Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Trojaner (https://www.trojaner-board.de/102944-bundespolizei-trojaner.html)

musiklaboran 28.08.2011 19:11
Bundespolizei Trojaner
 
Hallo!

Auch ich habe mir den hier schon so oft beschriebenen Bundespolizei-Trojaner eingefangen.
Allerdings kann ich im Abgesicherten Modus starten.
Brenne gerade OTLPE-CD und poste dann das Ergebnis.

Vielen Dank im Voraus!
Martin

musiklaboran 28.08.2011 19:20
hier der Bericht:OTL Logfile:
Code:
OTL logfile created on: 28.08.2011 20:13:52 - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = F:\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,41 Gb Total Space | 56,45 Gb Free Space | 37,78% Space Free | Partition Type: NTFS
Drive E: | 147,21 Gb Total Space | 142,31 Gb Free Space | 96,67% Space Free | Partition Type: NTFS
Drive F: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MUSIKLABORANT | User Name: Martin Wiese
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.05.23 12:32:11 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011.05.06 18:29:11 | 000,529,064 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011.05.06 18:29:00 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011.05.06 18:28:57 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010.03.16 18:01:22 | 000,132,464 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2011.08.17 12:09:22 | 000,042,672 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)
DRV - [2011.06.22 14:44:11 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.22 14:44:11 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.06.10 22:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.06.09 13:06:56 | 000,148,648 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011.05.06 18:29:37 | 000,072,520 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011.05.06 18:29:34 | 000,037,832 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2011.05.06 18:29:11 | 000,072,840 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011.05.06 18:29:01 | 000,041,896 | ---- | M] () [Kernel | Disabled] -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2011.05.06 18:29:01 | 000,027,304 | ---- | M] () [Kernel | Disabled] -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2011.05.06 18:29:01 | 000,014,504 | ---- | M] () [Kernel | System] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2011.03.24 22:15:30 | 000,021,112 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2011.03.24 22:13:52 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011.03.18 13:56:59 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011.02.22 15:37:53 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.01.27 20:19:57 | 000,028,089 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2011.01.27 20:19:57 | 000,010,430 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\secbulk.sys -- (SecBulk)
DRV - [2010.09.17 13:27:32 | 000,023,696 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\synasusb.sys -- (synasusb)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.28 20:21:54 | 000,104,448 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.12.26 11:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.04.23 11:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006.11.22 10:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2006.11.20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2004.08.11 16:39:38 | 000,041,984 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110519,16981,0,16,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E5886C91-CDD7-4832-B32D-0830705A9C60}:1.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Programme\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011.08.23 00:50:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.23 02:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.05 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 13:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Martin Wiese\AppData\Roaming\5012 [2011.03.03 21:37:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Martin Wiese\AppData\Roaming\NetAssistant\ [2011.05.02 00:50:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\vinceturk@gmail.com: C:\Program Files\KwiClick LLC\KwiClick\ [2011.05.02 00:50:54 | 000,000,000 | ---D | M]
 
[2010.11.03 01:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Extensions
[2010.11.03 01:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.21 12:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions
[2010.11.09 23:58:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.03 23:47:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.21 12:52:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin Wiese\AppData\Roaming\mozilla\Firefox\Profiles\1lp71lec.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.17 00:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.23 00:49:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.11.19 18:23:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.17 01:15:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 11:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.17 00:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.23 00:50:27 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
[2011.03.03 21:37:19 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MARTIN WIESE\APPDATA\ROAMING\5012
() (No name found) -- C:\USERS\MARTIN WIESE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1LP71LEC.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
[2011.08.23 02:10:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.05 22:41:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.05 22:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.05 22:41:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.08 21:11:38 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.05 22:41:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.05 22:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.05 22:41:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.18 04:09:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TrayServer] C:\MAGIX\Video_deluxe_2007\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [avupdate] C:\Users\Martin Wiese\AppData\Roaming\jashla.exe (Heaventools Software)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Martin Wiese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin Wiese\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Martin Wiese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martin Wiese\Pictures\aurora.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martin Wiese\Pictures\aurora.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.28 18:40:25 | 000,134,144 | ---- | C] (Heaventools Software) -- C:\Users\Martin Wiese\AppData\Roaming\jashla.exe
[2011.08.26 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\AppData\Local\Cisco
[2011.08.26 17:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.08.26 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011.08.26 17:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2011.08.25 20:49:24 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\__MACOSX
[2011.08.25 20:49:23 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\Pressematerial
[2011.08.24 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\klangwelten hintergrund
[2011.08.21 13:31:52 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\V&M
[2011.08.18 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\Desktop\MovsInternetseite
[2011.08.02 09:53:31 | 000,000,000 | ---D | C] -- C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin Wiese\AppData\Roaming\*.tmp files -> C:\Users\Martin Wiese\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.28 19:19:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.28 19:13:26 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2011.08.28 19:12:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.28 19:12:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.28 18:42:25 | 000,033,040 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Schauspieltheorien.odt
[2011.08.28 18:40:25 | 000,134,144 | ---- | M] (Heaventools Software) -- C:\Users\Martin Wiese\AppData\Roaming\jashla.exe
[2011.08.28 14:31:52 | 000,026,118 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Kassel Szene Feine Gesellschaft.odt
[2011.08.28 10:31:37 | 000,630,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.28 10:31:37 | 000,599,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.28 10:31:37 | 000,128,514 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.28 10:31:37 | 000,106,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.28 00:17:30 | 030,941,272 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Kassel Bewerbung PPP.odp
[2011.08.27 20:08:29 | 000,100,723 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\16.jpg
[2011.08.27 20:08:05 | 000,099,447 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\07.jpg
[2011.08.27 20:07:38 | 000,076,704 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\002.jpg
[2011.08.27 20:06:04 | 000,077,070 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\23.jpg
[2011.08.27 20:05:15 | 000,090,975 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\02.jpg
[2011.08.27 20:04:28 | 000,098,347 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\37.jpg
[2011.08.27 20:03:06 | 000,019,953 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\kassel3.jpg
[2011.08.27 15:50:46 | 000,909,659 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Upload_Dissertation_Andreas_Nastke.pdf
[2011.08.27 13:29:35 | 000,022,346 | ---- | M] () -- C:\Users\Martin Wiese\Documents\Konzept Kassel PPP.odt
[2011.08.27 12:32:52 | 000,010,774 | ---- | M] () -- C:\Users\Martin Wiese\AppData\Roaming\wklnhst.dat
[2011.08.27 10:48:39 | 000,121,649 | -H-- | M] () -- C:\Users\Martin Wiese\Desktop\mxfilerelatedcache.mxc2
[2011.08.27 10:48:35 | 000,000,804 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\kassel 2.jpx
[2011.08.27 10:43:49 | 000,011,749 | ---- | M] () -- C:\Users\Martin Wiese\AppData\Roaming\SmarThruOptions.xml
[2011.08.27 10:43:43 | 036,818,754 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\kassel 2.bmp
[2011.08.26 21:53:46 | 049,899,581 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Testfiles.rar
[2011.08.26 17:41:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.08.26 12:20:20 | 017,254,056 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschine_V_edit_grafik_Musik 260811.aif
[2011.08.25 20:49:00 | 000,000,354 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Teil 1.2
[2011.08.25 20:48:50 | 019,599,028 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Pressematerial.zip
[2011.08.24 19:09:47 | 007,249,043 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Ding Dong Schnitt 01 WEB PREVIEW.mov
[2011.08.24 19:09:45 | 004,160,761 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Schmieder M ZA Spot 02 WEB PREVIEW.mov
[2011.08.24 18:35:39 | 000,000,803 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\klangwelten.jpx
[2011.08.24 17:40:00 | 007,156,582 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\klangwelten.bmp
[2011.08.23 22:51:32 | 000,000,029 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\_REG8522.jpx
[2011.08.21 13:48:47 | 000,400,017 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\V&M exp.jpg
[2011.08.19 21:52:04 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011.08.17 12:09:22 | 000,042,672 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.08.16 00:59:22 | 004,969,581 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\rot.jpg
[2011.08.15 21:48:55 | 000,071,545 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Szenisches%20Spiel.pdf
[2011.08.15 18:08:07 | 000,013,824 | ---- | M] () -- C:\Users\Martin Wiese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 09:05:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.14 12:10:24 | 030,412,908 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschin_V_presound_pregraiding.mov
[2011.08.02 11:55:23 | 006,409,178 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\_REG8522.JPG
[2011.08.02 09:53:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.08.02 09:53:17 | 000,001,196 | ---- | M] () -- C:\Users\Martin Wiese\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin Wiese\AppData\Roaming\*.tmp files -> C:\Users\Martin Wiese\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.28 14:20:06 | 000,026,118 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Kassel Szene Feine Gesellschaft.odt
[2011.08.27 20:08:29 | 000,100,723 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\16.jpg
[2011.08.27 20:08:05 | 000,099,447 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\07.jpg
[2011.08.27 20:07:38 | 000,076,704 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\002.jpg
[2011.08.27 20:06:04 | 000,077,070 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\23.jpg
[2011.08.27 20:05:14 | 000,090,975 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\02.jpg
[2011.08.27 20:04:25 | 000,098,347 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\37.jpg
[2011.08.27 20:03:05 | 000,019,953 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\kassel3.jpg
[2011.08.27 15:50:46 | 000,909,659 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Upload_Dissertation_Andreas_Nastke.pdf
[2011.08.27 10:46:30 | 000,000,804 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\kassel 2.jpx
[2011.08.27 10:43:43 | 036,818,754 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\kassel 2.bmp
[2011.08.27 00:45:33 | 000,022,346 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Konzept Kassel PPP.odt
[2011.08.26 21:52:25 | 049,899,581 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Testfiles.rar
[2011.08.26 21:51:29 | 082,199,360 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Martin Wiese_Movie 2.wav
[2011.08.26 21:51:17 | 020,047,698 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Dekra_Spot1109_FinalMST.wav
[2011.08.26 15:53:07 | 017,254,056 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschine_V_edit_grafik_Musik 260811.aif
[2011.08.25 20:49:00 | 000,000,354 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Teil 1.2
[2011.08.25 20:48:45 | 019,599,028 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Pressematerial.zip
[2011.08.25 14:52:51 | 000,033,040 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Schauspieltheorien.odt
[2011.08.24 19:09:45 | 007,249,043 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Ding Dong Schnitt 01 WEB PREVIEW.mov
[2011.08.24 19:09:43 | 004,160,761 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Schmieder M ZA Spot 02 WEB PREVIEW.mov
[2011.08.24 18:02:08 | 030,941,272 | ---- | C] () -- C:\Users\Martin Wiese\Documents\Kassel Bewerbung PPP.odp
[2011.08.24 17:21:24 | 000,000,803 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\klangwelten.jpx
[2011.08.24 17:20:50 | 007,156,582 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\klangwelten.bmp
[2011.08.21 13:36:46 | 000,400,017 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\V&M exp.jpg
[2011.08.21 13:31:54 | 006,409,178 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\_REG8522.JPG
[2011.08.21 13:31:54 | 000,000,029 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\_REG8522.jpx
[2011.08.19 21:52:04 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011.08.16 00:59:20 | 004,969,581 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\rot.jpg
[2011.08.15 21:48:55 | 000,071,545 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Szenisches%20Spiel.pdf
[2011.08.15 21:17:36 | 477,551,286 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\KlangweltenStand100509.mov
[2011.08.14 12:08:39 | 030,412,908 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Georg_Maschin_V_presound_pregraiding.mov
[2011.08.02 09:53:17 | 000,001,196 | ---- | C] () -- C:\Users\Martin Wiese\Desktop\Free YouTube to MP3 Converter.lnk
[2011.07.21 14:58:30 | 000,011,749 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\SmarThruOptions.xml
[2011.07.21 14:58:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.07.21 14:58:05 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2011.07.21 14:58:02 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2011.07.21 14:57:41 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.07.21 14:57:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011.05.06 13:37:51 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.05.02 10:06:16 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.05.02 10:06:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.03.24 22:15:30 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011.03.03 23:05:44 | 000,000,010 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\urhtps.dat
[2010.12.16 13:24:48 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2010.11.29 00:51:21 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010.11.29 00:03:05 | 000,010,774 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\wklnhst.dat
[2010.11.22 00:17:36 | 000,000,016 | -H-- | C] () -- C:\Users\Martin Wiese\AppData\Roaming\mxfilerelatedcache.mxc2
[2010.11.22 00:17:36 | 000,000,016 | -H-- | C] () -- C:\Users\Martin Wiese\AppData\mxfilerelatedcache.mxc2
[2010.11.22 00:17:36 | 000,000,016 | -H-- | C] () -- C:\Users\Martin Wiese\AppData\Local\mxfilerelatedcache.mxc2
[2010.11.13 22:21:00 | 000,013,824 | ---- | C] () -- C:\Users\Martin Wiese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 14:24:39 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.11.12 14:21:45 | 000,282,624 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2010.11.12 14:21:45 | 000,260,464 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010.11.12 14:21:45 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2010.11.04 00:23:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.02 10:46:57 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2010.11.02 10:46:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2010.11.02 10:46:57 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2010.11.02 10:46:57 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2010.11.02 10:43:47 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2009.12.21 03:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.21 09:15:58 | 000,630,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,514 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,365,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,599,538 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,106,922 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
========== LOP Check ==========
 
[2011.03.03 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\5012
[2011.05.02 14:40:59 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Acronis
[2011.08.28 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Dropbox
[2011.08.02 09:53:33 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoft
[2011.02.03 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\elsterformular
[2011.06.11 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\FileZilla
[2011.05.02 10:50:09 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\FinalTorrent
[2011.03.03 21:33:42 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\kock
[2011.07.03 21:45:24 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\MAGIX
[2011.02.12 01:02:11 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\myphotobook
[2011.05.02 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\NetAssistant
[2011.03.19 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\OpenOffice.org
[2011.06.07 22:09:08 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\PACE Anti-Piracy
[2011.07.21 15:45:50 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\PrimoPDF
[2011.07.21 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\SmarThru4
[2010.11.29 00:03:15 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Template
[2010.11.03 01:27:38 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Thunderbird
[2010.12.18 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\TOSHIBA
[2011.03.03 23:41:03 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\UAs
[2011.03.04 01:05:05 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\Uniblue
[2011.04.27 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Martin Wiese\AppData\Roaming\xmldm
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.05.03 19:13:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2010.12.02 00:16:53 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2011.08.26 17:41:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.05.02 10:08:08 | 000,000,000 | ---D | M] -- C:\ProgramData\eLicenser
[2011.01.09 23:38:29 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2011.05.06 13:36:45 | 000,000,000 | ---D | M] -- C:\ProgramData\f-secure
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.05.06 18:26:59 | 000,000,000 | ---D | M] -- C:\ProgramData\fssg
[2008.02.18 17:59:57 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2011.04.14 15:40:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE
[2011.06.07 22:09:08 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.05.02 10:08:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008.02.22 11:17:07 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA
[2010.11.02 10:39:45 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008.02.18 17:43:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2010.11.02 10:36:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.07.21 10:50:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox
[2008.02.25 10:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.11.03 00:03:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.08.28 19:13:26 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job
[2011.08.28 19:15:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1268 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:JlW544piCCZyCVSkjx
@Alternate Data Stream - 1221 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:PxB0F6YjAKahiOEymN6WrpY
@Alternate Data Stream - 1197 bytes -> C:\Users\Martin Wiese\AppData\Local:e9KGSf8k01SDlYTWvGZ
@Alternate Data Stream - 1086 bytes -> C:\Users\Martin Wiese\AppData\Local\UDjvXT5P5Yg:fd9HTNX5Gu2otgLJzxs
< End of report >
--- --- ---

cosinus 29.08.2011 14:26
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110519,16981,0,16,0"
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 4
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4 - HKU\S-1-5-21-3802820226-1810299904-3112085275-1000..\Run: [avupdate] C:\Users\Martin Wiese\AppData\Roaming\jashla.exe (Heaventools Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.08.28 18:40:25 | 000,134,144 | ---- | C] (Heaventools Software) -- C:\Users\Martin Wiese\AppData\Roaming\jashla.exe
@Alternate Data Stream - 1268 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:JlW544piCCZyCVSkjx
@Alternate Data Stream - 1221 bytes -> C:\Users\Martin Wiese\AppData\Local\temp:PxB0F6YjAKahiOEymN6WrpY
@Alternate Data Stream - 1197 bytes -> C:\Users\Martin Wiese\AppData\Local:e9KGSf8k01SDlYTWvGZ
@Alternate Data Stream - 1086 bytes -> C:\Users\Martin Wiese\AppData\Local\UDjvXT5P5Yg:fd9HTNX5Gu2otgLJzxs
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

musiklaboran 29.08.2011 16:45
hier das log nach dem fix:

========== OTL ==========
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Yahoo" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.order.2
Prefs.js: "w3i&type=W3i_DS,157,0_0,Search,20110519,16981,0,16,0" removed from browser.search.param.yahoo-fr
HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "chrome://browser-region/locale/region.properties" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3802820226-1810299904-3112085275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
C:\Users\Martin Wiese\AppData\Roaming\jashla.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File C:\Users\Martin Wiese\AppData\Roaming\jashla.exe not found.
ADS C:\Users\Martin Wiese\AppData\Local\temp:JlW544piCCZyCVSkjx deleted successfully.
ADS C:\Users\Martin Wiese\AppData\Local\temp:PxB0F6YjAKahiOEymN6WrpY deleted successfully.
ADS C:\Users\Martin Wiese\AppData\Local:e9KGSf8k01SDlYTWvGZ deleted successfully.
ADS C:\Users\Martin Wiese\AppData\Local\UDjvXT5P5Yg:fd9HTNX5Gu2otgLJzxs deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 08292011_174148

Upload des Zip-Files soeben erfolgt!

cosinus 29.08.2011 18:33
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom im normalen Windows-Modus (kein OTLPE!)


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

musiklaboran 29.08.2011 20:31
hier das malwarebytes-log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7606

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

29.08.2011 21:29:17
mbam-log-2011-08-29 (21-29-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 309254
Laufzeit: 49 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\martin wiese\Desktop\microsoft.office.professional.plus.2010\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\08292011_174148\C_Users\martin wiese\AppData\Roaming\jashla.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

cosinus 29.08.2011 20:40
Zitat:
c:\Users\martin wiese\Desktop\microsoft.office.professional.plus.2010\mini-kms_activator_v1.052.exe (Riskware.Keygen)
:pfui:

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131