Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BDS/Backdoor.Gen' [backdoor]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.02.2013, 11:07   #1
muecke
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Hallo zusammen,

Bei mir wurde gerade eben beim Echtzeitscan von Antivir folgendes gefunden.

In der Datei 'C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Temp\b33b7932-0f43-447e-876c-1caae51e60eb\DayZCommander.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Backdoor.Gen' [backdoor] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Da ich meinen Rechner gerade erst frisch aufgesetzt habe wollte ich fragen ob es sich dabei um was ernstes oder nur eine Fehlmeldung handelt.

Beste Grüße

Mücke


Hier die OTL files

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.02.2013 12:31:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Muecke\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,26% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 171,09 Gb Free Space | 73,50% Space Free | Partition Type: NTFS
Drive E: | 1397,26 Gb Total Space | 1278,34 Gb Free Space | 91,49% Space Free | Partition Type: NTFS
 
Computer Name: MUECKE-PC | User Name: God | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.19 12:29:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Muecke\Downloads\OTL.exe
PRC - [2013.02.13 17:34:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.13 17:34:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.13 17:34:06 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.01 19:21:00 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.01 19:21:14 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.14 22:01:20 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.02.13 17:34:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.13 17:34:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.01 19:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.16 13:01:36 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.02.13 17:34:22 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.13 17:34:22 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.13 17:34:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.01.06 11:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7350v270\NTIOLib_X64.sys -- (NTIOLib_1_0_6)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.13 17:32:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.13 18:54:34 | 000,000,000 | ---D | M]
 
[2013.02.13 17:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [BrowserChoice] C:\Windows\SysNative\browserchoice.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found
O4:64bit: - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4:64bit: - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6581D692-F2E3-42D5-9673-FB05C1B69B79}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F26A67E-F855-42B4-AA69-5DBF48682201}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.19 12:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.19 12:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.19 12:09:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.19 12:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.17 17:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2013.02.17 17:35:15 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2013.02.17 17:35:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2013.02.17 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2013.02.17 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2013.02.16 13:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.02.16 13:01:36 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.02.16 13:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.02.16 13:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.02.16 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.02.16 12:56:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.16 12:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013.02.15 22:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.14 22:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013.02.14 21:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013.02.14 19:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013.02.14 18:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013.02.14 13:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.14 12:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.02.14 12:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.02.14 11:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.02.14 11:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.02.14 11:41:52 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.02.14 11:41:34 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.02.13 21:53:50 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.02.13 21:53:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.02.13 19:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.13 19:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.02.13 18:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.02.13 18:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.02.13 18:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.02.13 18:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.02.13 18:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.13 18:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.13 18:53:32 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.13 18:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.13 18:42:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.13 18:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.13 18:42:09 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.02.13 18:42:09 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.13 18:42:09 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.13 18:42:09 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.13 18:42:09 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.13 18:42:09 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.13 18:42:09 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.02.13 18:42:09 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.13 18:42:09 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.13 18:42:09 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.13 18:42:09 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.13 18:42:09 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.02.13 18:42:09 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.13 18:42:09 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.02.13 18:42:09 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.02.13 18:42:09 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.13 18:42:09 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.02.13 18:42:08 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.02.13 18:42:08 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.13 18:42:08 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.13 18:42:08 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.02.13 18:42:08 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.02.13 18:42:08 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.02.13 18:42:08 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.02.13 18:42:08 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.02.13 18:42:08 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.02.13 18:42:08 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.02.13 18:42:08 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.02.13 18:42:08 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.02.13 18:42:08 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.02.13 18:42:08 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.02.13 18:42:08 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.02.13 18:42:08 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.02.13 18:42:08 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.02.13 18:42:08 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.02.13 18:42:08 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.02.13 18:42:08 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.02.13 18:42:08 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.02.13 18:42:08 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.13 18:42:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.02.13 18:42:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.02.13 18:42:08 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.02.13 18:42:08 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.02.13 18:42:08 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.02.13 18:42:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.13 18:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.13 18:42:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.02.13 18:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Videos
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Pictures
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Music
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Links
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Favorites
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Downloads
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Documents
[2013.02.13 18:36:37 | 000,000,000 | R--D | C] -- C:\Users\God\Desktop
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Vorlagen
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Startmenü
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\SendTo
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Recent
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Netzwerkumgebung
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Lokale Einstellungen
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Eigene Dateien
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Druckumgebung
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Cookies
[2013.02.13 18:36:37 | 000,000,000 | -HSD | C] -- C:\Users\God\Anwendungsdaten
[2013.02.13 18:36:37 | 000,000,000 | -H-D | C] -- C:\Users\God\AppData
[2013.02.13 18:36:37 | 000,000,000 | ---D | C] -- C:\Users\God\Saved Games
[2013.02.13 18:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files
[2013.02.13 18:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.02.13 18:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.02.13 18:08:59 | 000,000,000 | ---D | C] -- C:\Spiele
[2013.02.13 18:08:59 | 000,000,000 | ---D | C] -- \Spiele
[2013.02.13 18:03:21 | 000,011,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\acpimof.dll
[2013.02.13 17:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.02.13 17:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.02.13 17:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.02.13 17:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.02.13 17:50:21 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.13 17:50:21 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.13 17:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.02.13 17:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.02.13 17:49:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.02.13 17:49:10 | 000,000,000 | ---D | C] -- \NVIDIA
[2013.02.13 17:48:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.02.13 17:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.13 17:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.02.13 17:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.13 17:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.13 17:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.13 17:35:47 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 17:35:47 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 17:35:47 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.13 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.13 17:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.13 17:34:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.13 17:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.13 17:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.13 17:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- \Recovery
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- \Programme
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- \Dokumente und Einstellungen
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.13 17:27:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.13 17:21:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.13 17:18:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.02.13 17:18:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.02.13 17:18:18 | 000,000,000 | -HSD | C] -- \System Volume Information
[2013.02.13 17:17:20 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.19 12:30:05 | 000,000,168 | ---- | M] () -- C:\Users\God\defogger_reenable
[2013.02.19 10:05:49 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 10:05:49 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 10:02:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.19 10:02:31 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.19 10:02:31 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.19 10:02:31 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.19 10:02:31 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.19 09:58:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.19 09:58:04 | 3220,713,472 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.18 10:55:08 | 000,001,410 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013.02.17 17:38:18 | 000,276,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.17 17:35:15 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2013.02.16 13:01:36 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.02.16 12:57:08 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.02.13 21:21:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.13 21:21:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.13 17:34:22 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 17:34:22 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 17:34:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.13 17:21:32 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.13 17:21:32 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.13 17:20:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.02.19 12:30:05 | 000,000,168 | ---- | C] () -- C:\Users\God\defogger_reenable
[2013.02.17 17:35:15 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2013.02.16 12:57:08 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.02.14 18:26:46 | 000,001,410 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013.02.14 11:42:45 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.02.14 11:41:23 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.02.14 11:41:13 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.02.14 11:41:13 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.02.14 11:41:03 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013.02.14 11:41:03 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.02.13 21:36:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.13 21:21:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.13 21:21:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.13 21:09:40 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL
[2013.02.13 21:09:40 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL
[2013.02.13 21:09:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.13 18:42:09 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.02.13 17:49:40 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.13 17:32:41 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.13 17:21:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.02.13 17:21:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.02.13 17:20:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.02.13 17:18:18 | 3220,713,472 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.13 17:18:18 | 3220,713,472 | -HS- | C] () -- \hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- --



Extra:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.02.2013 12:31:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Muecke\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,26% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 171,09 Gb Free Space | 73,50% Space Free | Partition Type: NTFS
Drive E: | 1397,26 Gb Total Space | 1278,34 Gb Free Space | 91,49% Space Free | Partition Type: NTFS
 
Computer Name: MUECKE-PC | User Name: God | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0160B9AA-2E21-4208-849B-ED133EE409FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05422A0B-AA22-42D2-B63E-58A29475302A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{21070928-01CD-474A-A4EF-B4D304D67734}" = rport=445 | protocol=6 | dir=out | app=system | 
"{34D44B90-EDF5-4798-AE0A-33C3493933DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CC5A62C-1379-4112-8CE0-3020E3F1E2A6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4FEBD69E-3D7E-49A6-B6DD-CE648B68FE8A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{61836B2E-E260-4B3E-877D-507548C0041F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6CBD42EA-3626-4ADA-9C43-E18D81C32FE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79503AB5-7EEB-4FD6-A216-72EF8632B534}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BB9908E-A010-4E9D-82C4-F2B9F53634AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8282D471-206C-4617-8143-9C4B91C68D3F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{934E2CF7-EF84-42DF-8DC9-5DF8575DEDC5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9B542B38-C523-427A-BF42-3305B6499C06}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9CA03485-65C3-4502-BD89-321353CD77C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD73A658-B884-42D3-9B05-990A44C591E8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D3FA7035-1CEC-4E9B-867C-ED6A9BB0E001}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D672BBE3-E2E4-40B9-A6BF-6CD99D17727A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D86F3753-5105-4DC9-9E68-3BCEA436A335}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC843443-4B77-4F38-B783-13920196CAD0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E8AA5606-CC4E-4673-AD4D-08976B937E44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F782B9DF-00BF-498A-83E9-A05F573B867A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F8341A1A-FCF2-4F1F-8058-177749D90C91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F9445342-D0F2-4AE5-A26B-6A698A5FB5BB}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0067C0D1-DD39-496F-BBDE-B362583BCAEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0590CAE8-E1F3-4D29-85FF-522CB8C91AB5}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{05AC85D1-E7C1-4633-B18B-89574E1662B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{071F703B-62DC-43AB-9C65-4718D292B46E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{0CBBB745-935B-48B0-A1DD-0575770A103B}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe | 
"{1CC8F578-9A0D-42E5-B7AD-8904EE704951}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2\arma2.exe | 
"{1DAB1AA3-F1E8-4E34-B3CB-B44995D51A45}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{280DE0F3-347B-4E30-A604-54BAFDABE917}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{29FBCB59-257E-4F29-A54D-368D55A500BC}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{2DAD6BC7-7FE2-432F-9215-954304CC025C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DDAFDEF-CF57-4CA4-B564-77B289DEB3FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31962F75-8B29-4AE5-AF0E-78F8420EA290}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{3329B165-914F-4C16-B06A-C187F7244041}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DAA7EA9-8698-4240-BCD1-D8DA70763A77}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{48499F2F-9EE6-454A-B2EB-EA7510975A65}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{510768AB-88AE-48BB-953B-C101D40C278C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{51A4A260-5C0C-4DFA-9705-44535E06B925}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5995519B-E449-44A4-A3B1-734A0855C666}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CD115BE-6E80-4971-88EA-DF95FFE3B42D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6E3C1D4C-7A65-4B1C-82C1-9DB83AE69BFE}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{72BEFBE4-49F7-4693-8843-4B73C53F8783}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{75AEFF67-CBCD-40E6-9BC9-CCC27040A819}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7983667B-9FDC-4E19-8557-5DCBA03338EF}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{7B75B67D-620B-4986-8A06-B2AF8C2B32A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81C180D6-8F35-4ED4-A66A-59C61275E087}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8211831E-31F3-4D41-BB81-FD5139073B96}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2\arma2.exe | 
"{94210D0B-C1ED-4249-A013-8FAA5372ED81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9E7C006F-C729-4A5C-98EA-F9F9EA8DE0C7}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{A5DDB720-F1D6-4A58-BD34-3B47173FC06E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A8CD9EB9-291F-4B12-8913-95B85DFF3C42}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{D02DBB90-8653-434B-9548-882D586866D7}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe | 
"{D22A0DA2-485C-46E1-8D05-45D77DDAF9C7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{DA5FEB49-70DD-4CEA-A3BD-B905803009CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E051C513-A251-4EF6-AF36-2C1ABFB80E5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0BDF1F9-43DA-4F51-8F34-4F7CBBE80844}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{E9FBE9BA-72A8-4324-97C5-2D1D513F20D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F4C09B8D-8190-46A0-8FB2-DBF92FDE6EA2}" = protocol=6 | dir=out | app=system | 
"{FD053B82-0EFD-4976-9C7E-A9C5ECC7F399}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{182ABA68-885F-4AA6-B71C-BF0E1694DF2C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{191380EB-BB07-46A6-BF54-475420AF3F7E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2B93C524-BFFA-4545-91EE-EEADCD580EC2}" = DayZ Commander
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"DAEMON Tools Lite" = DAEMON Tools Lite
"Foxit Reader_is1" = Foxit Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 200710" = Torchlight II
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2013 13:10:34 | Computer Name = Muecke-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 18.0.2.4780,
 Zeitstempel: 0x510c057b  Name des fehlerhaften Moduls: xul.dll, Version: 18.0.2.4780,
 Zeitstempel: 0x510c04a9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0012bdc8  ID des fehlerhaften
 Prozesses: 0x5c4  Startzeit der fehlerhaften Anwendung: 0x01ce0a0c2873ad30  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 46cd08c0-7600-11e2-a352-0019db6179bb
 
Error - 13.02.2013 13:38:46 | Computer Name = Muecke-PC | Source = Application Hang | ID = 1002
Description = Programm LU5.exe, Version 5.0.99.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 87c    Startzeit: 
01ce0a10af55b010    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\MSI\Live Update
 5\LU5.exe    Berichts-ID: 3515d451-7604-11e2-a228-0019db6179bb  
 
Error - 13.02.2013 13:45:26 | Computer Name = Muecke-PC | Source = Application Hang | ID = 1002
Description = Programm LU5.exe, Version 5.0.99.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cd0    Startzeit: 
01ce0a11d240c910    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\MSI\Live Update
 5\LU5.exe    Berichts-ID: 2224c7b1-7605-11e2-aa42-0019db6179bb  
 
Error - 13.02.2013 17:32:06 | Computer Name = Muecke-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvSCPAPISvr.exe, Version: 7.17.13.1090,
 Zeitstempel: 0x50deaa09  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74736a64  ID des fehlerhaften
 Prozesses: 0x2f4  Startzeit der fehlerhaften Anwendung: 0x01ce0a312ed6dec0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d0153840-7624-11e2-a3f3-0019db6179bb
 
Error - 13.02.2013 17:32:09 | Computer Name = Muecke-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.11.3.0, Zeitstempel:
 0x50de91a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74736a64  ID des fehlerhaften Prozesses:
 0x9c4  Startzeit der fehlerhaften Anwendung: 0x01ce0a318ab5bae0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d1f86f60-7624-11e2-a3f3-0019db6179bb
 
Error - 13.02.2013 17:32:13 | Computer Name = Muecke-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.652,
 Zeitstempel: 0x5106bcf5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74736a64  ID des fehlerhaften
 Prozesses: 0x414  Startzeit der fehlerhaften Anwendung: 0x01ce0a319638a120  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d3e78d60-7624-11e2-a3f3-0019db6179bb
 
Error - 14.02.2013 07:39:04 | Computer Name = Muecke-PC | Source = ESENT | ID = 215
Description = WinMail (2932) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 14.02.2013 08:43:17 | Computer Name = Muecke-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
[ System Events ]
Error - 17.02.2013 11:25:35 | Computer Name = Muecke-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 17.02.2013 12:35:17 | Computer Name = Muecke-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.02.2013 12:37:46 | Computer Name = Muecke-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 17.02.2013 12:39:48 | Computer Name = Muecke-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 17.02.2013 15:11:26 | Computer Name = Muecke-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.02.2013 17:26:16 | Computer Name = Muecke-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 18.02.2013 04:56:00 | Computer Name = Muecke-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 18.02.2013 12:33:43 | Computer Name = Muecke-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 19.02.2013 04:58:02 | Computer Name = Muecke-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 19.02.2013 06:52:05 | Computer Name = Muecke-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
         
--- --- ---

gmer:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-19 12:50:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 ST325062 rev.3.AA 232,89GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\God\AppData\Local\Temp\uwdiypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077181465 2 bytes [18, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000771814bb 2 bytes [18, 77]
.text  ...                                                                                                                                      * 2

---- EOF - GMER 2.1 ----
         
--- --- ---


Ich hoffe ich habe nichts vergessen.

Geändert von muecke (19.02.2013 um 11:53 Uhr)

Alt 20.02.2013, 12:45   #2
aharonov
/// TB-Ausbilder
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Hallo Mücke,

deine Logs sehen soweit unauffällig aus.

Diese Meldung von Avira könnte tatsächlich ein Fehlalarm sein, andere melden Ähnliches.
Lass doch Avira nochmals dieses Programm durchscannen, ob es auch mit erneuerter Datenbank immer noch etwas erkennt.
Weiter kannst du das File auch zur Auswertung bei virustotal.com hochladen.
Wenn dein Avira diese Datei immer noch bemängelt, dann kannst du sie ja mal zur Analyse mit Verdacht auf Fehlalarm einsenden und schauen, was sie dazu meinen: Verdächtige Dateien einsenden.
__________________

__________________

Alt 20.02.2013, 18:34   #3
muecke
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Vielen dank für deine Hilfe Leo.

Auf euch is einfach verlass.

Werd deinen rat gleich nachher mal ausprobieren
__________________

Alt 23.02.2013, 20:12   #4
aharonov
/// TB-Ausbilder
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________
cheers,
Leo

Alt 24.02.2013, 10:12   #5
muecke
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Guten Morgen Leo,

Hatte ne ziemlich stressige Woche.Sorry das ich mich deswegen nicht mehr gemeldet habe.
mitlerweile hat Antivir drei weitere Zips (wahrscheinlich Aktualisierungen vom Dayzcommander) als gleiche Backdoor programme erkannt.

Bei Virustotal wird bei einer Datei nur Antivir als treffer angezeigt.Bei der nächsten ist es noch Trendmicro Housecall, bei der dritten auch Trendmicro und Antivir.

Was soll ich jetzt machen?

Liebe Grüße

Mücke


Alt 24.02.2013, 13:29   #6
aharonov
/// TB-Ausbilder
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Hallo Mücke,

kein Problem.

Wenn es nur so wenige Treffer auf Virustotal gibt, ist schon ein Fehlalarm wahrscheinlich.
Ich würd jetzt vorerst dieses Programm nicht ausführen und die von Avira bemängelten Dateien zur Analyse einsenden mit Verdacht auf Fehlalarm: Verdächtige Dateien einsenden.
Dann werden die es sich nochmals genau anschauen und du bekommst die Bestätigung, dass es ein Fehlalarm war oder eben nicht.
__________________
--> BDS/Backdoor.Gen' [backdoor]

Alt 01.03.2013, 16:49   #7
muecke
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Sooo,
Habe die Dateien anfang der Woche ingeschickt.
Waren Fehlermeldungen und werden mit dem nächsten Avira update rausgenommen.

Danke dir nochmals für deine Hilfe Leo

Schönes Wochenende

Alt 01.03.2013, 17:26   #8
aharonov
/// TB-Ausbilder
 
BDS/Backdoor.Gen' [backdoor] - Standard

BDS/Backdoor.Gen' [backdoor]



Danke für die Mitteilung.
Und ebenfalls ein schönes Wochenende.


Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu BDS/Backdoor.Gen' [backdoor]
aktion, antivir, application/pdf:, aufgesetzt, backdoor, bds/backdoor, bds/backdoor.gen, commander, dayzcommander, ernstes, fehlmeldung, focus, folgendes, fragen, gefunde, hallo zusammen, install.exe, nvidia update, program, programm, rechner, scan, temp, unerwünschtes, unerwünschtes programm, virus, zugriff, zusammen



Ähnliche Themen: BDS/Backdoor.Gen' [backdoor]


  1. System bereinigen nach Backdoor.graybird / backdoor.rustock etc.
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (5)
  2. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  3. Backdoor.Bot / Backdoor.Gootkit / Malware.Trace -> HiJackThis + Malwarebytes logfile
    Log-Analyse und Auswertung - 02.07.2010 (6)
  4. Backdoor.bot
    Log-Analyse und Auswertung - 04.06.2009 (2)
  5. Backdoor.Trojan und Backdoor.Grybird
    Mülltonne - 13.10.2008 (0)
  6. Backdoor?
    Log-Analyse und Auswertung - 08.05.2008 (1)
  7. TR/BackDoor.NB
    Plagegeister aller Art und deren Bekämpfung - 26.04.2008 (4)
  8. Backdoor-DJT
    Plagegeister aller Art und deren Bekämpfung - 23.10.2007 (3)
  9. Backdoor???
    Mülltonne - 14.10.2007 (0)
  10. Backdoor.GrayBird.K (BackDoor-ARR [McAfee]
    Plagegeister aller Art und deren Bekämpfung - 29.07.2007 (1)
  11. Backdoor Win 32.VB.aup
    Plagegeister aller Art und deren Bekämpfung - 05.06.2007 (4)
  12. Backdoor
    Plagegeister aller Art und deren Bekämpfung - 09.11.2005 (2)
  13. W32/Backdoor-CFB
    Plagegeister aller Art und deren Bekämpfung - 08.09.2004 (1)
  14. backdoor.avc???
    Plagegeister aller Art und deren Bekämpfung - 25.08.2004 (3)
  15. Backdoor.sd.bot
    Plagegeister aller Art und deren Bekämpfung - 07.05.2004 (2)
  16. Backdoor... Was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.04.2004 (1)
  17. Backdoor help thx
    Plagegeister aller Art und deren Bekämpfung - 05.08.2003 (5)

Zum Thema BDS/Backdoor.Gen' [backdoor] - Hallo zusammen, Bei mir wurde gerade eben beim Echtzeitscan von Antivir folgendes gefunden. In der Datei 'C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Temp\b33b7932-0f43-447e-876c-1caae51e60eb\DayZCommander.exe' wurde ein Virus oder unerwünschtes Programm 'BDS/Backdoor.Gen' [backdoor] gefunden. - BDS/Backdoor.Gen' [backdoor]...
Archiv
Du betrachtest: BDS/Backdoor.Gen' [backdoor] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.