| Filzkopp | 16.07.2012 22:58 |
Virus/Trojaner Bundespolizei
Hallo,
ich bin neu hier und ich hoffe ich mache keine Fehler.
Meine Freundin bekommt nach dem Booten ein Fenster der Bundespolizei angezeigt in dem es um Kinderpornos geht. Ich habe schon ein bischen hier herrum geguckt und gelesen dass jeder ein neues Thema eröffnen soll mit OTL Logfile. Ich hoffe ihr könnt helfen denn sie braucht den Laptop um eine Hausarbeit zu schreiben. Vielen Dank Code:
OTL logfile created on: 16.07.2012 20:35:12 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Cristina\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 72,99% Memory free
5,49 Gb Paging File | 4,83 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 65,19 Gb Free Space | 58,26% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 110,54 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
Drive H: | 1,85 Gb Total Space | 1,53 Gb Free Space | 82,87% Space Free | Partition Type: FAT
Computer Name: LIEBER-PC | User Name: Cristina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.16 20:31:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Cristina\Desktop\OTL.exe
PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.05.09 09:39:21 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.05.09 09:39:21 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.09 09:39:22 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.07.12 21:50:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 09:39:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 09:39:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.08.03 22:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2012.05.09 09:39:22 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 09:39:22 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.03 22:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.02.09 10:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2007.09.10 09:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 78 71 9E 9A 10 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F315288E-A89B-40D4-956B-9AC2247838DA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cristina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.28 23:52:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.26 09:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012.04.26 09:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cristina\AppData\Roaming\mozilla\Extensions
[2012.04.26 09:44:00 | 000,564,731 | ---- | M] () (No name found) -- C:\USERS\CRISTINA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\95INOTL6.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Ybiqsiu] C:\Users\Cristina\AppData\Roaming\Tuhex\yvep.exe ()
O4 - Startup: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cristina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4026B8-5219-465B-842F-9C33E5D5033A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2F203E1-9FC6-4F8E-BE00-2C7F02DB1FF6}: DhcpNameServer = 81.173.194.76 81.173.194.69
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.16 20:31:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Cristina\Desktop\OTL.exe
[2012.07.16 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Cristina\AppData\Roaming\Udze
[2012.07.16 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Cristina\AppData\Roaming\Tuhex
[2012.07.16 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Cristina\AppData\Roaming\Asygah
[2012.07.12 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Cristina\Desktop\Dancehall
[2012.07.12 18:31:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 18:31:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 18:31:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 18:31:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 18:31:29 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 18:31:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 18:31:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 18:29:08 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 08:46:56 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.12 08:46:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.12 08:46:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.11 22:16:50 | 000,000,000 | ---D | C] -- C:\Users\Cristina\Desktop\RASTA LOVE
[2012.07.10 21:24:35 | 000,681,256 | ---- | C] (Guillemot) -- C:\Windows\System32\WebCamPropertyWindow.dll
[2012.07.10 21:24:35 | 000,457,984 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PAC7302.SYS
[2012.07.10 21:24:35 | 000,073,728 | ---- | C] (Sonix) -- C:\Windows\System32\BurnerApLib.dll
[2012.07.10 21:24:35 | 000,023,848 | ---- | C] (Guillemot Corporation S.A.) -- C:\Windows\System32\libcmmn.dll
[2012.07.10 21:24:34 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\System32\SP7302.AX
[2012.07.10 21:24:34 | 000,099,968 | ---- | C] (Guillemot Corporation) -- C:\Windows\System32\drivers\hxctlflt.sys
[2012.07.10 21:24:34 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.07.10 21:24:01 | 000,000,000 | ---D | C] -- C:\Users\Cristina\AppData\Roaming\InstallShield
[2012.07.10 18:09:36 | 000,000,000 | ---D | C] -- C:\Users\Cristina\Desktop\Bus
[2012.07.10 00:12:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.07.09 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\Cristina\Desktop\Viedeos
[2012.06.28 14:33:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.06.27 14:43:40 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2012.06.22 17:41:59 | 000,000,000 | ---D | C] -- C:\Users\Cristina\Desktop\Fotos!!!
[2012.06.21 17:09:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 17:09:27 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 17:09:17 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 17:09:16 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 17:09:16 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 17:09:07 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 17:09:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.21 00:11:31 | 000,000,000 | ---D | C] -- C:\Users\Cristina\Desktop\Wohnung
[2012.06.16 23:00:03 | 000,000,000 | ---D | C] -- C:\Users\Cristina\AppData\Local\Diagnostics
========== Files - Modified Within 30 Days ==========
[2012.07.16 20:31:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Cristina\Desktop\OTL.exe
[2012.07.16 20:24:35 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.16 20:24:35 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.16 20:24:35 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.16 20:24:35 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.16 20:20:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 20:20:07 | 2213,154,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 20:13:52 | 000,025,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 20:13:52 | 000,025,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 20:07:08 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.16 20:00:44 | 000,001,889 | ---- | M] () -- C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.16 19:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.16 17:43:08 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4031334544-1083930169-49864545-1000UA.job
[2012.07.16 17:31:48 | 003,877,737 | ---- | M] () -- C:\Users\Cristina\Desktop\BA- Evi, Korrektur.odt
[2012.07.16 03:39:06 | 000,032,530 | ---- | M] () -- C:\Users\Cristina\Desktop\Bericht Fachpraktikum.odt
[2012.07.15 23:43:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4031334544-1083930169-49864545-1000Core.job
[2012.07.12 21:50:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 21:50:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 19:48:40 | 000,299,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 22:16:34 | 096,982,129 | ---- | M] () -- C:\Users\Cristina\Desktop\RASTA LOVE.rar
[2012.07.10 11:09:33 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.07.04 22:55:41 | 000,014,565 | ---- | M] () -- C:\Users\Cristina\Desktop\Urlaubsantrag Bafög.odt
[2012.06.29 22:44:13 | 000,023,719 | ---- | M] () -- C:\Users\Cristina\Documents\Unterschrift.jpg
[2012.06.29 22:43:30 | 000,007,338 | ---- | M] () -- C:\Users\Cristina\Documents\Unteschrift.jpg
[2012.06.29 21:49:08 | 001,056,214 | ---- | M] () -- C:\Users\Cristina\Documents\Mietvertrag 2.jpg
[2012.06.29 21:48:58 | 001,123,952 | ---- | M] () -- C:\Users\Cristina\Documents\Mietvertrag 1.jpg
[2012.06.28 12:18:46 | 000,047,071 | ---- | M] () -- C:\Users\Cristina\Documents\Untermietvertrag Sept.-Mär..pdf
[2012.06.28 10:52:36 | 000,042,540 | ---- | M] () -- C:\Users\Cristina\Documents\Untermietvertrag Aug.-Sept..pdf
[2012.06.28 09:11:54 | 000,095,814 | ---- | M] () -- C:\Users\Cristina\Documents\Modulo di accettazione Cristina Imbrenda.pdf
[2012.06.28 09:04:52 | 000,031,888 | ---- | M] () -- C:\Users\Cristina\Documents\Scan001.jpg
[2012.06.27 14:47:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.06.27 14:47:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.06.16 23:58:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2012.07.16 20:00:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.16 20:00:44 | 000,001,889 | ---- | C] () -- C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.16 15:00:37 | 003,877,737 | ---- | C] () -- C:\Users\Cristina\Desktop\BA- Evi, Korrektur.odt
[2012.07.16 03:39:04 | 000,032,530 | ---- | C] () -- C:\Users\Cristina\Desktop\Bericht Fachpraktikum.odt
[2012.07.13 22:56:17 | 004,247,220 | ---- | C] () -- C:\Users\Cristina\Desktop\P1070007.JPG
[2012.07.11 22:14:19 | 096,982,129 | ---- | C] () -- C:\Users\Cristina\Desktop\RASTA LOVE.rar
[2012.07.10 21:24:35 | 000,102,400 | ---- | C] () -- C:\Windows\System32\st50220.dll
[2012.07.10 21:24:35 | 000,042,280 | ---- | C] () -- C:\Windows\System32\WebCamKSProxyPlugin.ax
[2012.07.10 21:24:35 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2012.07.10 11:09:33 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.07.03 15:23:08 | 000,014,565 | ---- | C] () -- C:\Users\Cristina\Desktop\Urlaubsantrag Bafög.odt
[2012.06.29 22:43:30 | 000,007,338 | ---- | C] () -- C:\Users\Cristina\Documents\Unteschrift.jpg
[2012.06.29 22:42:48 | 000,023,719 | ---- | C] () -- C:\Users\Cristina\Documents\Unterschrift.jpg
[2012.06.29 21:49:07 | 001,056,214 | ---- | C] () -- C:\Users\Cristina\Documents\Mietvertrag 2.jpg
[2012.06.29 21:48:57 | 001,123,952 | ---- | C] () -- C:\Users\Cristina\Documents\Mietvertrag 1.jpg
[2012.06.28 12:20:39 | 000,047,071 | ---- | C] () -- C:\Users\Cristina\Documents\Untermietvertrag Sept.-Mär..pdf
[2012.06.28 10:52:34 | 000,042,540 | ---- | C] () -- C:\Users\Cristina\Documents\Untermietvertrag Aug.-Sept..pdf
[2012.06.28 09:11:53 | 000,095,814 | ---- | C] () -- C:\Users\Cristina\Documents\Modulo di accettazione Cristina Imbrenda.pdf
[2012.06.28 09:04:50 | 000,031,888 | ---- | C] () -- C:\Users\Cristina\Documents\Scan001.jpg
[2012.06.27 14:47:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.06.27 14:47:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.06.16 23:58:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.04.01 19:45:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.01 19:45:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2010.11.21 02:46:14 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
< End of report >
ⴭഠ 桉䕗⹂䕄倠獯晴捡浩敭慤敢㩩搠敩欠獯整汮獯䕗⹂䕄䴠楡灁⁰ﱦ偩潨敮甠摮䄠摮潲摩ਮ瑨灴㩳⼯牰摯歵整眮扥搮⽥牦敥慭汩浟扯汩彥瑳牡獴楥整യ
|
