Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 50€ Trojaner/Virus eingefangen :(

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.02.2012, 11:58   #1
cybbe
 
50€ Trojaner/Virus eingefangen :( - Standard

50€ Trojaner/Virus eingefangen :(



Hallo Trojaner-Board-Gemeinde,

nun habe ich mir auch mal wieder was eingefangen. Es handelt sich dabei um das 50€ Dingens
Also Bildschirm wird schwarz u. es kommt eine rote Aufschrift, das ich was bezahlen muss, damit der Rechner wieder freigegeben wird.
Hab ich schon ein bisschen was gelesen und hab den Rechner mal im abgesicherten Modus gestartet sowie OTL durchlaufen lassen. Hier nun das Ergebnis (extra.txt):
Code:
ATTFilter
OTL Extras logfile created on: 12.02.2012 11:52:45 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Soeren\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,04 Gb Available Physical Memory | 88,00% Memory free
15,99 Gb Paging File | 15,11 Gb Available in Paging File | 94,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 15,87 Gb Free Space | 26,45% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 134,83 Gb Free Space | 55,23% Space Free | Partition Type: NTFS
Drive E: | 627,37 Gb Total Space | 581,00 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
Drive F: | 455,99 Gb Total Space | 348,68 Gb Free Space | 76,47% Space Free | Partition Type: NTFS
Drive K: | 9,75 Gb Total Space | 8,58 Gb Free Space | 87,93% Space Free | Partition Type: FAT32
 
Computer Name: SOEREN-PC | User Name: Soeren | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E674CF-C77E-4915-A110-A7556F4AB118}" = ESET NOD32 Antivirus
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"sp6" = Logitech SetPoint 6.22
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.7
"Call of Duty Modern Warfare 3 (c) Activision_is1" = Call of Duty Modern Warfare 3 (c) Activision version 1
"CloneCD" = CloneCD
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.2
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"HLSW_is1" = HLSW v1.4.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2011 05:29:55 | Computer Name = Soeren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.1, time 
stamp: 0x4ba03352  Faulting module name: JustCause2.exe, version: 1.0.0.1, time stamp:
 0x4ba03352  Exception code: 0xc0000005  Fault offset: 0x0025b6dc  Faulting process id:
 0x1320  Faulting application start time: 0x01cc6564be038164  Faulting application path:
 D:\Spiele\Just Cause 2\JustCause2.exe  Faulting module path: D:\Spiele\Just Cause
 2\JustCause2.exe  Report Id: 496db26b-d158-11e0-8a1d-bcaec5995ba6
 
Error - 28.08.2011 10:53:53 | Computer Name = Soeren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.1, time 
stamp: 0x4ba03352  Faulting module name: JustCause2.exe, version: 1.0.0.1, time stamp:
 0x4ba03352  Exception code: 0xc0000005  Fault offset: 0x0025b6dc  Faulting process id:
 0x1024  Faulting application start time: 0x01cc659189eb5fad  Faulting application path:
 D:\Spiele\Just Cause 2\JustCause2.exe  Faulting module path: D:\Spiele\Just Cause
 2\JustCause2.exe  Report Id: 8b71801c-d185-11e0-a8d9-bcaec5995ba6
 
Error - 10.09.2011 03:42:41 | Computer Name = Soeren-PC | Source = VSS | ID = 8194
Description = 
 
Error - 04.10.2011 09:08:19 | Computer Name = Soeren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: portal2.exe, version: 0.0.0.0, time stamp:
 0x4d4c804d  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x5ec  Faulting application
 start time: 0x01cc82968fedccd7  Faulting application path: D:\Spiele\Portal 2\portal2.exe
Faulting
 module path: unknown  Report Id: ed8a52c8-ee89-11e0-8fb5-bcaec5995ba6
 
Error - 04.10.2011 14:12:11 | Computer Name = Soeren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PORTAL2.EXE, version: 0.0.0.0, time stamp:
 0x4d4c804d  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x7b0  Faulting application
 start time: 0x01cc82c102f2fcaa  Faulting application path: D:\Spiele\Portal 2\PORTAL2.EXE
Faulting
 module path: unknown  Report Id: 60eb4e6f-eeb4-11e0-aaab-bcaec5995ba6
 
Error - 09.10.2011 11:52:10 | Computer Name = Soeren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PORTAL2.EXE, version: 0.0.0.0, time stamp:
 0x4d4c804d  Faulting module name: valve_avi.dll, version: 0.0.0.0, time stamp: 0x4dc456d1
Exception
 code: 0xc0000005  Fault offset: 0x00004493  Faulting process id: 0xa74  Faulting application
 start time: 0x01cc86972906bde8  Faulting application path: D:\Spiele\Portal 2\PORTAL2.EXE
Faulting
 module path: d:\spiele\portal 2\bin\valve_avi.dll  Report Id: a5165014-f28e-11e0-ac49-bcaec5995ba6
 
Error - 15.10.2011 07:18:41 | Computer Name = Soeren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PORTAL2.EXE, version: 0.0.0.0, time stamp:
 0x4d4c804d  Faulting module name: valve_avi.dll, version: 0.0.0.0, time stamp: 0x4dc456d1
Exception
 code: 0xc0000005  Fault offset: 0x00004493  Faulting process id: 0x1120  Faulting application
 start time: 0x01cc8b2ab3ed7af4  Faulting application path: D:\Spiele\Portal 2\PORTAL2.EXE
Faulting
 module path: d:\spiele\portal 2\bin\valve_avi.dll  Report Id: 6f27eec4-f71f-11e0-bae2-bcaec5995ba6
 
Error - 18.12.2011 15:10:07 | Computer Name = Soeren-PC | Source = Application Hang | ID = 1002
Description = The program burningstudio10.exe version 10.0.7.151 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1044    Start
 Time: 01ccbdb756470b43    Termination Time: 20    Application Path: F:\Programme\Ashampoo
 Burning Studio 10\burningstudio10.exe    Report Id: e1b4f6ae-29ab-11e1-9d47-bcaec5995ba6

 
Error - 18.12.2011 15:11:40 | Computer Name = Soeren-PC | Source = Application Hang | ID = 1002
Description = The program burningstudio10.exe version 10.0.7.151 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 4a0    Start
 Time: 01ccbdb8a8864396    Termination Time: 20    Application Path: F:\Programme\Ashampoo
 Burning Studio 10\burningstudio10.exe    Report Id: 19ea5443-29ac-11e1-9d47-bcaec5995ba6

 
Error - 31.12.2011 08:34:41 | Computer Name = Soeren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BatmanAC.exe, version: 1.0.0.0, time stamp:
 0x00000000  Faulting module name: BatmanAC.exe, version: 1.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x0079f4fa  Faulting process id: 0x36c  Faulting application
 start time: 0x01ccc7b87b07816b  Faulting application path: D:\Spiele\Batman Arkham
 City\Binaries\Win32\BatmanAC.exe  Faulting module path: D:\Spiele\Batman Arkham City\Binaries\Win32\BatmanAC.exe
Report
 Id: cf59561c-33ab-11e1-8e62-bcaec5995ba6
 
[ System Events ]
Error - 12.02.2012 06:42:46 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:42:46 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:47:46 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:47:46 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:47:46 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:49:54 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:49:54 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:49:54 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:54:54 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 12.02.2012 06:54:54 | Computer Name = Soeren-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >
         
und OTL.txt
Code:
ATTFilter
OTL logfile created on: 12.02.2012 11:52:45 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Soeren\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,04 Gb Available Physical Memory | 88,00% Memory free
15,99 Gb Paging File | 15,11 Gb Available in Paging File | 94,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 15,87 Gb Free Space | 26,45% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 134,83 Gb Free Space | 55,23% Space Free | Partition Type: NTFS
Drive E: | 627,37 Gb Total Space | 581,00 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
Drive F: | 455,99 Gb Total Space | 348,68 Gb Free Space | 76,47% Space Free | Partition Type: NTFS
Drive K: | 9,75 Gb Total Space | 8,58 Gb Free Space | 87,93% Space Free | Partition Type: FAT32
 
Computer Name: SOEREN-PC | User Name: Soeren | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Soeren\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe (ESET)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- K:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 1F DB FD B3 AE CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Soeren\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Soeren\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.11 18:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.12 10:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.10.28 13:28:57 | 000,000,000 | ---D | M]
 
[2011.01.09 16:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soeren\AppData\Roaming\Mozilla\Extensions
[2011.11.11 18:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soeren\AppData\Roaming\Mozilla\Firefox\Profiles\h8hvj9jq.default\extensions
[2011.07.06 18:25:02 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Soeren\AppData\Roaming\Mozilla\Firefox\Profiles\h8hvj9jq.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011.01.09 16:17:39 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Soeren\AppData\Roaming\Mozilla\Firefox\Profiles\h8hvj9jq.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.11.12 10:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.11 18:49:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Soeren\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Soeren\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Soeren\AppData\Local\Google\Chrome\Application\16.0.912.77\gears.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Soeren\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Soeren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Soeren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Soeren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [BCSSync] F:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] F:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CloneCDTray] F:\Programme\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KeePass 2 PreLoad] f:\programme\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Soeren\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84EFFFE6-1634-40C3-A47F-3E98E77F917C}: DhcpNameServer = 192.168.2.66
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9e838b6c-26e2-11e0-a39c-bcaec5995ba6}\Shell - "" = AutoRun
O33 - MountPoints2\{9e838b6c-26e2-11e0-a39c-bcaec5995ba6}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{acf861d0-1aa5-11e0-a90c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{acf861d0-1aa5-11e0-a90c-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.29 19:21:34 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.29 19:21:33 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.29 19:21:33 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.29 19:21:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.29 19:21:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.29 19:21:33 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.15 12:19:56 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.15 12:19:55 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.15 12:19:55 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.15 12:19:54 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.15 12:19:49 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.15 12:19:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.15 12:19:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 11:40:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 11:40:23 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.12 11:32:11 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.02.12 10:48:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202604254-1432091182-1387180689-1001UA.job
[2012.02.12 09:46:21 | 000,025,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 09:46:21 | 000,025,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 19:05:15 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 3.lnk
[2012.02.11 18:49:18 | 000,002,056 | ---- | M] () -- C:\Users\Soeren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.02.08 21:55:02 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.02.08 21:55:02 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.08 21:10:10 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.02.08 20:48:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202604254-1432091182-1387180689-1001Core.job
[2012.01.29 19:43:35 | 000,002,407 | ---- | M] () -- C:\Users\Soeren\Desktop\Google Chrome.lnk
[2012.01.15 15:24:21 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.15 15:24:21 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.15 15:24:21 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.11 19:05:15 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 3.lnk
[2012.02.11 19:05:15 | 000,000,748 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare 3.lnk
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.10 10:11:47 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.05.27 16:03:10 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.01.16 10:49:11 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.16 10:49:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.16 10:43:11 | 000,835,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.07 22:47:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.12.01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
 
========== LOP Check ==========
 
[2012.02.08 22:07:29 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\.purple
[2011.02.25 18:32:47 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\Ashampoo
[2011.01.16 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\Bioshock2
[2011.01.07 23:36:23 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\DAEMON Tools Lite
[2012.02.08 20:16:32 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\FileZilla
[2011.01.22 09:18:51 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\GHISLER
[2011.01.22 09:10:22 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\gtk-2.0
[2012.02.11 17:26:41 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\HLSW
[2012.01.04 23:54:05 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\KeePass
[2011.06.07 19:22:59 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\Leadertech
[2011.09.13 10:01:06 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\Notepad++
[2011.03.20 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\PunkBuster
[2011.01.29 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\TeamViewer
[2011.08.20 14:48:14 | 000,000,000 | ---D | M] -- C:\Users\Soeren\AppData\Roaming\ts3overlay
[2011.12.30 16:55:13 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Ich hoffe ihr könnte mir helfen....

Danke

cybbe aka Soeren

Alt 12.02.2012, 15:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Trojaner/Virus eingefangen :( - Standard

50€ Trojaner/Virus eingefangen :(



Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 12.02.2012, 18:44   #3
cybbe
 
50€ Trojaner/Virus eingefangen :( - Standard

50€ Trojaner/Virus eingefangen :(



Hallo Arne,

erstmal Danke für Deine Antwort. Hier mal die zwei Log-Auswertungen:
Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.12.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Soeren :: SOEREN-PC [Administrator]

Schutz: Deaktiviert

12.02.2012 17:14:55
mbam-log-2012-02-12 (17-14-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349590
Laufzeit: 25 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7d55da323d925e409fa0e3ef4f95e1a6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 12:13:32
# local_time=2012-02-12 01:13:32 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 13671 80677205 0 0
# compatibility_mode=8204 39157246 100 74 70520 34613793 0 0
# scanned=164589
# found=0
# cleaned=0
# scan_time=1457
# nod_component=V3 Build:0x30000000
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7d55da323d925e409fa0e3ef4f95e1a6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 05:42:28
# local_time=2012-02-12 06:42:28 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 27373 80690907 0 0
# compatibility_mode=8204 39157246 100 74 84222 34627495 0 0
# scanned=165065
# found=1
# cleaned=0
# scan_time=5235
# nod_component=V3 Build:0x30000000
C:\Users\Soeren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1b608bcc-5cf7d783	a variant of Java/Agent.DN trojan (unable to clean)	00000000000000000000000000000000	I
         

Anzumerken ist noch, das ich Firefox gelöscht habe, da sich im AppData Verzeichnis eine firefox.exe befand, welche beim Starten (im abgesicherten Modus) den Trojaner zum Vorschein brachte. Auch ESET, welches ich als Vollversion besitze, habe ich schon mal drüber laufen lassen und alles gelöscht was er gefunden hatte. Deswegen wundert es mich um so mehr, dass der Online-Scanner trotzdem noch eine "Bedrohung" entdeckt. Nichts desto trotz...Vielen Dank schon mal für Deine hoffentlich weitere Hilfe

cybbe aka Sören
__________________

Alt 12.02.2012, 19:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Trojaner/Virus eingefangen :( - Standard

50€ Trojaner/Virus eingefangen :(



Zitat:
nzumerken ist noch, das ich Firefox gelöscht habe, da sich im AppData Verzeichnis eine firefox.exe befand
Das Programm (der Browser) Firefox hat nichts mit der firefox.exe im Appdata-Verzeichnis zu tun! Es besteht kein Anlass Firefox zu deinstallieren, nur weil eine Malware meint sich als firefox.exe tarnen zu müssen!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.02.2012, 19:26   #5
cybbe
 
50€ Trojaner/Virus eingefangen :( - Standard

50€ Trojaner/Virus eingefangen :(



Guten Abend Arne,

nein, bisher habe ich Malwarebytes noch nicht benutzt und mehr oder weniger auf S&D gebaut.
So, kann ich Dir leider nicht mit einem alten Log dienen.

Das ich FireFox nicht deinstallieren muss, dachte ich auch, doch nachdem ich die firefox.exe, welche sich vor dem ersten Löschen als eine Software von Tomasz P. getarnt hatte, gelöscht hatte, tauchte diese exe Datei ein zweites mal auf, als ffdwn o.ä.. So, dass ich das Löschen als sinnvoll anbetrachtete, da damit gleichzeit der Inhalt von FireFox im AppData Verzeichnis gelöscht wurde -_-

War bestimmt zu viel des Guten aber zumindest kommt die nervige Meldung nicht mehr.

Danke nochmals

cybbe aka Sören


Geändert von cybbe (12.02.2012 um 19:33 Uhr)

Alt 12.02.2012, 20:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Trojaner/Virus eingefangen :( - Standard

50€ Trojaner/Virus eingefangen :(



Was hatte die Vollversion von ESET denn gefunden? Log dazU?
__________________
--> 50€ Trojaner/Virus eingefangen :(

Alt 13.02.2012, 10:22   #7
cybbe
 
50€ Trojaner/Virus eingefangen :( - Standard

50€ Trojaner/Virus eingefangen :(



Tach Arne,

leider weder Log dazu noch hab ich mir gemerkt, was er gefunden hatte.
Ich schau heute nachmittag noch mal im Quarantäne-Ordner nach, ob ich dort noch was finde. Des Weitern suche ich auch die Log noch mal. Aber wie schon oben gesagt, auf den ersten Blick hatte ich keine gefunden.

cybbe aka Sören

Antwort

Themen zu 50€ Trojaner/Virus eingefangen :(
7-zip, adobe, application/pdf, application/pdf:, autorun, bho, bildschirm, browser, call of duty, defender, document, error, eset nod32, excel, excel.exe, explorer, flash player, format, google, google chrome, install.exe, langs, logfile, microsoft office word, mozilla, mozilla thunderbird, nvidia, nvidia update, problem, realtek, registry, rundll, scan, security, server, software, studio, teamspeak, tracker, trojaner/virus, usb 3.0, vdeck.exe, version=1.0, windows



Ähnliche Themen: 50€ Trojaner/Virus eingefangen :(


  1. Wahrscheinlich DHL-Virus/Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (2)
  2. Trojaner/Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (7)
  3. BKA Trojaner Virus mit Windows lock eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (21)
  4. Evtl. Virus oder Trojaner eingefangen
    Log-Analyse und Auswertung - 04.02.2013 (24)
  5. BKA Trojaner/Virus GVU Version 2.11 eingefangen
    Log-Analyse und Auswertung - 23.01.2013 (1)
  6. Virus oder Trojaner eingefangen
    Log-Analyse und Auswertung - 18.01.2013 (1)
  7. GVU Virus/Trojaner eingefangen: 48h per Paysafecard bezahlen
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (5)
  8. GUV Virus bzw. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (2)
  9. Virus/Trojaner über ICQ eingefangen
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (1)
  10. Trojaner oder Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (5)
  11. Virus Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  12. Virus oder Trojaner eingefangen!!
    Plagegeister aller Art und deren Bekämpfung - 06.02.2009 (3)
  13. Virus oder Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (0)
  14. Trojaner/Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 28.01.2008 (6)
  15. Virus/Trojaner eingefangen beim WOW update
    Plagegeister aller Art und deren Bekämpfung - 20.06.2007 (1)
  16. Virus/Trojaner eingefangen, zum ersten mal!
    Plagegeister aller Art und deren Bekämpfung - 15.04.2007 (18)
  17. Virus Trojaner eingefangen, bitte um hilfe
    Plagegeister aller Art und deren Bekämpfung - 09.03.2006 (4)

Zum Thema 50€ Trojaner/Virus eingefangen :( - Hallo Trojaner-Board-Gemeinde, nun habe ich mir auch mal wieder was eingefangen. Es handelt sich dabei um das 50€ Dingens Also Bildschirm wird schwarz u. es kommt eine rote Aufschrift, das - 50€ Trojaner/Virus eingefangen :(...
Archiv
Du betrachtest: 50€ Trojaner/Virus eingefangen :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.