PnkBstrB.ex0
2012-01-02 18:26 - 2012-01-02 18:26 - 0000000 ____D C:\Users\Mirko\AppData\Local\{B20C7B42-7E5B-4792-B6A8-98FEF53C7B03}
2012-01-02 18:26 - 2012-01-02 18:26 - 0000000 ____D C:\Users\Mirko\AppData\Local\{15DA01A5-57BE-495C-9C40-78DBBD5DEE79}
2012-01-02 18:00 - 2012-01-02 18:00 - 0000000 ____D C:\Users\Mirko\AppData\Local\{54C0DB39-56ED-4EF6-8B71-3D1091094A8B}
2012-01-02 18:00 - 2012-01-02 18:00 - 0000000 ____D C:\Users\Mirko\AppData\Local\{39BA6554-8F6C-441C-AE53-D14F7F0AA9DC}
2012-01-01 21:08 - 2012-01-01 21:08 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0558B176-67DE-4CC8-81C8-9920D66C22C6}
2012-01-01 19:34 - 2012-01-01 19:34 - 0000000 ____D C:\Users\Mirko\AppData\Local\{265CBF83-2626-40B6-89F2-7AEE330F8C03}
2012-01-01 19:34 - 2012-01-01 19:33 - 0000000 ____D C:\Users\Mirko\AppData\Local\{ED06FB6B-D27B-45F9-AEDA-41C3361CF57F}
2012-01-01 19:11 - 2012-01-01 19:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{0AB96484-0C64-46AC-B4AC-41B68C4C8409}
2012-01-01 19:10 - 2012-01-01 19:10 - 0000000 ____D C:\Users\Mirko\AppData\Local\{9EC7F9D5-06BA-4D53-B2A3-0183A5E0C0F0}
2011-12-30 06:27 - 2012-02-17 18:37 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 17:41 - 2011-12-29 17:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{7BE3AA81-5964-4881-87A7-761B22B0E88B}
2011-12-29 17:40 - 2011-12-29 17:40 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4A87D633-085E-449D-8B7F-AFE041FDBFCF}
2011-12-28 16:32 - 2011-12-28 16:32 - 0000000 ____D C:\Users\Mirko\AppData\Local\{8CEB7CA5-9C80-452D-B473-BA2779BDE3DC}
2011-12-28 16:32 - 2011-12-28 16:31 - 0000000 ____D C:\Users\Mirko\AppData\Local\{149B29B1-5EDE-42AD-AC2B-ED341AC7D429}
2011-12-26 23:06 - 2011-12-26 23:05 - 0000000 ____D C:\Users\Mirko\AppData\Local\{AD092132-7479-4471-BEEF-44E4840E5CEE}
2011-12-26 23:05 - 2011-12-26 23:05 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C13D13B8-7056-4561-AD35-4B0085C65D6C}
2011-12-26 23:04 - 2011-12-26 23:04 - 0160896 ____A C:\Windows\Minidump\122611-17066-01.dmp
2011-12-26 23:04 - 2011-04-29 11:10 - 0000000 ____D C:\Windows\Minidump
2011-12-26 22:26 - 2011-12-26 22:25 - 0000000 ____D C:\Users\Mirko\AppData\Local\{1973059E-E4FF-463A-B049-E615094267DA}
2011-12-26 22:25 - 2011-12-26 22:25 - 0000000 ____D C:\Users\Mirko\AppData\Local\{5D3AC197-376C-4F72-96D8-F288D2534CAF}
2011-12-23 15:58 - 2011-12-23 15:57 - 0000000 ____D C:\Users\Mirko\AppData\Local\{78185444-6EC8-4F48-A680-C7DC140E5DD8}
2011-12-23 15:57 - 2011-12-23 15:57 - 0000000 ____D C:\Users\Mirko\AppData\Local\{6ECD3517-1B6F-4FA6-924A-78AE7095C779}
2011-12-22 16:44 - 2011-12-22 16:44 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3BB94B50-17D9-4B27-876F-BA8C31C0B53C}
2011-12-22 16:44 - 2011-12-22 16:43 - 0000000 ____D C:\Users\Mirko\AppData\Local\{742D80DA-F9A7-44D4-B41B-E73C85DAD0FB}
2011-12-21 20:02 - 2011-12-21 20:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{C76B0CB6-6C4C-4689-AFF0-7667DFB8F4AC}
2011-12-21 20:02 - 2011-12-21 20:02 - 0000000 ____D C:\Users\Mirko\AppData\Local\{3227CF3A-814E-4D9F-8278-832B4E89E44A}
2011-12-20 20:55 - 2011-12-20 20:55 - 0000000 ____D C:\Users\Mirko\AppData\Local\{F9BE31C3-BB40-4CC8-96A4-0B1A9CEEF2F4}
2011-12-20 20:55 - 2011-12-20 20:55 - 0000000 ____D C:\Users\Mirko\AppData\Local\{4AFE71DD-3F61-44B9-B19F-C7CAC68A1821}
2011-12-20 17:41 - 2011-12-20 17:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{EF648636-8A74-4732-9895-4FADDB886B64}
2011-12-20 17:41 - 2011-12-20 17:41 - 0000000 ____D C:\Users\Mirko\AppData\Local\{111D46F9-133C-4E75-A29F-D82CA3999263}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4095.11 MB
Available physical RAM: 3585.2 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3596.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.3 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:58.5 GB) (Free:16.4 GB) NTFS
3 Drive e: () (Fixed) (Total:407.17 GB) (Free:78.67 GB) NTFS
5 Drive g: (GRMCHPFREO_DE_DVD) (CDROM) (Total:2.29 GB) (Free:0 GB) UDF
6 Drive h: () (Removable) (Total:3.7 GB) (Free:3.7 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status        Gr”áe    Frei    Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B       
  Datentr„ger 1    Online        3801 MB      0 B       

Partitions of Disk 0:
===============

  Partition ###  Typ              Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            100 MB  1024 KB
  Partition 2    Prim„r              58 GB  101 MB
  Partition 3    Prim„r            407 GB    58 GB

======================================================================================================

Disk: 0
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2    Y  System-rese  NTFS  Partition    100 MB  Fehlerfre         

======================================================================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3    C                NTFS  Partition    58 GB  Fehlerfre         

======================================================================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4    E                NTFS  Partition    407 GB  Fehlerfre         

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Typ              Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            3800 MB    31 KB

======================================================================================================

Disk: 1
Partition 1
Typ      : 0B
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5    H                FAT32  Wechselmed  3800 MB  Fehlerfre         

======================================================================================================

==========================================================

Last Boot: 2012-03-10 14:05

======================= End Of Log ==========================

Swisstreasure 18.03.2012 22:58
Kannst Du Malwarebytes nun ausführen?

jürgen69 18.03.2012 23:01
Soll ich einfach den PC neustarten und versuchen, ob ich wieder ins Windows komme?
Oder muss ich erst mit dem Farbar tool den fix durchführen?Habe das bisher ja nur zum scannen genommen...

Swisstreasure 18.03.2012 23:06
Versuche einmal zu Starten und schau obs geht.

jürgen69 18.03.2012 23:14
Hat sich leider nichts verändert... Allerdings kam diesmal der Virusbildschirm erst nach ca 5 Sekunden und in dieser Zeit konnte ich auf den Arbeitsplatz klicken... Darauf kann ich jetzt (trotz Virusbildschirm) zugreifen. Ich versuche jetzt mal Malwarebytes von einem anderen PC per usb stick rüberzuziehen.... Vielleicht funktioniert das ja :)

Swisstreasure 18.03.2012 23:15
Genau :) Wobei ob ich denke dass es blockiert wird :(

jürgen69 18.03.2012 23:19
quick scan läuft gerade :)

Swisstreasure 18.03.2012 23:24
So sollte es sein :) Besser wäre gewesen ein Fullscan :)

jürgen69 18.03.2012 23:27
Drei Objekte gefunden und erfolgreich eliminiert :)
Windows läuft wieder normal!
Meine Vorgehensweise war jetzt zwar nicht ganz logisch, aber ich bin wohl einfach zu schnell für den Virus gewesen :lach:

Bin ich jetzt wieder auf der sicheren Seite, wenn ich nochmal nen fullscan mache und Antivir mal durchlaufen lasse?

Swisstreasure 18.03.2012 23:29
Poste mir bitte das Log von Malwarebytes. Danach:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

jürgen69 18.03.2012 23:40
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.18.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mirko :: MIRKO-PC [Administrator]

Schutz: Aktiviert

19.03.2012 00:17:50
mbam-log-2012-03-19 (00-17-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211585
Laufzeit: 3 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Mirko\AppData\Local\Temp\0.6773563434665045.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Mirko\AppData\Local\Temp\0.6773563434665045.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.
C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6773563434665045.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Swisstreasure 19.03.2012 10:41
Mach noch OTL und poste das Log.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131