Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Antivir meldet BDS/ZeroAccess.Gen' [backdoor].

Antivir meldet BDS/ZeroAccess.Gen' [backdoor].


Log-Analyse und Auswertung: Antivir meldet BDS/ZeroAccess.Gen' [backdoor].

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 08.05.2013, 17:56   #1
Draku
 
Antivir meldet BDS/ZeroAccess.Gen' [backdoor]. - Standard

Antivir meldet BDS/ZeroAccess.Gen' [backdoor].


Hallo zusammen,
das hier hat Antivir mir gestern angezeigt:

Code:
ATTFilter
Die Datei 'C:\$Recycle.Bin\S-1-5-21-3163210225-1947164266-608850853-1001\$fb8a7cb17ae4e27c06ff64d7388f2a03\n'
enthielt einen Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55590bad.qua' verschoben!
Es war in Quarantäne verschoben, aber ich hab sicherheitshalber gleich nochmal nachgeschaut was das denn ist. Ich war erstmal geschockt, dass das so gravierend ist...
Ich hab dann hier im Forum darüber nachgelesen und die to-do-Liste abgearbeitet.
Ich weiß nicht ob ich das Problem schon alleine hätte lösen können, aber in der Liste steht ja, dass das immer individuell ist, also bitte ich hier um Hilfe da ich mich mit solchen Sachen leider gar nicht auskenne

Hier ist Otl

Code:
ATTFilter
OTL logfile created on: 08.05.2013 13:23:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,95% Memory free
8,17 Gb Paging File | 6,86 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,17 Gb Total Space | 23,64 Gb Free Space | 4,10% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 335,48 Gb Free Space | 36,02% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 19,99 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive F: | 2,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SASCHA | User Name: sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 13:08:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.17 01:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.08.13 06:01:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.08.10 22:56:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2007.01.30 20:36:30 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.20 19:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 00:41:39 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.30 13:23:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.08.13 06:01:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.04 16:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.29 20:49:43 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.09.21 09:31:22 | 000,690,688 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/sm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{31C488ED-3A0C-4D13-B8C7-E428887DD059}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{42935E45-2334-4539-9153-4042DA272158}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=7D125DF2-E5C1-4258-B0FB-CA2C38DACE6D&apn_sauid=9B080528-5D55-498F-B299-1D09B8E96A6C
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: youtubeunblocker@unblocker.yt:0.1.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7D125DF2-E5C1-4258-B0FB-CA2C38DACE6D&apn_ptnrs=U3&apn_sauid=9B080528-5D55-498F-B299-1D09B8E96A6C&apn_dtid=OSJ000YYDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Itunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\sascha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\sascha\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\sascha\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sascha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sascha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sascha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.27 11:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.23 02:33:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Users\sascha\AppData\Local\Mozilla Firefox\components [2013.04.11 22:28:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Users\sascha\AppData\Local\Mozilla Firefox\plugins
 
[2010.06.07 13:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sascha\AppData\Roaming\mozilla\Extensions
[2013.04.14 11:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sascha\AppData\Roaming\mozilla\Firefox\Profiles\hwe90mab.default\extensions
[2011.05.24 19:16:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sascha\AppData\Roaming\mozilla\Firefox\Profiles\hwe90mab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.01.17 00:42:20 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\sascha\AppData\Roaming\mozilla\Firefox\Profiles\hwe90mab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.22 14:58:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\sascha\AppData\Roaming\mozilla\Firefox\Profiles\hwe90mab.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.06.28 14:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sascha\AppData\Roaming\mozilla\Firefox\Profiles\hwe90mab.default\extensions\nostmp
[2012.11.13 11:54:59 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\sascha\AppData\Roaming\mozilla\Firefox\Profiles\hwe90mab.default\extensions\toolbar@ask.com
[2013.04.14 11:04:15 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\sascha\AppData\Roaming\mozilla\firefox\profiles\hwe90mab.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.02.15 01:00:08 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\sascha\AppData\Roaming\mozilla\firefox\profiles\hwe90mab.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.13 11:54:59 | 000,002,308 | ---- | M] () -- C:\Users\sascha\AppData\Roaming\mozilla\firefox\profiles\hwe90mab.default\searchplugins\askcom.xml
[2013.05.05 10:19:03 | 000,000,950 | ---- | M] () -- C:\Users\sascha\AppData\Roaming\mozilla\firefox\profiles\hwe90mab.default\searchplugins\icqplugin-1.xml
[2012.06.28 14:26:46 | 000,000,950 | ---- | M] () -- C:\Users\sascha\AppData\Roaming\mozilla\firefox\profiles\hwe90mab.default\searchplugins\icqplugin-2.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\sascha\AppData\Roaming\mozilla\firefox\profiles\hwe90mab.default\searchplugins\icqplugin.xml
[2013.02.21 13:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.28 20:20:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.01.16 12:21:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.07.23 11:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.06 23:03:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sascha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sascha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C1A8FD5-FD01-4A95-B2FE-25DF9CEFB98C}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D90AE9E-06D7-4075-9CD2-18886B78F86C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sascha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\sascha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.19 22:20:48 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ]
O32 - AutoRun File - [2006.04.11 16:15:11 | 000,323,584 | R--- | M] (Nival Interactive) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006.04.05 17:38:16 | 000,050,534 | R--- | M] () - F:\AutoRun.ico -- [ UDF ]
O32 - AutoRun File - [2003.03.14 13:03:15 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c8416314-fbe9-11df-ba65-4061860d7e25}\Shell - "" = AutoRun
O33 - MountPoints2\{c8416314-fbe9-11df-ba65-4061860d7e25}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{cd4a57dc-7222-11df-a82a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cd4a57dc-7222-11df-a82a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2006.04.11 16:15:11 | 000,323,584 | R--- | M] (Nival Interactive)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 13:09:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2013.05.08 03:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2013.05.08 03:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2013.04.27 23:00:27 | 000,000,000 | ---D | C] -- D:\Desktop\Fler-Blaues_Blut_Blue_Magic_Edition_-2CD-DE-2013-VOiCE
[2013.04.18 14:19:31 | 000,000,000 | ---D | C] -- C:\Users\sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo
[2013.04.18 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo
[2013.04.18 13:40:00 | 000,000,000 | ---D | C] -- C:\Users\sascha\AppData\Roaming\GetRightToGo
[2013.04.11 22:28:05 | 000,000,000 | ---D | C] -- C:\Users\sascha\AppData\Local\Mozilla Firefox
[2013.04.09 20:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 13:20:14 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 13:20:13 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 13:20:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.08 13:18:58 | 000,000,020 | ---- | M] () -- C:\Users\sascha\defogger_reenable
[2013.05.08 13:10:36 | 000,377,856 | ---- | M] () -- D:\Desktop\gmer_2.1.19163.exe
[2013.05.08 13:08:55 | 000,050,477 | ---- | M] () -- D:\Desktop\Defogger.exe
[2013.05.08 13:08:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2013.05.08 12:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.08 03:17:39 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013.05.08 02:53:58 | 000,000,004 | ---- | M] () -- C:\Users\sascha\AppData\Roaming\skype.ini
[2013.05.06 11:59:47 | 000,000,222 | ---- | M] () -- D:\Desktop\Hitman Absolution.url
[2013.04.26 11:21:13 | 000,674,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.26 11:21:13 | 000,635,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.26 11:21:13 | 000,145,656 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.26 11:21:13 | 000,119,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 11:21:12 | 001,568,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.23 12:38:22 | 000,729,409 | ---- | M] () -- D:\Desktop\phase_by_quirkilicious-d61srua.jpg
[2013.04.23 12:30:15 | 000,271,360 | ---- | M] () -- C:\Users\sascha\Documents\Outlook.pst
[2013.04.19 18:33:01 | 000,195,618 | ---- | M] () -- D:\Desktop\supp only.jpg
[2013.04.18 14:27:20 | 001,590,562 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.18 10:34:19 | 000,207,428 | ---- | M] () -- D:\Desktop\533763_504447982956029_467687205_n.jpg
[2013.04.15 05:20:25 | 000,177,152 | ---- | M] () -- C:\Users\sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.12 12:15:00 | 000,656,344 | ---- | M] () -- D:\Desktop\img029.jpg
[2013.04.11 08:48:16 | 000,384,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 20:29:35 | 000,000,222 | ---- | M] () -- D:\Desktop\Age of Empires II HD Edition.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.08 13:18:57 | 000,000,020 | ---- | C] () -- C:\Users\sascha\defogger_reenable
[2013.05.08 13:10:47 | 000,377,856 | ---- | C] () -- D:\Desktop\gmer_2.1.19163.exe
[2013.05.08 13:09:32 | 000,050,477 | ---- | C] () -- D:\Desktop\Defogger.exe
[2013.05.08 03:17:39 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013.05.08 02:53:54 | 000,000,004 | ---- | C] () -- C:\Users\sascha\AppData\Roaming\skype.ini
[2013.05.06 11:59:47 | 000,000,222 | ---- | C] () -- D:\Desktop\Hitman Absolution.url
[2013.04.23 12:38:22 | 000,729,409 | ---- | C] () -- D:\Desktop\phase_by_quirkilicious-d61srua.jpg
[2013.04.19 18:33:00 | 000,195,618 | ---- | C] () -- D:\Desktop\supp only.jpg
[2013.04.18 10:34:19 | 000,207,428 | ---- | C] () -- D:\Desktop\533763_504447982956029_467687205_n.jpg
[2013.04.12 12:14:48 | 000,656,344 | ---- | C] () -- D:\Desktop\img029.jpg
[2013.04.12 12:13:01 | 000,271,360 | ---- | C] () -- C:\Users\sascha\Documents\Outlook.pst
[2013.04.09 20:29:35 | 000,000,222 | ---- | C] () -- D:\Desktop\Age of Empires II HD Edition.url
[2013.03.29 19:18:41 | 001,590,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.26 08:47:37 | 000,000,825 | ---- | C] () -- C:\Users\sascha\.recently-used.xbel
[2012.02.26 16:06:01 | 000,350,208 | ---- | C] () -- C:\Users\sascha\oC11b72rv1.exe
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.04.23 12:32:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.11.28 20:24:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.22 09:28:58 | 000,000,552 | ---- | C] () -- C:\Users\sascha\AppData\Local\d3d8caps.dat
[2010.10.23 12:18:44 | 000,000,000 | ---- | C] () -- C:\Users\sascha\AppData\Roaming\wklnhst.dat
[2010.06.30 13:08:27 | 000,000,680 | ---- | C] () -- C:\Users\sascha\AppData\Local\d3d9caps.dat
[2010.06.15 19:23:49 | 000,177,152 | ---- | C] () -- C:\Users\sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.09 16:29:32 | 000,012,275 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{D0F43955-527B-4E7E-B067-41B8865E7165}_Large.jpg
[2010.06.09 16:29:32 | 000,002,830 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{D0F43955-527B-4E7E-B067-41B8865E7165}_Small.jpg
[2010.06.09 16:28:10 | 000,011,913 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{EAD3A717-BF96-4393-9B5A-B8153B0C69C9}_Large.jpg
[2010.06.09 16:28:10 | 000,002,982 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{EAD3A717-BF96-4393-9B5A-B8153B0C69C9}_Small.jpg
[2010.06.09 15:32:47 | 000,013,094 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{417E87B9-7942-490E-A681-E2A21B12736D}_Large.jpg
[2010.06.09 15:32:47 | 000,002,616 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{417E87B9-7942-490E-A681-E2A21B12736D}_Small.jpg
[2010.06.09 15:25:05 | 000,010,729 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{7B7F477D-FFB5-44EA-9A12-7F72814D17AB}_Large.jpg
[2010.06.09 15:25:05 | 000,002,701 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{7B7F477D-FFB5-44EA-9A12-7F72814D17AB}_Small.jpg
[2010.06.09 15:25:04 | 000,012,536 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{85D87632-F709-49B8-A17E-4CA075A0E0CD}_Large.jpg
[2010.06.09 15:25:04 | 000,003,025 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{85D87632-F709-49B8-A17E-4CA075A0E0CD}_Small.jpg
[2010.06.09 15:24:57 | 000,012,536 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{F850282C-2386-40BD-9514-E625F3CB28ED}_Large.jpg
[2010.06.09 15:24:57 | 000,003,025 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{F850282C-2386-40BD-9514-E625F3CB28ED}_Small.jpg
[2010.06.09 15:24:49 | 000,012,773 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{7284111D-16BE-40ED-BF30-DFD0CD05AEBB}_Large.jpg
[2010.06.09 15:24:49 | 000,002,888 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{7284111D-16BE-40ED-BF30-DFD0CD05AEBB}_Small.jpg
[2010.06.09 15:24:48 | 000,004,086 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{1018291A-FB1B-4BEC-8E9A-3076E41007C7}_Large.jpg
[2010.06.09 15:24:48 | 000,001,255 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{1018291A-FB1B-4BEC-8E9A-3076E41007C7}_Small.jpg
[2010.06.09 15:24:41 | 000,012,601 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{ABD82554-4F0D-4B68-A450-0157AAC58DC4}_Large.jpg
[2010.06.09 15:24:41 | 000,003,309 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{ABD82554-4F0D-4B68-A450-0157AAC58DC4}_Small.jpg
[2010.06.09 15:24:34 | 000,004,086 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{416F7E2B-7C3C-4AB5-8E37-1DCF3EEB7FF2}_Large.jpg
[2010.06.09 15:24:34 | 000,001,255 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{416F7E2B-7C3C-4AB5-8E37-1DCF3EEB7FF2}_Small.jpg
[2010.06.09 15:24:29 | 000,014,222 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{48C8AAF9-9FC8-4DE1-BB3B-1B9F430035F9}_Large.jpg
[2010.06.09 15:24:29 | 000,002,863 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{48C8AAF9-9FC8-4DE1-BB3B-1B9F430035F9}_Small.jpg
[2010.06.09 15:24:15 | 000,011,597 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{758CF53D-80A0-49F2-B408-42CE31CF4BED}_Large.jpg
[2010.06.09 15:24:15 | 000,002,991 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{758CF53D-80A0-49F2-B408-42CE31CF4BED}_Small.jpg
[2010.06.09 15:24:14 | 000,011,449 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{0C082DEC-3A82-48A7-B54A-3B2206DC8BA7}_Large.jpg
[2010.06.09 15:24:14 | 000,003,013 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{0C082DEC-3A82-48A7-B54A-3B2206DC8BA7}_Small.jpg
[2010.06.09 15:23:53 | 000,015,056 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{7456E1F0-A716-448B-A6E6-03BB98CA878D}_Large.jpg
[2010.06.09 15:23:53 | 000,008,412 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{41E88225-A345-4F9B-ABCC-68C71057C919}_Large.jpg
[2010.06.09 15:23:53 | 000,003,161 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{7456E1F0-A716-448B-A6E6-03BB98CA878D}_Small.jpg
[2010.06.09 15:23:53 | 000,002,401 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{41E88225-A345-4F9B-ABCC-68C71057C919}_Small.jpg
[2010.06.09 15:23:47 | 000,010,598 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Large.jpg
[2010.06.09 15:23:47 | 000,002,919 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Small.jpg
[2010.06.09 15:23:35 | 000,008,287 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{1A8B2B56-A25F-4688-8BB7-EF2EFA1CFD95}_Large.jpg
[2010.06.09 15:23:35 | 000,002,146 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{1A8B2B56-A25F-4688-8BB7-EF2EFA1CFD95}_Small.jpg
[2010.06.09 15:19:13 | 000,007,970 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{10CEB323-44E8-4296-A7F7-A84487F8F4D8}_Large.jpg
[2010.06.09 15:19:13 | 000,002,170 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{10CEB323-44E8-4296-A7F7-A84487F8F4D8}_Small.jpg
[2010.06.09 15:19:10 | 000,005,577 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{C8AC25EC-3FFD-4551-8EAD-14AE49A1ED57}_Large.jpg
[2010.06.09 15:19:10 | 000,001,690 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{C8AC25EC-3FFD-4551-8EAD-14AE49A1ED57}_Small.jpg
[2010.06.09 15:19:09 | 000,014,696 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{88536029-C7DA-411D-A241-0EEBFD6CE37F}_Large.jpg
[2010.06.09 15:19:09 | 000,008,182 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Large.jpg
[2010.06.09 15:19:09 | 000,003,192 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{88536029-C7DA-411D-A241-0EEBFD6CE37F}_Small.jpg
[2010.06.09 15:19:09 | 000,002,183 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Small.jpg
[2010.06.09 15:19:01 | 000,010,504 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{849CFEE3-581D-4C82-857C-C7B7798CA225}_Large.jpg
[2010.06.09 15:19:01 | 000,002,459 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{849CFEE3-581D-4C82-857C-C7B7798CA225}_Small.jpg
[2010.06.09 15:18:59 | 000,006,280 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{A898A8FA-94C2-4DF9-9CD7-4AC3C9399753}_Large.jpg
[2010.06.09 15:18:59 | 000,002,044 | -HS- | C] () -- C:\Users\sascha\AlbumArt_{A898A8FA-94C2-4DF9-9CD7-4AC3C9399753}_Small.jpg
[2010.06.09 15:18:52 | 000,005,577 | -HS- | C] () -- C:\Users\sascha\Folder.jpg
[2010.06.09 15:18:52 | 000,001,690 | -HS- | C] () -- C:\Users\sascha\AlbumArtSmall.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3163210225-1947164266-608850853-1001\$fb8a7cb17ae4e27c06ff64d7388f2a03\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3163210225-1947164266-608850853-1001\$fb8a7cb17ae4e27c06ff64d7388f2a03\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.21 00:50:49 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\.minecraft
[2011.03.11 14:53:32 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Bioshock
[2011.04.30 12:03:33 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Bioshock2
[2012.09.28 19:13:54 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Canneverbe Limited
[2010.11.29 21:11:32 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\DAEMON Tools Lite
[2012.09.30 09:41:02 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\DeepBurner
[2011.06.09 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Downloaded Installations
[2013.01.17 00:41:52 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\DVDVideoSoft
[2012.09.22 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.04.18 14:06:01 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\GetRightToGo
[2012.09.30 13:49:12 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\gtk-2.0
[2013.05.08 04:57:14 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\ICQ
[2012.07.30 18:11:44 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Lionhead Studios
[2011.10.27 19:55:50 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\LolClient
[2012.05.24 12:31:32 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\LolClient2
[2012.07.06 23:59:39 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Mumble
[2012.04.26 23:10:54 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\NationRed
[2013.03.23 00:23:28 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Natural Selection 2
[2013.05.08 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\NetSpeedMonitor
[2013.01.17 00:41:53 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\OpenCandy
[2013.01.04 23:42:17 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Origin
[2012.07.04 18:42:58 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Red Alert 3
[2013.03.20 16:51:17 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\six-updater
[2012.07.22 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\six-zsync
[2010.06.20 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\SPORE Creature Creator
[2012.12.28 02:35:04 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Spotify
[2013.05.08 02:54:53 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\TS3Client
[2013.01.17 00:45:10 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\TuneUp Software
[2013.03.21 22:09:04 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Tunngle
[2010.06.17 01:03:38 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\Ubisoft
[2013.03.29 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\sascha\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
Extras und GMER musste ich hochladen da der Thread zu lang wurde.
Ich bedanke mich im Vorraus für die Hilfe.

 

Themen zu Antivir meldet BDS/ZeroAccess.Gen' [backdoor].
antivir, avira, backdoor, bho, bonjour, converter, downloader, firefox, flash player, google, helper, home, launch, logfile, mp3, object, plug-in, problem, programm, realtek, recycle.bin, registry, scan, security, senden, virus, vista


« GUV Trojaner - nichts hilft - Defrogger kann kein Logfile erstellen | Nach Trojanerbefall Win32/Zbot.gen!AM Scan und Entfernen mit Avira Bootdisk - ist alles clean? »


Ähnliche Themen: Antivir meldet BDS/ZeroAccess.Gen' [backdoor].


  1. AVG Meldet Trojaner BackDoor Generic_c. Fehlalarm oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (3)
  2. Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt?
    Log-Analyse und Auswertung - 26.08.2013 (19)
  3. Trojaner BDS/ZeroAccess.Gen in Datei C:\Recycle.Bin\... von Avira Antivir erkannt und kommt immer wieder
    Log-Analyse und Auswertung - 01.06.2013 (21)
  4. Mein Avira meldet mir den BDS/ZeroAccess.Gen!
    Log-Analyse und Auswertung - 10.10.2012 (13)
  5. Norton meldet Trojan.Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (1)
  6. Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  7. antivir meldet.....
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (30)
  8. Kaspersky meldet nach DivX update Backdoor.Win32.IRCNite.anf
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (1)
  9. Backdoor via Antivir entdeckt: BDS.Poison.ifn
    Log-Analyse und Auswertung - 31.05.2010 (19)
  10. AntiVir meldet, TR/Spy.Gem
    Log-Analyse und Auswertung - 05.10.2009 (1)
  11. Antivir meldet TR/Spy.gen
    Log-Analyse und Auswertung - 01.06.2009 (3)
  12. Norton360 meldet Backdoor.Graybird!Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 17.04.2008 (1)
  13. Windows-Defender meldet Backdoor.win32/Rbot
    Log-Analyse und Auswertung - 15.04.2008 (1)
  14. WoW meldet Backdoor.Win32.Biforse.aej
    Plagegeister aller Art und deren Bekämpfung - 31.05.2007 (8)
  15. Antivir findet Backdoor BDS/Agent.AY
    Plagegeister aller Art und deren Bekämpfung - 18.05.2005 (334)
  16. Antivir findet Backdoor BDS/Agent.AY
    Log-Analyse und Auswertung - 22.02.2005 (9)
  17. Antivir findet Backdoor BDS/Agent.AY
    Plagegeister aller Art und deren Bekämpfung - 09.01.2005 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Antivir meldet BDS/ZeroAccess.Gen' [backdoor]. - Hallo zusammen, das hier hat Antivir mir gestern angezeigt: Code: Alles auswählen Aufklappen ATTFilter Die Datei 'C:\$Recycle.Bin\S-1-5-21-3163210225-1947164266-608850853-1001\$fb8a7cb17ae4e27c06ff64d7388f2a03\n' enthielt einen Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor]. Durchgeführte Aktion(en): Die Datei wurde - Antivir meldet BDS/ZeroAccess.Gen' [backdoor]....
Archiv
Du betrachtest: Antivir meldet BDS/ZeroAccess.Gen' [backdoor]. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19