|
Log-Analyse und Auswertung: BKA-/Bundespolizei-Trojaner ebenso ...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.03.2012, 01:25 | #1 |
| BKA-/Bundespolizei-Trojaner ebenso ... Habe mir wie oben steht auch den bka Trojaner/virus eingefangen habe auch log files schon da ich mit otl gescanned habe Code:
ATTFilter [2012/03/06 09:24:43 | 000,000,000 | ---D | C] -- C:\Users\Serashi\AppData\Local\Team_360h [2012/03/02 21:48:01 | 000,000,000 | ---D | C] -- C:\Users\Serashi\AppData\Local\{43F25395-7866-45C2-B894-9FE95CB20D92} [2012/03/02 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\Serashi\AppData\Local\{94752066-C67E-4D68-AAEC-CF7818BAF091} [2012/03/02 09:47:10 | 000,000,000 | ---D | C] -- C:\Users\Serashi\AppData\Local\{24BD8125-C3F8-4989-AC00-E6C25E392699} [2012/03/02 09:46:58 | 000,000,000 | ---D | C] -- C:\Users\Serashi\AppData\Local\{763A9B6E-9BD2-416C-8609-AC5B0F194A35} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Serashi\Documents\*.tmp files -> C:\Users\Serashi\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/30 20:21:30 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/03/30 20:21:30 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/03/30 20:21:30 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/03/30 18:37:10 | 000,000,632 | RHS- | M] () -- C:\Users\Serashi\ntuser.pol [2012/03/30 18:22:26 | 000,001,037 | ---- | M] () -- C:\Users\Serashi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgs8h0.exe.lnk [2012/03/30 17:38:36 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/30 17:38:36 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/30 17:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/30 17:31:09 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012/03/20 09:06:15 | 000,102,333 | ---- | M] () -- C:\Users\Serashi\Desktop\Scan001.jpg [2012/03/17 11:27:06 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012/03/14 17:00:45 | 000,415,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/03/12 11:07:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf [2012/03/05 11:27:15 | 000,000,844 | ---- | M] () -- C:\Users\Serashi\Desktop\JDownloader.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Serashi\Documents\*.tmp files -> C:\Users\Serashi\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/30 18:37:10 | 000,000,632 | RHS- | C] () -- C:\Users\Serashi\ntuser.pol [2012/03/30 18:22:26 | 000,001,037 | ---- | C] () -- C:\Users\Serashi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgs8h0.exe.lnk [2012/03/20 09:06:15 | 000,102,333 | ---- | C] () -- C:\Users\Serashi\Desktop\Scan001.jpg [2012/03/17 11:27:06 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012/03/12 11:07:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf [2012/03/05 11:27:15 | 000,000,844 | ---- | C] () -- C:\Users\Serashi\Desktop\JDownloader.lnk [2012/03/05 11:27:14 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012/03/05 11:27:14 | 000,000,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012/03/05 11:27:14 | 000,000,753 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012/02/14 18:01:33 | 000,197,095 | ---- | C] () -- C:\Windows\hpwins27.dat [2011/11/27 12:12:56 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/11/27 12:12:56 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011/11/27 12:12:56 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011/11/27 12:12:56 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/11/27 12:12:56 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/11/27 12:12:56 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/11/27 12:12:56 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/11/27 12:12:56 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/11/27 12:12:56 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/11/27 12:12:56 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011/11/27 12:12:56 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/11/27 12:12:56 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/11/27 12:12:56 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/11/27 12:12:56 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/11/27 12:12:56 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/11/27 12:12:56 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011/11/27 12:12:56 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011/11/27 12:12:56 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/11/27 12:12:56 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/10/20 18:42:16 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/10/13 12:14:55 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011/08/08 01:33:59 | 000,000,095 | ---- | C] () -- C:\Users\Serashi\AppData\Local\fusioncache.dat [2011/08/08 01:31:59 | 000,747,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/05/31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/31/2012 2:18:16 AM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = E:\Images 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 53.14% Memory free 8.00 Gb Paging File | 6.18 Gb Available in Paging File | 77.28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50.00 Gb Total Space | 14.04 Gb Free Space | 28.08% Space Free | Partition Type: NTFS Drive D: | 50.00 Gb Total Space | 22.44 Gb Free Space | 44.88% Space Free | Partition Type: NTFS Drive E: | 312.50 Gb Total Space | 69.45 Gb Free Space | 22.22% Space Free | Partition Type: NTFS Drive F: | 53.26 Gb Total Space | 8.00 Gb Free Space | 15.03% Space Free | Partition Type: NTFS Computer Name: NIHIL | User Name: Serashi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "EPSON Printer and Utilities" = EPSON-Drucker-Software "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04077D50-954B-4365-84BF-02DE4702BA00}" = Pro Gaming Keyboard "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{1759FA61-153B-436D-A663-E7C50D80D2D8}_is1" = Batman Arkham City "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.1 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE "{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E3BFC829-C9E7-4B01-B344-0BCB65D1666B}" = TG-30 USB GAME PAD "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5348080-5B89-40BE-908B-41A4784E0EDE}_is1" = Dragonica "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Bejeweled 3" = Bejeweled 3 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "ESET Online Scanner" = ESET Online Scanner v3 "hon" = Heroes of Newerth "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "Nokia Suite" = Nokia Suite "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "PicGrab_is1" = PicGrab 2.7.9 "Sonic Generations_is1" = Sonic Generations "StarCraft II" = StarCraft II "Steam App 105300" = Critical Mass "Steam App 111400" = Bunch Of Heroes "Steam App 26900" = Crayon Physics Deluxe "Steam App 39160" = Dungeon Siege III "Steam App 41050" = Serious Sam Classic: The First Encounter "Steam App 41060" = Serious Sam Classic: The Second Encounter "Steam App 41100" = Hammerfight "Steam App 48000" = LIMBO "Steam App 550" = Left 4 Dead 2 "Steam App 65800" = Dungeon Defenders "Steam App 70300" = VVVVVV "Steam App 91600" = Sanctum "Trine_is1" = Trine 1.09 "uTorrent" = µTorrent "VL Sound 5.1" = VL Sound 5.1 "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/4/2012 2:09:53 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:53 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:53 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:53 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:54 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:54 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:54 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:54 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:54 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 3/4/2012 2:09:54 PM | Computer Name = NIHIL | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . [ System Events ] Error - 12/20/2011 1:41:31 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:41:46 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:42:00 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:42:13 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:42:28 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:42:47 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:42:54 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:43:03 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 1:43:11 AM | Computer Name = NIHIL | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 12/20/2011 2:15:14 PM | Computer Name = NIHIL | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. < End of report > Geändert von Serashi (31.03.2012 um 01:27 Uhr) Grund: enter gedrückt |
31.03.2012, 16:11 | #2 |
/// Malware-holic | BKA-/Bundespolizei-Trojaner ebenso ... hi
__________________otl.txt ist nicht vollständig, bitte erneut posten.
__________________ |
Themen zu BKA-/Bundespolizei-Trojaner ebenso ... |
files, install.exe, log, log files, microsoft office word, nvidia update, officejet, troja, trojaner/virus |