Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class

Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class


Log-Analyse und Auswertung: Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.11.2012, 21:13   #1
morten79
 
Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class - Standard

Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class


Hallo,
ich hatte folgenden Fund mit Avira:
C:\Users\CF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\6ae855ed-25da8de8
[0] Archivtyp: ZIP
--> bagdfssdb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.JAX-WS.A
--> bagdfssda.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.JAX-WS.C
Das hat Avira gesäubert. MBAM und aswMBR fanden nichts mehr. Ich würde mich freuen, wenn jemand rüber schauen würde. Danke!
Eine extras.txt wurde von OTL offensichtlich nicht erstellt.
Code:
ATTFilter
OTL logfile created on: 18.11.2012 20:45:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\CF\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 62,29% Memory free
7,83 Gb Paging File | 5,88 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,09 Gb Total Space | 194,38 Gb Free Space | 69,65% Space Free | Partition Type: NTFS
 
Computer Name: CNTRBRY-VAIO | User Name: CF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\CF\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5653b035f5e272c8cac8b851e6fcc67\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\7cb92ddc443ed7c85f3c8ef9f5c0f15f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\59d00fa60a9e559f8717404a5032e6ba\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Programme (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\..\SearchScopes\{0CEB7174-81B3-47CF-92A5-DFF6C7D95D0D}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\..\SearchScopes\{E8B4D6CA-BB70-4E91-871A-A31164557618}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: backword@gneheix.com:2.0.1.5
FF - prefs.js..extensions.enabledAddons: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6
FF - prefs.js..extensions.enabledAddons: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledAddons: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledAddons: {5D3F3872-91E9-4d59-AD9F-AA174A3145DD}:3.00.31
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.4
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: backword@gneheix.com:2.0.1.5
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt [2012.02.08 20:49:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme (x86)\Mozilla Firefox\components [2012.10.27 18:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme (x86)\Mozilla Thunderbird\components [2012.10.30 02:30:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme (x86)\Mozilla Thunderbird\plugins
 
[2012.01.19 16:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\Extensions
[2012.01.19 16:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.15 18:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\Firefox\Profiles\x97zspu2.default\extensions
[2012.01.20 15:58:00 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\CF\AppData\Roaming\mozilla\Firefox\Profiles\x97zspu2.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2012.10.31 21:08:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CF\AppData\Roaming\mozilla\Firefox\Profiles\x97zspu2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.15 18:16:41 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\CF\AppData\Roaming\mozilla\Firefox\Profiles\x97zspu2.default\extensions\https-everywhere@eff.org
[2012.06.26 14:53:03 | 000,083,053 | ---- | M] () (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\extensions\backword@gneheix.com.xpi
[2012.11.07 15:50:13 | 000,125,850 | ---- | M] () (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}.xpi
[2012.05.28 17:56:36 | 000,007,631 | ---- | M] () (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}.xpi
[2012.06.17 23:55:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2010.10.21 23:52:12 | 000,001,392 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\amazondotcom-de.xml
[2012.11.16 14:17:57 | 000,001,563 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\beolingus.xml
[2009.05.22 22:27:02 | 000,002,321 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\dictcc.xml
[2010.10.21 23:52:12 | 000,002,344 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\eBay-de.xml
[2012.11.16 14:17:58 | 000,002,200 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\google-maps-deutschland.xml
[2010.10.21 23:52:12 | 000,002,371 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\google.xml
[2010.10.21 23:52:12 | 000,006,805 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\leo_ende_de.xml
[2012.06.14 12:53:47 | 000,000,911 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\thesauruscom.xml
[2007.09.08 21:10:58 | 000,000,892 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\webster.xml
[2007.09.08 21:10:58 | 000,001,092 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\wikipedia-deutsch.xml
[2007.05.17 12:25:56 | 000,001,068 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\wikipedia-english.xml
[2012.05.13 21:53:27 | 000,002,057 | ---- | M] () -- C:\Users\CF\AppData\Roaming\mozilla\firefox\profiles\x97zspu2.default\searchplugins\youtube-videosuche.xml
[2012.02.08 20:49:00 | 000,000,000 | ---D | M] (Logitech Scroll App) -- C:\PROGRAM FILES\LOGITECH\SCROLLAPP\LOGISMOOTHFIREFOXEXT
 
O1 HOSTS File: ([2012.11.18 19:41:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll (Logitech, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Program Files\Logitech\ScrollApp\KhalScroll.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1763859144-2549505752-2964203356-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0680464B-134B-48DA-B728-A69EA296648A}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E37FB183-8A4D-4D10-BC59-029E1691D4FE}: DhcpNameServer = 10.100.70.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.18 20:44:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CF\Desktop\OTL.exe
[2012.11.18 20:01:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.18 19:28:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.18 19:28:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.18 19:28:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.18 19:28:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.18 19:28:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.18 17:49:52 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\CF\Desktop\ComboFix.exe
[2012.11.14 15:38:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.13 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\CF\Desktop\türen
[2012.10.30 23:34:11 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.10.29 23:03:01 | 000,000,000 | ---D | C] -- C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2012.10.26 00:09:16 | 000,000,000 | ---D | C] -- C:\Users\CF\Desktop\Kram
[2012.10.25 23:52:05 | 000,000,000 | ---D | C] -- C:\Users\CF\Documents\StreamTransport
[2012.10.25 23:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2012.10.25 23:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTransport
[2012.10.25 22:43:46 | 000,000,000 | ---D | C] -- C:\Users\CF\.mediathek3
[2012.10.25 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\CF\AppData\Roaming\Cornelsen
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.18 20:44:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CF\Desktop\OTL.exe
[2012.11.18 20:32:26 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 20:32:26 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 20:29:49 | 001,614,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.18 20:29:49 | 000,697,366 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.18 20:29:49 | 000,652,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.18 20:29:49 | 000,148,630 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.18 20:29:49 | 000,121,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.18 20:24:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.18 20:24:38 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 19:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.18 19:41:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.18 17:50:16 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\CF\Desktop\ComboFix.exe
[2012.11.16 14:22:27 | 000,016,930 | ---- | M] () -- C:\Users\CF\Desktop\OpenDocument Text (neu).odt
[2012.11.15 19:49:18 | 000,325,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.09 18:00:57 | 000,011,508 | ---- | M] () -- C:\Users\CF\AppData\Roaming\SmarThruOptions.xml
[2012.11.09 17:14:04 | 000,007,334 | ---- | M] () -- C:\Users\CF\Desktop\Neues Textdokument .odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.18 19:28:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.18 19:28:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.18 19:28:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.18 19:28:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.18 19:28:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.16 14:10:02 | 000,016,930 | ---- | C] () -- C:\Users\CF\Desktop\OpenDocument Text (neu).odt
[2012.11.09 17:14:04 | 000,007,334 | ---- | C] () -- C:\Users\CF\Desktop\Neues Textdokument .odt
[2012.10.02 16:12:32 | 000,000,218 | ---- | C] () -- C:\Users\CF\.recently-used.xbel
[2012.08.13 01:56:16 | 000,011,508 | ---- | C] () -- C:\Users\CF\AppData\Roaming\SmarThruOptions.xml
[2012.08.13 01:56:05 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2012.08.13 01:55:55 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2012.08.13 01:55:48 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.08.13 01:55:45 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2012.04.22 20:55:00 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.04.11 18:52:53 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.04.11 15:03:51 | 000,001,024 | ---- | C] () -- C:\Windows\ppengine.ini
[2012.02.08 23:14:23 | 000,113,768 | ---- | C] () -- C:\Windows\WiaInst.exe
[2012.02.04 03:40:14 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.04 03:40:14 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.04 03:40:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.01.09 03:16:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.09 03:13:58 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.07.20 01:29:42 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.20 01:29:36 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.20 01:29:35 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.01 23:08:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.02.11 00:03:27 | 001,592,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.20 02:03:39 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Ahnenblatt
[2012.06.06 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\AnvSoft
[2012.01.20 02:05:26 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Ashampoo
[2012.10.25 20:17:32 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Cornelsen
[2012.09.27 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Dropbox
[2012.05.23 14:39:24 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\elsterformular
[2012.01.22 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\iolo
[2012.02.08 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Leadertech
[2012.01.22 13:06:25 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Miranda
[2012.10.01 01:29:27 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Mp3tag
[2012.02.09 19:37:39 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Notebook Hardware Control
[2012.01.19 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\OpenOffice.org
[2012.02.07 19:16:16 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Samsung
[2012.08.13 01:56:17 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\SmarThru4
[2012.01.27 00:47:52 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\SoftGrid Client
[2012.01.22 15:59:55 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Sony
[2012.10.15 01:26:43 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\SynthMaker
[2012.04.11 21:11:16 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Temp
[2012.01.19 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Thunderbird
[2012.01.25 00:29:46 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\TP
[2012.04.12 00:03:39 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\TuneUp Software
[2012.06.05 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 

< End of report >

Alt 20.11.2012, 10:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class - Standard

Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class


Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:
Das hat Avira gesäubert. MBAM und aswMBR fanden nichts mehr. Ich würde mich freuen, wenn jemand rüber schauen würde. Danke!
Bitte beachten, alle Logs mit Funden sind zu posten => http://www.trojaner-board.de/125889-...tml#post941520
__________________

__________________
Antwort

Themen zu Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class
adobe, adobe flash player, antivir, aswmbr, avg, avira, bho, defender, explorer, firefox, flash player, format, google, home, igdpmd64.sys, logfile, monitor, mozilla, mp3, nodrives, notebook, opera, plug-in, programme, realtek, registry, scan, software, windows


« INF/autorun wurm mit rundll32.exe | Langsamer PC seit 1 Woche - eventuell Pup.vshareredir »


Ähnliche Themen: Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class


  1. first-class-zollservice Spam: Luftfrachsendung AWB
    Diskussionsforum - 20.01.2014 (29)
  2. Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 22.12.2012 (18)
  3. Welches Vorgehen nach BKA Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (13)
  4. Vorgehen nach Live Security Platinum Entfernung?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  5. Trojaner - wie weiter vorgehen nach Malwarebytes Suchlauf?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  6. Main.class Virus?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (5)
  7. Windows First-Class Protector entfernen
    Anleitungen, FAQs & Links - 31.03.2012 (2)
  8. JQSIEStartDetectorImpl Class (nicht verfizert)
    Antiviren-, Firewall- und andere Schutzprogramme - 02.07.2009 (0)
  9. Beyond.class Trojaner ist das System clean?
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (4)
  10. Hilfe! Trojaner Beyond.class geht nicht weg
    Plagegeister aller Art und deren Bekämpfung - 30.01.2007 (4)
  11. QDiagHUpdate Obj Class
    Plagegeister aller Art und deren Bekämpfung - 22.10.2005 (2)
  12. MainApp.class
    Plagegeister aller Art und deren Bekämpfung - 16.10.2005 (3)
  13. Weiteres Vorgehen nach escan
    Log-Analyse und Auswertung - 21.02.2005 (2)
  14. EPSImageControl Class
    Alles rund um Windows - 06.01.2005 (3)
  15. VerifierBug.Class
    Plagegeister aller Art und deren Bekämpfung - 13.03.2004 (5)
  16. KAV findet JavaChart.class.
    Plagegeister aller Art und deren Bekämpfung - 26.09.2003 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class - Hallo, ich hatte folgenden Fund mit Avira: C:\Users\CF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\6ae855ed-25da8de8 [0] Archivtyp: ZIP --> bagdfssdb.class [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.JAX-WS.A --> bagdfssda.class [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.JAX-WS.C Das hat Avira - Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class...
Archiv
Du betrachtest: Scanlogs/Vorgehen nach Fund bagdfssdb.class/bagdfssda.class auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19