| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: KRIPO- Sie haben kinderpornografische Seiten besucht - ProblembehandlungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.06.2011, 18:32
| #1 |
| |  KRIPO- Sie haben kinderpornografische Seiten besucht - Problembehandlung OTL logfile created on: 6/15/2011 11:25:06 PM - Run OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 503.00 Mb Total Physical Memory | 330.00 Mb Available Physical Memory | 66.00% Memory free 455.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 50.07 Gb Total Space | 34.21 Gb Free Space | 68.32% Space Free | Partition Type: NTFS Drive D: | 100.00 Gb Total Space | 99.24 Gb Free Space | 99.24% Space Free | Partition Type: NTFS Drive E: | 82.81 Gb Total Space | 82.74 Gb Free Space | 99.92% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2011/04/28 16:01:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/16 14:04:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/06/10 15:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (cpuz132) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [2011/04/15 22:12:14] [Kernel | Auto] -- -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2011/03/16 14:04:02 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/11/23 15:26:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 06:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/09/24 04:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=hompag IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=hompag IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jasmin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\Jasmin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=hompag IE - HKU\Jasmin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\Jasmin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Jasmin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://downloads.phpnuke.org/de/index.php?rvs=hompag" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {c9508125-4747-4733-b048-e4b82dc9716d}:3.3.3.2 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/06/03 17:30:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/05/02 15:16:23 | 000,000,000 | ---D | M] [2010/08/20 13:25:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\mozilla\Extensions [2011/06/12 17:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\mozilla\Firefox\Profiles\unx8ro8d.default\extensions [2010/08/22 09:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\mozilla\Firefox\Profiles\unx8ro8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/04/15 16:13:24 | 000,000,000 | ---D | M] (PHPNukeDE Community Toolbar) -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\mozilla\Firefox\Profiles\unx8ro8d.default\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2011/04/15 16:13:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\mozilla\Firefox\Profiles\unx8ro8d.default\extensions\engine@conduit.com [2010/08/20 13:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010/08/13 15:01:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/10/23 09:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010/12/11 14:27:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/12/11 14:27:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/12/11 14:27:15 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/12/11 14:27:15 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/12/11 14:27:15 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001/08/18 09:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe () O4 - HKLM..\Run: [SMSTray] C:\Programme\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Jasmin\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Jasmin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\Jasmin\LOKALE~1\Temp\0.7878909084975347.exe) - C:\Dokumente und Einstellungen\Jasmin\Lokale Einstellungen\Temp\0.7878909084975347.exe (vdv) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/13 12:45:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/08/13 14:52:36 | 000,000,000 | ---D | M] - E:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/06/03 16:17:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Google [2011/06/01 12:55:22 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2011/05/27 12:53:02 | 000,106,609 | ---- | C] ((주) 마크애니, 컨텐츠 사업실) -- C:\WINDOWS\System32\MaJUtilLib.dll [2011/05/27 12:53:02 | 000,049,152 | R--- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll [2011/05/27 12:53:02 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll [2011/05/27 12:50:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung [2011/05/27 12:49:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\DataCast [2011/05/27 12:49:40 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2011/05/27 12:48:58 | 000,000,000 | ---D | C] -- C:\Programme\Samsung [69 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/15 13:10:11 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/06/15 13:10:10 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011/06/15 13:10:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/06/15 12:42:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/06/12 17:19:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/11 19:22:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/27 13:46:32 | 000,000,065 | ---- | M] () -- C:\WINDOWS\FISHUI.INI [2011/05/27 12:50:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung [69 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/27 13:46:32 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI [2011/05/07 09:49:53 | 000,000,408 | ---- | C] () -- C:\WINDOWS\GALSINT.INI [2011/05/07 09:33:12 | 000,011,766 | ---- | C] () -- C:\WINDOWS\Galsmave.ini [2011/04/16 16:39:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2011/01/06 13:41:57 | 000,001,240 | ---- | C] () -- C:\WINDOWS\eReg.dat [2011/01/05 08:56:40 | 000,000,134 | ---- | C] () -- C:\WINDOWS\System32\msupdte.exe [2010/11/13 10:47:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/11/04 09:49:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/08/20 13:25:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/08/13 14:36:48 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2010/08/13 14:33:18 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2010/08/13 14:10:29 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\nvumpu.exe [2010/08/13 14:10:23 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\nvuaudio.exe [2010/08/13 14:05:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/08/13 13:47:53 | 000,215,552 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll [2010/08/13 13:47:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010/08/13 13:47:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010/08/13 13:34:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/08/13 13:33:13 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/13 12:58:40 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Jasmin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/13 12:53:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/08/13 12:42:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/09/17 06:36:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2008/09/17 06:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2008/09/17 06:36:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2008/09/17 06:36:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll [2004/08/03 19:12:38 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001/08/23 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/23 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/08/18 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/08/18 09:00:00 | 000,448,470 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001/08/18 09:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/08/18 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/18 09:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001/08/18 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/18 09:00:00 | 000,079,910 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001/08/18 09:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/08/18 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/18 09:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001/08/18 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/18 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011/05/27 12:53:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\DataCast [2011/01/07 14:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\OpenOffice.org [2010/11/04 09:49:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jasmin\Anwendungsdaten\PeaceCraft2 [2010/08/13 14:02:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2011/04/15 16:10:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010/08/13 14:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2010/10/02 19:42:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2010/08/13 13:21:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/15 13:10:10 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:38FF076E @Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:11EFE63D < End of report > |
| Themen zu KRIPO- Sie haben kinderpornografische Seiten besucht - Problembehandlung |
| 0x00000001, alternate, antivir, autostart, avira, bho, bonjour, cdrom, dateien, desktop, einstellungen, explorer, firefox, format, ics, logfile, mozilla, plug-in, problembehandlung, realtek, reatogo, registry, scan, sched.exe, searchplugins, seiten, software, system32, temp, windows, windows xp, winlogon |
Baum-Darstellung