| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.08.2011, 19:11
| #1 |
| |  Bundespolizei Trojaner Hallo! Auch ich habe mir den hier schon so oft beschriebenen Bundespolizei-Trojaner eingefangen. Allerdings kann ich im Abgesicherten Modus starten. Brenne gerade OTLPE-CD und poste dann das Ergebnis. Vielen Dank im Voraus! Martin |
|
28.08.2011, 19:20
| #2 |
| | Bundespolizei Trojaner hier der Bericht:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 28.08.2011 20:13:52 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = F:\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,41 Gb Total Space | 56,45 Gb Free Space | 37,78% Space Free | Partition Type: NTFS
Drive E: | 147,21 Gb Total Space | 142,31 Gb Free Space | 96,67% Space Free | Partition Type: NTFS
Drive F: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MUSIKLABORANT | User Name: Martin Wiese
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.05.23 12:32:11 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011.05.06 18:29:11 | 000,529,064 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011.05.06 18:29:00 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011.05.06 18:28:57 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010.03.16 18:01:22 | 000,132,464 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011.08.17 12:09:22 | 000,042,672 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)
DRV - [2011.06.22 14:44:11 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.22 14:44:11 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.06.10 22:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.06.09 13:06:56 | 000,148,648 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011.05.06 18:29:37 | 000,072,520 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011.05.06 18:29:34 | 000,037,832 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2011.05.06 18:29:11 | 000,072,840 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011.05.06 18:29:01 | 000,041,896 | ---- | M] () [Kernel | Disabled] -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2011.05.06 18:29:01 | 000,027,304 | ---- | M] () [Kernel | Disabled] -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2011.05.06 18:29:01 | 000,014,504 | ---- | M] () [Kernel | System] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2011.03.24 22:15:30 | 000,021,112 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2011.03.24 22:13:52 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011.03.18 13:56:59 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011.02.22 15:37:53 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.01.27 20:19:57 | 000,028,089 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2011.01.27 20:19:57 | 000,010,430 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\secbulk.sys -- (SecBulk)
DRV - [2010.09.17 13:27:32 | 000,023,696 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\synasusb.sys -- (synasusb)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.28 20:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.12.26 11:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.04.23 11:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006.11.22 10:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2006.11.20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2004.08.11 16:39:38 | 000,041,984 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110519,16981,0,16,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E5886C91-CDD7-4832-B32D-0830705A9C60}:1.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Programme\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011.08.23 00:50:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.23 02:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.05 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 13:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Martin Wiese\AppData\Roaming\5012 [2011.03.03 21:37:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Martin Wiese\AppData\Roaming\NetAssistant\ [2011.05.02 00:50:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\vinceturk@gmail.com: C:\Program Files\KwiClick LLC\KwiClick\ [2011.05.02 00:50:54 | 000,000,000 | ---D | M]
[2010.11.03 01:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Extensions
[2010.11.03 01:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.21 12:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions
[2010.11.09 23:58:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.03 23:47:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.21 12:52:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.17 00:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.23 00:49:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.11.19 18:23:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.17 01:15:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 11:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.17 00:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.23 00:50:27 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
[2011.03.03 21:37:19 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MARTIN WIESE\APPDATA\ROAMING\5012
() (No name found) -- C:\USERS\MARTIN WIESE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1LP71LEC.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
[2011.08.23 02:10:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.05 22:41:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.05 22:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.05 22:41:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.08 21:11:38 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.05 22:41:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.05 22:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.05 22:41:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.11.18 04:09:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TrayServer] C:\MAGIX\Video_deluxe_2007\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [avupdate] C:\Users\Martin Wiese\AppData\Roaming\jashla.exe (Heaventools Software)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Martin Wiese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin Wiese\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Martin Wiese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martin Wiese\Pictures\aurora.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martin Wiese\Pictures\aurora.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.08.28 18:40:25 | 000,134,144 | ---- | C] (Heaventools Software) -- C:\Users\Martin Wiese\AppData\Roaming\jashla.exe
[2011.08.26 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\AppData\Local\Cisco
[2011.08.26 17:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.08.26 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011.08.26 17:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2011.08.25 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\__MACOSX
[2011.08.25 20:49:23 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\Pressematerial
[2011.08.24 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\klangwelten hintergrund
[2011.08.21 13:31:52 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\V&M
[2011.08.18 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\MovsInternetseite
[2011.08.02 09:53:31 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin Wiese\AppData\Roaming\*.tmp files -> C:\Users\Martin Wiese\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.08.28 19:19:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.28 19:13:26 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2011.08.28 19:12:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.28 19:12:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.28 18:42:25 | 000,033,040 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Schauspieltheorien.odt
[2011.08.28 18:40:25 | 000,134,144 | ---- | M] (Heaventools Software) -- C:\Users\Martin Wiese\AppData\Roaming\jashla.exe
[2011.08.28 14:31:52 | 000,026,118 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Kassel Szene Feine Gesellschaft.odt
[2011.08.28 10:31:37 | 000,630,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.28 10:31:37 | 000,599,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.28 10:31:37 | 000,128,514 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.28 10:31:37 | 000,106,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.28 00:17:30 | 030,941,272 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Kassel Bewerbung PPP.odp
[2011.08.27 20:08:29 | 000,100,723 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\16.jpg
[2011.08.27 20:08:05 | 000,099,447 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\07.jpg
[2011.08.27 20:07:38 | 000,076,704 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\002.jpg
[2011.08.27 20:06:04 | 000,077,070 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\23.jpg
[2011.08.27 20:05:15 | 000,090,975 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\02.jpg
[2011.08.27 20:04:28 | 000,098,347 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\37.jpg
[2011.08.27 20:03:06 | 000,019,953 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\kassel3.jpg
[2011.08.27 15:50:46 | 000,909,659 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Upload_Dissertation_Andreas_Nastke.pdf
[2011.08.27 13:29:35 | 000,022,346 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Konzept Kassel PPP.odt
[2011.08.27 12:32:52 | 000,010,774 | ---- | M] () -- C:\Users\Martin Wiese\AppData\Roaming\wklnhst.dat
[2011.08.27 10:48:39 | 000,121,649 | -H-- | M] () -- C:\Users\Martin Wiese\Desktop\mxfilerelatedcache.mxc2
[2011.08.27 10:48:35 | 000,000,804 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\kassel 2.jpx
[2011.08.27 10:43:49 | 000,011,749 | ---- | M] () -- C:\Users\Martin Wiese\AppData\Roaming\SmarThruOptions.xml
[2011.08.27 10:43:43 | 036,818,754 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\kassel 2.bmp
[2011.08.26 21:53:46 | 049,899,581 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Testfiles.rar
[2011.08.26 17:41:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.08.26 12:20:20 | 017,254,056 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschine_V_edit_grafik_Musik 260811.aif
[2011.08.25 20:49:00 | 000,000,354 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Teil 1.2
[2011.08.25 20:48:50 | 019,599,028 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Pressematerial.zip
[2011.08.24 19:09:47 | 007,249,043 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Ding Dong Schnitt 01 WEB PREVIEW.mov
[2011.08.24 19:09:45 | 004,160,761 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Schmieder M ZA Spot 02 WEB PREVIEW.mov
[2011.08.24 18:35:39 | 000,000,803 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\klangwelten.jpx
[2011.08.24 17:40:00 | 007,156,582 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\klangwelten.bmp
[2011.08.23 22:51:32 | 000,000,029 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\_REG8522.jpx
[2011.08.21 13:48:47 | 000,400,017 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\V&M exp.jpg
[2011.08.19 21:52:04 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011.08.17 12:09:22 | 000,042,672 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.08.16 00:59:22 | 004,969,581 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\rot.jpg
[2011.08.15 21:48:55 | 000,071,545 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Szenisches%20Spiel.pdf
[2011.08.15 18:08:07 | 000,013,824 | ---- | M] () -- C:\Users\Martin Wiese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 09:05:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.14 12:10:24 | 030,412,908 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschin_V_presound_pregraiding.mov
[2011.08.02 11:55:23 | 006,409,178 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\_REG8522.JPG
[2011.08.02 09:53:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.08.02 09:53:17 | 000,001,196 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin Wiese\AppData\Roaming\*.tmp files -> C:\Users\Martin Wiese\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.08.28 14:20:06 | 000,026,118 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Kassel Szene Feine Gesellschaft.odt
[2011.08.27 20:08:29 | 000,100,723 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\16.jpg
[2011.08.27 20:08:05 | 000,099,447 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\07.jpg
[2011.08.27 20:07:38 | 000,076,704 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\002.jpg
[2011.08.27 20:06:04 | 000,077,070 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\23.jpg
[2011.08.27 20:05:14 | 000,090,975 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\02.jpg
[2011.08.27 20:04:25 | 000,098,347 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\37.jpg
[2011.08.27 20:03:05 | 000,019,953 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\kassel3.jpg
[2011.08.27 15:50:46 | 000,909,659 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Upload_Dissertation_Andreas_Nastke.pdf
[2011.08.27 10:46:30 | 000,000,804 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\kassel 2.jpx
[2011.08.27 10:43:43 | 036,818,754 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\kassel 2.bmp
[2011.08.27 00:45:33 | 000,022,346 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Konzept Kassel PPP.odt
[2011.08.26 21:52:25 | 049,899,581 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Testfiles.rar
[2011.08.26 21:51:29 | 082,199,360 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Martin Wiese_Movie 2.wav
[2011.08.26 21:51:17 | 020,047,698 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Dekra_Spot1109_FinalMST.wav
[2011.08.26 15:53:07 | 017,254,056 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschine_V_edit_grafik_Musik 260811.aif
[2011.08.25 20:49:00 | 000,000,354 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Teil 1.2
[2011.08.25 20:48:45 | 019,599,028 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Pressematerial.zip
[2011.08.25 14:52:51 | 000,033,040 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Schauspieltheorien.odt
[2011.08.24 19:09:45 | 007,249,043 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Ding Dong Schnitt 01 WEB PREVIEW.mov
[2011.08.24 19:09:43 | 004,160,761 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Schmieder M ZA Spot 02 WEB PREVIEW.mov
[2011.08.24 18:02:08 | 030,941,272 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Kassel Bewerbung PPP.odp
[2011.08.24 17:21:24 | 000,000,803 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\klangwelten.jpx
[2011.08.24 17:20:50 | 007,156,582 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\klangwelten.bmp
[2011.08.21 13:36:46 | 000,400,017 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\V&M exp.jpg
[2011.08.21 13:31:54 | 006,409,178 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\_REG8522.JPG
[2011.08.21 13:31:54 | 000,000,029 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\_REG8522.jpx
[2011.08.19 21:52:04 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011.08.16 00:59:20 | 004,969,581 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\rot.jpg
[2011.08.15 21:48:55 | 000,071,545 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Szenisches%20Spiel.pdf
[2011.08.15 21:17:36 | 477,551,286 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\KlangweltenStand100509.mov
[2011.08.14 12:08:39 | 030,412,908 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschin_V_presound_pregraiding.mov
[2011.08.02 09:53:17 | 000,001,196 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Free YouTube to MP3 Converter.lnk
[2011.07.21 14:58:30 | 000,011,749 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\SmarThruOptions.xml
[2011.07.21 14:58:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.07.21 14:58:05 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2011.07.21 14:58:02 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2011.07.21 14:57:41 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.07.21 14:57:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011.05.06 13:37:51 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.05.02 10:06:16 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.05.02 10:06:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.03.24 22:15:30 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011.03.03 23:05:44 | 000,000,010 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\urhtps.dat
[2010.12.16 13:24:48 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2010.11.29 00:51:21 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010.11.29 00:03:05 | 000,010,774 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\wklnhst.dat
[2010.11.22 00:17:36 | 000,000,016 | -H-- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\mxfilerelatedcache.mxc2
[2010.11.22 00:17:36 | 000,000,016 | -H-- | C] () -- C:\Users\Martin Wiese\AppData\mxfilerelatedcache.mxc2
[2010.11.22 00:17:36 | 000,000,016 | -H-- | C] () -- C:\Users\Martin Wiese\AppData\Local\mxfilerelatedcache.mxc2
[2010.11.13 22:21:00 | 000,013,824 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 14:24:39 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.11.12 14:21:45 | 000,282,624 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2010.11.12 14:21:45 | 000,260,464 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010.11.12 14:21:45 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2010.11.04 00:23:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.02 10:46:57 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2010.11.02 10:46:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2010.11.02 10:46:57 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2010.11.02 10:46:57 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2010.11.02 10:43:47 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2009.12.21 03:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.21 09:15:58 | 000,630,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,514 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,365,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,599,538 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,106,922 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2011.03.03 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\5012
[2011.05.02 14:40:59 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Acronis
[2011.08.28 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Dropbox
[2011.08.02 09:53:33 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoft
[2011.02.03 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\elsterformular
[2011.06.11 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\FileZilla
[2011.05.02 10:50:09 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\FinalTorrent
[2011.03.03 21:33:42 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\kock
[2011.07.03 21:45:24 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\MAGIX
[2011.02.12 01:02:11 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\myphotobook
[2011.05.02 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\NetAssistant
[2011.03.19 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\OpenOffice.org
[2011.06.07 22:09:08 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\PACE Anti-Piracy
[2011.07.21 15:45:50 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\PrimoPDF
[2011.07.21 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\SmarThru4
[2010.11.29 00:03:15 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Template
[2010.11.03 01:27:38 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Thunderbird
[2010.12.18 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\TOSHIBA
[2011.03.03 23:41:03 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\UAs
[2011.03.04 01:05:05 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Uniblue
[2011.04.27 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\xmldm
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.05.03 19:13:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2010.12.02 00:16:53 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2011.08.26 17:41:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.05.02 10:08:08 | 000,000,000 | ---D | M] -- C:\ProgramData\eLicenser
[2011.01.09 23:38:29 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2011.05.06 13:36:45 | 000,000,000 | ---D | M] -- C:\ProgramData\f-secure
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.05.06 18:26:59 | 000,000,000 | ---D | M] -- C:\ProgramData\fssg
[2008.02.18 17:59:57 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2011.04.14 15:40:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE
[2011.06.07 22:09:08 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.05.02 10:08:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008.02.22 11:17:07 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA
[2010.11.02 10:39:45 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008.02.18 17:43:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.07.21 10:50:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox
[2008.02.25 10:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.11.03 00:03:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.08.28 19:13:26 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job
[2011.08.28 19:15:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 1268 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:JlW544piCCZyCVSkjx
@Alternate Data Stream - 1221 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:PxB0F6YjAKahiOEymN6WrpY
@Alternate Data Stream - 1197 bytes -> C:\Users\Martin Wiese\AppData\Local:e9KGSf8k01SDlYTWvGZ
@Alternate Data Stream - 1086 bytes -> C:\Users\Martin Wiese\AppData\Local\UDjvXT5P5Yg:fd9HTNX5Gu2otgLJzxs
< End of report >
|
|
29.08.2011, 14:26
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110519,16981,0,16,0"
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 4
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [avupdate] C:\Users\Martin Wiese\AppData\Roaming\jashla.exe (Heaventools Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.08.28 18:40:25 | 000,134,144 | ---- | C] (Heaventools Software) -- C:\Users\Martin Wiese\AppData\Roaming\jashla.exe
@Alternate Data Stream - 1268 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:JlW544piCCZyCVSkjx
@Alternate Data Stream - 1221 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:PxB0F6YjAKahiOEymN6WrpY
@Alternate Data Stream - 1197 bytes -> C:\Users\Martin Wiese\AppData\Local:e9KGSf8k01SDlYTWvGZ
@Alternate Data Stream - 1086 bytes -> C:\Users\Martin Wiese\AppData\Local\UDjvXT5P5Yg:fd9HTNX5Gu2otgLJzxs
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
29.08.2011, 16:45
| #4 |
| | Bundespolizei Trojaner hier das log nach dem fix: ========== OTL ========== Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename Prefs.js: "Yahoo" removed from browser.search.order.1 Prefs.js: "" removed from browser.search.order.2 Prefs.js: "w3i&type=W3i_DS,157,0_0,Search,20110519,16981,0,16,0" removed from browser.search.param.yahoo-fr HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "chrome://browser-region/locale/region.properties" removed from keyword.URL Prefs.js: 4 removed from network.proxy.type Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully. C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully. C:\Users\Martin Wiese\AppData\Roaming\jashla.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File C:\Users\Martin Wiese\AppData\Roaming\jashla.exe not found. ADS C:\Users\Martin Wiese\AppData\Local\temp:JlW544piCCZyCVSkjx deleted successfully. ADS C:\Users\Martin Wiese\AppData\Local\temp:PxB0F6YjAKahiOEymN6WrpY deleted successfully. ADS C:\Users\Martin Wiese\AppData\Local:e9KGSf8k01SDlYTWvGZ deleted successfully. ADS C:\Users\Martin Wiese\AppData\Local\UDjvXT5P5Yg:fd9HTNX5Gu2otgLJzxs deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTLPE by OldTimer - Version 3.1.48.0 log created on 08292011_174148 Upload des Zip-Files soeben erfolgt! Geändert von musiklaboran (29.08.2011 um 16:58 Uhr) |
|
29.08.2011, 18:33
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom im normalen Windows-Modus (kein OTLPE!) CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.08.2011, 20:31
| #6 |
| | Bundespolizei Trojaner hier das malwarebytes-log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7606 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 29.08.2011 21:29:17 mbam-log-2011-08-29 (21-29-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 309254 Laufzeit: 49 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\martin wiese\Desktop\microsoft.office.professional.plus.2010\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\08292011_174148\C_Users\martin wiese\AppData\Roaming\jashla.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. |
|
29.08.2011, 20:40
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei TrojanerZitat:
 Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Trojaner |
| abgesicherte, abgesicherten, abgesicherten modus, bundespolizei, bundespolizei trojaner, bundespolizei-trojaner, modus, poste, starte, troja, trojane, trojaner |
Textbox.
.
Linear-Darstellung
