Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.04.2012, 22:22   #1
Nadyan
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



Hallo, nachdem ich gerade mit Hilfe von Cosinus den Rechner eines Freundes bereinigt habe, mache ich mir Gedanken über mein System.
Ich habe den o.g. BKA Virus mit Kaspersky Rescue Disc entfernt und mit dem Windows Unlocker alles wieder zugänglich gemacht.
Ich denke ich sollte da aber nochmal gründlicher scannen. Oder reicht das?

Malwarebytes findet nichts, hier das Log:
Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.19.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Andy :: TABASCO [Administrator]

19.04.2012 14:44:48
mbam-log-2012-04-19 (14-44-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 522634
Laufzeit: 7 Stunde(n), 17 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hier noch ein OTL Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.04.2012 22:54:54 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Andy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,22% Memory free
8,21 Gb Paging File | 5,16 Gb Available in Paging File | 62,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,04 Gb Total Space | 92,09 Gb Free Space | 31,97% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,33 Gb Free Space | 89,65% Space Free | Partition Type: FAT32
Drive F: | 288,13 Gb Total Space | 245,46 Gb Free Space | 85,19% Space Free | Partition Type: NTFS
Drive G: | 69,02 Gb Total Space | 11,48 Gb Free Space | 16,64% Space Free | Partition Type: NTFS
Drive I: | 39,16 Gb Total Space | 12,55 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 72,32 Gb Free Space | 92,56% Space Free | Partition Type: NTFS
 
Computer Name: TABASCO | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.19 22:53:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
PRC - [2012.03.19 15:24:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.02.18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
PRC - [2012.02.02 11:41:13 | 000,790,584 | ---- | M] (Yummy Interactive Inc) -- C:\Program Files (x86)\Common Files\Metaboli\Core\yummy.launcher.exe
PRC - [2011.09.01 19:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.08.22 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.07.22 09:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.06.03 14:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.11.03 13:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2008.01.31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2008.01.25 19:11:28 | 000,269,432 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
PRC - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 08:30:13 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8e6e0fe015ea55ed5330966b933f555f\System.Messaging.ni.dll
MOD - [2012.04.12 08:30:09 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012.04.12 07:54:07 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.12 07:53:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.04.12 07:53:46 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll
MOD - [2012.04.12 07:53:29 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll
MOD - [2012.03.19 15:24:43 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.17 17:17:59 | 000,400,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\874aa7b98c4ebc7847d0e48b3849fc93\System.Xml.Linq.ni.dll
MOD - [2012.02.17 17:17:41 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\55fa3e9bbc83c786ece774b817e5aea9\System.ServiceModel.Web.ni.dll
MOD - [2012.02.17 17:11:48 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll
MOD - [2012.02.17 17:11:45 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll
MOD - [2012.02.17 17:11:45 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll
MOD - [2012.02.17 17:11:19 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll
MOD - [2012.02.17 17:11:03 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\96b4cdba0397f94416df0fa211f73441\System.Security.ni.dll
MOD - [2012.02.17 17:11:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.17 08:42:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.17 08:41:31 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012.02.17 08:41:26 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\30fe25ea2dd3b99aafe164fb198eed2e\System.Core.ni.dll
MOD - [2012.02.17 08:41:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012.02.17 08:40:53 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012.02.17 08:40:49 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.11.14 17:22:16 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll
MOD - [2011.11.14 14:08:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.10.20 16:08:14 | 000,122,720 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\OUTLCTL.DLL
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009.03.30 06:40:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:40:04 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.30 06:40:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 20:40:41 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe
MOD - [2006.05.04 06:58:38 | 001,239,040 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfdialogs100.bpl
MOD - [2006.05.04 06:58:38 | 000,237,056 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\expertpdf4core.bpl
MOD - [2006.05.04 06:58:36 | 003,014,656 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfcore100.bpl
MOD - [2006.05.04 06:58:36 | 001,026,048 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vsvector100.bpl
MOD - [2006.05.04 06:58:36 | 000,230,912 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfeditor100.bpl
MOD - [2006.04.15 06:34:26 | 000,568,320 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\TMSlite100.bpl
MOD - [2006.03.02 20:39:28 | 001,844,224 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\te100.bpl
MOD - [2006.03.02 20:33:18 | 000,444,928 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\VirtualTree100.bpl
MOD - [2006.03.02 20:28:36 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\uoolep100.bpl
MOD - [2006.03.02 20:01:50 | 000,071,168 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\VSDesktop100.bpl
MOD - [2006.03.02 19:57:48 | 000,383,488 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\visage100.bpl
MOD - [2006.03.02 19:55:22 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vsmisc100.bpl
MOD - [2005.12.26 13:20:52 | 002,098,176 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\PKIECtrl100.bpl
MOD - [2003.08.22 07:23:16 | 000,225,792 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\sqlite.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.02.14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.10.18 15:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.10.18 15:23:24 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.10.18 15:23:06 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.03.30 07:19:33 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.22 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.07.25 03:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.07.22 09:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.03.17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.03.01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.25 16:19:48 | 000,238,592 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.03 14:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.29 12:25:30 | 000,920,064 | ---- | M] () [Auto | Running] -- C:\Programme\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.01.29 12:24:52 | 000,193,024 | ---- | M] () [Auto | Running] -- C:\Programme\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.01.25 19:11:28 | 000,269,432 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe -- (Acer TV Share Service)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Acer\Empowering Technology\eRecovery\WSVD.sys -- (WSVD)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.05 10:00:03 | 000,376,400 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2011.11.23 12:49:18 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.11.23 12:49:18 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.10.15 14:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.10.15 14:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.15 14:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.03.29 12:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\cjusb.sys -- (cjusb)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.08 16:17:58 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.26 22:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.01.09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.05.20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008.03.19 01:29:30 | 001,379,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008.01.31 02:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.31 02:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.01.21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008.01.09 13:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007.12.10 15:22:10 | 000,144,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV:64bit: - [2007.12.10 15:22:06 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017obex.sys -- (s3017obex)
DRV:64bit: - [2007.12.10 15:22:04 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV:64bit: - [2007.12.10 15:22:02 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007.12.10 15:22:00 | 000,146,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdm.sys -- (s3017mdm)
DRV:64bit: - [2007.12.10 15:22:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdfl.sys -- (s3017mdfl)
DRV:64bit: - [2007.12.10 15:21:56 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV:64bit: - [2006.12.12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV - [2012.01.03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.01.03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2008.04.25 13:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=14979&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{3CC76759-6454-4927-99EE-4A64C0DA620E}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{F414AC10-69AD-421D-BE02-E6F81191E372}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.28 13:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011.12.21 17:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 15:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.03 16:35:51 | 000,000,000 | ---D | M]
 
[2009.08.05 17:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2009.08.05 17:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.04.03 09:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\jmpcw13q.default\extensions
[2010.04.27 09:01:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\jmpcw13q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.03 09:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.03 09:50:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.12.21 17:26:02 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.02.28 13:42:06 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.03.19 15:24:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2008.06.19 11:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll
[2008.06.19 11:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll
[2012.04.03 09:49:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 16:34:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 16:34:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.11 16:34:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 16:34:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.28 09:55:37 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.11 16:34:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 16:34:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20111221101030.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221101030.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\Shell\AutoRun\command - "" = .///falschyng\ketonneker.exe
O33 - MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\Shell\explore\command - "" = .\\\falschyng/\\ketonneker.exe
O33 - MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\Shell\open\command - "" = falschyng//\\/ketonneker.exe
O33 - MountPoints2\{9bd49d15-586c-11db-b288-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9bd49d15-586c-11db-b288-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{d3783322-b415-11de-85b5-001d72b8d7c0}\Shell - "" = AutoRun
O33 - MountPoints2\{d3783322-b415-11de-85b5-001d72b8d7c0}\Shell\AutoRun\command - "" = M:\win\CDSplash.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.19 22:53:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012.04.19 10:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.04.11 15:01:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 15:01:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 15:01:53 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.11 15:01:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.11 15:01:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 15:01:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 15:01:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 15:01:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 15:01:52 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.11 15:01:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.11 15:01:52 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.11 14:58:35 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 14:57:49 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 14:57:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 14:57:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.09 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2012.04.09 22:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.09 22:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.09 22:32:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.09 22:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.05 09:16:37 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2012.04.05 09:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.04.05 09:14:45 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2012.04.05 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.04.05 09:14:34 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2012.04.05 09:14:34 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2012.04.05 09:14:34 | 000,159,248 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2012.04.05 09:14:34 | 000,096,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2012.04.05 09:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.04.05 09:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.04.05 09:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.04.05 09:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.04.04 08:03:16 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\S2
[2012.04.04 08:03:11 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\S2
[2012.04.03 09:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.03 09:50:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.03 09:50:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.03 09:50:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.02 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\RCT3
[2012.04.02 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Atari
[2012.04.02 09:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IronCode
[2012.04.02 09:14:39 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\IronCode
[2012.03.30 07:19:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.26 09:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.03.26 09:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.03.26 09:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.03.22 15:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.19 23:08:10 | 000,271,360 | ---- | M] () -- C:\Users\Andy\Documents\backupKontakte2009-08-03.pst
[2012.04.19 23:06:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.19 22:53:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012.04.19 22:14:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 22:14:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 10:20:50 | 002,019,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.19 10:20:50 | 000,853,058 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.19 10:20:50 | 000,782,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.19 10:20:50 | 000,211,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.19 10:20:50 | 000,170,028 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.19 10:20:17 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012.04.19 10:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.13 14:15:22 | 000,000,000 | ---- | M] () -- C:\Users\Andy\Documents\PDF1
[2012.04.09 10:14:38 | 000,001,185 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.04.05 09:15:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.04.05 09:15:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.04.05 09:15:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2012.04.05 09:15:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2012.04.05 09:14:45 | 000,001,695 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.03 09:49:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.03 09:49:49 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.03 09:49:49 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.03 09:49:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.31 23:55:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012.03.30 07:19:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.30 07:19:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.04.09 10:14:38 | 000,001,185 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.04.05 09:15:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.04.05 09:15:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.04.05 09:15:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2012.04.05 09:15:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2012.04.05 09:14:45 | 000,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.03.30 07:19:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.02.21 08:51:13 | 000,000,115 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.14 14:44:56 | 000,004,823 | ---- | C] () -- C:\Users\Andy\AppData\Local\EmptySettings.xml
[2011.11.14 12:05:54 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.11.14 11:59:22 | 000,000,099 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.11.14 11:41:36 | 000,000,100 | ---- | C] () -- C:\Windows\Startup.INI
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.13 16:16:21 | 000,000,092 | ---- | C] () -- C:\Users\Andy\AppData\Local\fusioncache.dat
[2010.11.12 15:18:41 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2010.11.12 15:18:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2010.11.01 12:27:55 | 000,000,030 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2010.10.04 10:37:41 | 000,000,072 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2010.06.01 10:12:17 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
 
========== LOP Check ==========
 
[2011.09.25 13:05:27 | 000,000,000 | -HSD | M] -- C:\Users\Andy\AppData\Roaming\.#
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Acer GameZone Console
[2012.02.20 09:06:55 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Alawar
[2011.07.11 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Amazon
[2010.02.12 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Ankh - Heart of Osiris
[2009.08.30 13:43:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Ashampoo
[2009.09.30 13:12:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Ashampoo Cover Studio 2
[2012.04.02 11:29:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Atari
[2009.08.31 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Big Fish Games
[2010.06.02 09:55:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Blackberry Desktop
[2009.10.08 16:41:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DAEMON Tools Lite
[2009.08.03 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DataDesign
[2011.11.14 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DATEV
[2011.11.14 16:04:40 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DatevScan
[2010.02.01 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Disney Interactive Studios
[2009.08.30 13:18:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Droppix
[2011.05.19 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.03 11:23:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\eSobi
[2010.04.15 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\eXPert PDF Editor
[2011.07.13 17:11:57 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\FileZilla
[2009.08.30 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\FloodLightGames
[2011.12.09 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Grand Ages Rome
[2011.09.23 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Imperium Romanum
[2012.04.02 09:14:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\IronCode
[2012.04.05 09:16:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010.04.06 14:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Lexware
[2011.09.14 12:51:05 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\NevoSoft
[2011.07.13 19:03:18 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Nvu
[2009.08.13 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PC-FAX TX
[2011.09.16 07:58:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PeerNetworking
[2010.05.03 07:18:21 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PixelPlanet
[2009.09.02 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PlayFirst
[2012.01.30 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Research In Motion
[2012.02.13 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\runic games
[2009.08.30 13:19:18 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ScanSoft
[2009.09.02 09:39:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Shape games
[2010.11.04 14:11:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Stardock
[2009.08.05 17:07:36 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TomTom
[2012.02.08 17:56:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Tropico 3
[2012.01.31 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Tropico3
[2010.12.13 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Turbine
[2009.09.12 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\VSRevoGroup
[2011.09.19 09:20:11 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\YoudaGames
[2012.04.19 08:27:05 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:00D5EBC2
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54
 
< End of report >
         
--- --- ---

Alt 21.04.2012, 05:34   #2
kira
/// Helfer-Team
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Windows Defender:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

1.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:
Code:
ATTFilter
Ask Toolbar(com)[/COLOR] <-Adware -Toolbar
Bing Bar <- unnötig, meistens aus Unwissenheit oder Ignoranz wird mitinstalliert
ClipGrab Toolbar <- Adware -ähnliches Verhalten (Conduit)
Conduit Engine <- Adware 
DVDVideoSoftTB Toolbar <- unnötig, meistens aus Unwissenheit oder Ignoranz wird mitinstalliert
         
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht -
    ):
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=14979&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{3CC76759-6454-4927-99EE-4A64C0DA620E}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{F414AC10-69AD-421D-BE02-E6F81191E372}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
[2011.10.11 16:34:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 16:34:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2011.10.11 16:34:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\Shell\AutoRun\command - "" = .///falschyng\ketonneker.exe
O33 - MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\Shell\explore\command - "" = .\\\falschyng/\\ketonneker.exe
O33 - MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\Shell\open\command - "" = falschyng//\\/ketonneker.exe
O33 - MountPoints2\{9bd49d15-586c-11db-b288-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9bd49d15-586c-11db-b288-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{d3783322-b415-11de-85b5-001d72b8d7c0}\Shell - "" = AutoRun
O33 - MountPoints2\{d3783322-b415-11de-85b5-001d72b8d7c0}\Shell\AutoRun\command - "" = M:\win\CDSplash.exe
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:00D5EBC2
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner - Installer herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________

Alt 23.04.2012, 09:19   #3
Nadyan
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



Hallo Kira, danke erst mal für Deine Antwort.
Ein Malwarebytes Log ist schon oben im thread.
Ich mache heute abend ein Neues.
Hier das OTL Log nach dem Fix.

Zitat:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CC76759-6454-4927-99EE-4A64C0DA620E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CC76759-6454-4927-99EE-4A64C0DA620E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F414AC10-69AD-421D-BE02-E6F81191E372}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F414AC10-69AD-421D-BE02-E6F81191E372}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\ not found.
File .///falschyng\ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\ not found.
File .\\\falschyng/\\ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e9f8dfb-bb56-11de-93a0-806e6f6e6963}\ not found.
File falschyng//\\/ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bd49d15-586c-11db-b288-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd49d15-586c-11db-b288-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bd49d15-586c-11db-b288-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd49d15-586c-11db-b288-806e6f6e6963}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3783322-b415-11de-85b5-001d72b8d7c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3783322-b415-11de-85b5-001d72b8d7c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3783322-b415-11de-85b5-001d72b8d7c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3783322-b415-11de-85b5-001d72b8d7c0}\ not found.
File M:\win\CDSplash.exe not found.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:00D5EBC2 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\****\Desktop\cmd.bat deleted successfully.
C:\Users\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ****
->Temp folder emptied: 2137473 bytes
->Temporary Internet Files folder emptied: 2071189 bytes
->Java cache emptied: 28380024 bytes
->FireFox cache emptied: 53501116 bytes
->Flash cache emptied: 1960507 bytes

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25241073 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 328 bytes
RecycleBin emptied: 250792 bytes

Total Files Cleaned = 108,00 mb


OTL by OldTimer - Version 3.2.40.0 log created on 04232012_094722

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Und hier noch CCleaner:

Zitat:
Acer Arcade Live Main Page Acer Inc. 09.10.2006 34,5MB 1.1.1331
Acer DV Magician Acer Inc. 09.10.2006 87,2MB 1.5.0920
Acer DVDivine Acer Inc. 09.10.2006 108,3MB 3.2.1705
Acer Empowering Technology Acer Incorporated 16.09.2008 36,6MB 3.0.3008
Acer GameZone Console DTV 2.0.1.1 Oberon Media, Inc. 16.09.2008 36,9MB
Acer HomeMedia Acer Inc. 09.10.2006 40,5MB 1.4.1331
Acer HomeMedia Connect Acer Inc. 09.10.2006 36,7MB 1.4.4931
Acer HomeMedia Trial Creator Acer Inc. 09.10.2006 51,5MB 1.4.1331
Acer ScreenSaver Acer Incorporated 09.10.2006 4.01.0422
Acer SlideShow DVD Acer Inc. 09.10.2006 92,7MB 1.5.1109
Acer TV Share Acer Inc. 09.10.2006 79,1MB 1.5.1331
Acer VideoMagician Acer Inc. 09.10.2006 184,3MB 1.4.1017
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 09.10.2006 14,0MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.11.2011 10.3.183.5
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 09.10.2006 11.2.202.233
Adobe Photoshop 6.0 Adobe Systems, Inc. 29.09.2009 112,6MB 6.0
Adobe Reader 8.3.1 - Deutsch Adobe Systems Incorporated 14.09.2011 102,1MB 8.3.1
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 18.09.2011 11.6.1.629
Alice Greenfingers Oberon Media 09.10.2006 13,3MB
Amazon MP3-Downloader 1.0.9 10.07.2011 2,56MB
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 09.10.2006 26,3MB 3.0.868.0
Anno 1701 Sunflowers 06.05.2010 1.941,5MB 1.04
Apple Mobile Device Support Apple Inc. 09.10.2006 40,9MB 2.6.0.32
Application Profiles ATI Technologies, Inc. 09.06.2011 0,30MB 2.0.4162.33996
Ashampoo Burning Studio 2009 Advanced ashampoo GmbH & Co. KG 29.08.2009 71,8MB 9.0.0
AV Input Selection YUAN 09.10.2006 2,88MB 1.02.0047
Azada Oberon Media 09.10.2006 61,8MB
Big Kahuna Reef Oberon Media 09.10.2006 11,4MB
BlackBerry Desktop Software 6.0 Research in Motion Ltd. 16.08.2010 87,7MB 6.0.0.40
Bonjour Apple Inc. 09.10.2006 0,60MB 1.0.106
Bricks of Egypt Oberon Media 09.10.2006 6,72MB
Brother MFL-Pro Suite MFC-490CW Brother Industries, Ltd. 03.08.2009 15,5MB 1.1.5.0
Cake Mania Oberon Media 09.10.2006 17,5MB
CANON IMAGE GATEWAY Registrierungsanleitung Canon Inc. 05.08.2010 1,50MB 1.0.0.2
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 05.08.2010 99,7MB 1.6.0.12
Canon Internet Library for ZoomBrowser EX Canon Inc. 05.08.2010 99,7MB 1.6.2.7
Canon Utilities CameraWindow Canon Inc. 05.08.2010 2,27MB 7.1.0.2
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 05.08.2010 11,3MB 6.4.2.16
Canon Utilities MyCamera Canon Inc. 05.08.2010 8,41MB 7.0.0.3
Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 05.08.2010 9,10MB 1.7.1.9
Canon Utilities ZoomBrowser EX Canon Inc. 05.08.2010 99,7MB 6.2.0.29
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 05.08.2010 12,6MB 1.2.0.9
CCleaner Piriform 15.08.2010 2,91MB 2.34
Chicken Invaders 3 Oberon Media 09.10.2006 53,4MB
Chinese Simplified Fonts Support For Adobe Reader 8 Adobe Systems 30.01.2011 29,5MB 8.0.0
Chuzzle Oberon Media 09.10.2006 10,3MB
cyberJack Base Components REINER SCT 30.01.2012 7,82MB 6.9.13
DATEV Installation V.2.9 13.11.2011 2.284,6MB
DDBAC DataDesign 16.12.2010 8,49MB 4.3.53
Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0 Codemasters 12.12.2010 13.104,6MB 03.00.05.8019
Die Gilde 2 - Gold Edition JoWood 16.09.2009 3.142,5MB V 1.20
Diner Dash Flo on the Go Oberon Media 09.10.2006 17,2MB
Downloader 08.06.2011 5,69MB
DVD Shrink 3.2 DVD Shrink 13.10.2009 0,97MB
DVD2one V2.4.0 Eximius B.V. 13.10.2009 0,63MB 2.4.0
eSobi v2 esobi Inc. 16.09.2008 17,0MB 2.0.3.000189
eXPert PDF 4 Visage Software 14.04.2010 33,2MB 4.1.670.404
FileZilla Client 3.3.0.1 16.12.2009 15,9MB 3.3.0.1
FormatFactory 2.30 Free Time 25.05.2010 107,5MB 2.30
Free Audio CD Burner version 1.4.8 DVDVideoSoft Limited. 18.05.2011 3,15MB
Free Audio Converter version 1.2 DVDVideoSoft Limited. 19.03.2010 3,23MB
Free Audio Dub version 1.7 DVDVideoSoft Limited. 01.06.2010 3,28MB
Free DVD Video Converter version 1.1 DVDVideoSoft Limited. 14.01.2010 17,2MB
Free YouTube Download version 2.10.30 DVDVideoSoft Limited. 03.01.2011 2,87MB
Free YouTube to MP3 Converter version 3.9.38.517 DVDVideoSoft Limited. 18.05.2011 4,12MB
From Dust Ubisoft 23.11.2011 1.658,5MB 1.0.0
Futuremark SystemInfo Futuremark Corporation 09.06.2011 3,63MB 4.0.0.0
Geheime Fälle: Die gestohlene Venus INTENIUM GmbH 07.02.2010 3,13MB 1.0.0.0
Google Toolbar for Internet Explorer 02.08.2009 4,68MB
Gothic 3 JoWood 15.06.2011 3.049,9MB 1.0.0
Governor of Poker Bluefish Games 18.09.2011 34,0MB 1.0
GPL Ghostscript 8.70 29.09.2009 22,9MB
Grand Ages Rome Kalypso 04.12.2011 2.779,4MB 1.01
Grand Theft Auto IV Rockstar Games 09.06.2011 16.014,4MB
Hauppauge MCE XP/Vista Software Encoder (2.0.26057) Hauppauge Computer Works, Inc. 09.10.2006 0,15MB 2.0.26057
HijackThis 2.0.2 TrendMicro 09.12.2009 0,39MB 2.0.2
Hitman: Contracts Eidos 04.08.2011 863,8MB
ImageMixer 3 SE Ver.4 Transfer Utility PIXELA 05.08.2010 11,6MB 3.03.005
ImageMixer 3 SE Ver.4 Video Tools PIXELA 05.08.2010 45,3MB 3.03.006
Imperium Romanum 1.01 Kalypso Media 22.09.2011 952,9MB 1.01
Java(TM) 6 Update 31 Oracle 02.04.2012 95,1MB 6.0.310
Jewel Quest Solitaire Oberon Media 09.10.2006 27,0MB
Lexware Abschreibungsrechner Haufe-Lexware GmbH & Co.KG 22.08.2011 38,1MB 10.50.04.0001
Lexware Elster Haufe-Lexware GmbH & Co.KG 07.02.2012 75,3MB 11.03.00.0151
Lexware Info Service Lexware GmbH & Co. KG 05.04.2010 10,7MB 2.61.00.0033
Lexware lohnauskunft 2010 Lexware GmbH & Co. KG 18.04.2010 18.10.00.0111
Lexware online banking Lexware GmbH & Co. KG 10.02.2011 15,5MB 10.00.00.0102
Lexware QuickBooks 2011 Haufe-Lexware GmbH & Co. KG 04.08.2011 23.50.04.0059
Lexware reisekosten 2009 Lexware 05.04.2010 56,4MB 16.00.00.0050
Logitech Harmony Remote Software Logitech 05.01.2012 0,56MB 1.0.110307
Logitech SetPoint Logitech 04.04.2012 20,9MB 4.80
Mahjong Escape Ancient China Oberon Media 09.10.2006 13,6MB
Mahjongg Artifacts Oberon Media 09.10.2006 15,9MB
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 08.04.2012 11,7MB 1.61.0.1400
McAfee Total Protection McAfee, Inc. 28.01.2012 138,4MB 11.0.654
Metaboli Player 18.04.2012
Microsoft .NET Framework 1.1 12.04.2010
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 01.04.2012
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.10.2006
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.10.2006 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.10.2006 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 09.10.2006 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 09.10.2006 4.0.30319
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 09.05.2011 31,3MB 3.5.88.0
Microsoft Games for Windows Marketplace Microsoft Corporation 09.05.2011 6,04MB 3.5.50.0
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 14.12.2011 7,12MB 12.0.4518.1014
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,92MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 01.03.2012 447,3MB 12.0.6612.1000
Microsoft Office Live Add-in 1.5 Microsoft Corporation 22.04.2012 0,49MB 2.0.4024.1
Microsoft Office Professional Edition 2003 Microsoft Corporation 10.04.2012 11.0.8173.0
Microsoft Outlook 2010 Microsoft Corporation 28.06.2011 746,4MB 14.0.6029.1000
Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 31.01.2010 7,77MB 8.0.50727.42
Microsoft Rise Of Nations Microsoft 20.08.2009 1.548,0MB
Microsoft Silverlight Microsoft Corporation 15.02.2012 4.1.10111.0
Microsoft SQL Server 2005 Microsoft Corporation 13.11.2011 248,4MB
Microsoft SQL Server Native Client Microsoft Corporation 09.10.2006 9.00.5000.00
Microsoft SQL Server VSS Writer Microsoft Corporation 09.10.2006 9.00.5000.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 09.10.2006 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 02.08.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 09.10.2006 0,81MB 8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 09.10.2006 0,56MB 8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 09.10.2006 0,21MB 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 18.08.2010 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 09.10.2006 0,77MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 27.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 09.10.2006 0,76MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 09.10.2006 0,76MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 16.08.2010 2,06MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 17.08.2010 0,59MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.11.2011 0,22MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 09.10.2006 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.11.2011 15,0MB 10.0.40219
Microsoft Works Microsoft Corporation 10.12.2009 08.05.0822
Microsoft WSE 3.0 Runtime Microsoft Corp. 15.04.2010 0,92MB 3.0.5305.0
Mozilla Firefox 11.0 (x86 de) Mozilla 18.03.2012 38,7MB 11.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.08.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 10.12.2009 1,35MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 13.11.2011 1,48MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 14.11.2011 1,54MB 4.30.2107.0
MSXML4 Parser Microsoft Game Studios 20.08.2009 76,00KB 1.0.0
Music Transfer Utility Ver.1 PIXELA 05.08.2010 1,91MB 1.00.005
Mystery Case Files - Huntsville Oberon Media 09.10.2006 24,4MB
Mystery Solitaire - Secret Island Oberon Media 09.10.2006 19,9MB
NTI Backup Now 5 NewTech Infosystems 16.09.2008 28,6MB 5.1.2.606
NTI Media Maker 8 NewTech Infosystems 16.09.2008 187,0MB 8.0.2.6329
NVIDIA Drivers NVIDIA Corporation 01.04.2012 1.4
NVIDIA ForceWare Network Access Manager 09.10.2006
NVIDIA PhysX NVIDIA Corporation 09.07.2010 120,1MB 9.09.0814
OpenAL 22.10.2009 0,75MB
OpenTTD 1.0.1 OpenTTD 19.05.2010 28,7MB 1.0.1
PaperPort Image Printer 64-bit Nuance Communications, Inc. 09.10.2006 0,54MB 1.00.0000
PdfGrabber 6.0 PixelPlanet 09.10.2006 75,6MB 6.0.0.0
Phase 5 HTML-Editor Systemberatung Schommer 12.07.2011 3,72MB 5.6.2.3
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 04.12.2011 0,14MB 11.0.0.10
QuickTime Apple Inc. 18.10.2009 76,5MB 7.64.17.73
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 16.09.2008 16,9MB 6.0.1.5591
RENESIS® Player Browser Plugins examotion® GmbH 05.04.2010 1,83MB 1.1.1
Revo Uninstaller 1.85 VS Revo Group 18.01.2010 2,59MB 1.85
Rise of Nations Thrones and Patriots 14.09.2009 1.548,0MB
Sandlot Games Client Services 1.2.2 Sandlot Games 03.09.2009 1,30MB
Saqqarah INTENIUM GmbH 07.02.2010 3,13MB 1.0.0.0
SAT1 GAME CENTER INTENIUM GmbH 07.02.2010 3,13MB 1.2009.10.29
ScanSoft PaperPort 11 Nuance Communications, Inc. 03.08.2009 130,4MB 11.1.0000
SD-Reisekosten 2009 Einzelplatz für 1 Reisenden 01.04.2012
SD-Reisekosten 2010 Einzelplatz für 1 Reisenden 01.04.2012
SD-Reisekosten 2011 Einzelplatz für 1 Reisenden 01.04.2012
Sony Ericsson PC Companion 2.01.210 Sony Ericsson 20.07.2011 96,0MB 2.01.210
Sony Ericsson Update Engine Sony Ericsson Mobile Communications AB 20.07.2011 23,9MB 2.11.7.13
Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 29.09.2009 32,5MB 8.0.0
SQLXML4 Microsoft Corporation 09.10.2006 9.00.5000.00
Stampit Home Deutsche Post AG 09.09.2009 20,1MB 3.2
Supreme Auction 02.06.2010 1,71MB
TomTom HOME 2.6.4.1641 TomTom 04.08.2009 46,9MB 2.6.4.1641
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 04.08.2009 1,88MB 1.0.2
Ubisoft Game Launcher UBISOFT 23.11.2011 46,1MB 1.0.0.0
Uninstall 1.0.0.1 18.05.2011 18,9MB
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 13.11.2011 24,8MB 9.00.5000.00
Windows Live ID Sign-in Assistant Microsoft Corporation 09.10.2006 8,12MB 6.500.3165.0
Windows Media Player Firefox Plugin Microsoft Corp 19.08.2009 0,29MB 1.0.0.8
WinFast Multimedia Driver Installation Multimedia 28.09.2009
WinRAR 01.04.2012
XBRL Tool ITA Systemhaus GmbH 01.02.2010 35,4MB 1.9.0
XMLServiceToolV2 Bundesanzeiger 27.03.2011 13,2MB 2.0.0
Zuma Deluxe Oberon Media 09.10.2006 11,2MB
__________________

Alt 23.04.2012, 12:34   #4
kira
/// Helfer-Team
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



ahja..Malwarebytes, nicht mehr nötig

Systemreinigung und Prüfung:

1.
ALTE VERSION!!!:
Code:
ATTFilter
Logfile of HijackThis 2.0.2 
         
Die neue Version gibt es hier:
also lösche/deinstalliere HijackThis "2.0.2." und lade Dir erneut von hier TrendMicro™ HijackThis™/Version 2.0.4 herunter

2.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

3.
Tipps:
IE 9: Tipps zu Internet Explorer 9
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 24.04.2012, 08:49   #5
Nadyan
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



Hallo Kira, habe soweit alles abgearbeitet.
Log von SuperAntiSpyware (hier wurde etwas gefunden und beseitigt):

Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/23/2012 at 09:20 PM

Application Version : 5.0.1146

Core Rules Database Version : 8498
Trace Rules Database Version: 6310

Scan type : Complete Scan
Total Scan Time : 00:13:12

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned : 929
Memory threats detected : 0
Registry items scanned : 73237
Registry threats detected : 6
File items scanned : 17707
File threats detected : 10

Registry Cleaner Trial
(x86) HKCR\Install.Install
(x86) HKCR\Install.Install\CLSID
(x86) HKCR\Install.Install\CurVer
(x86) HKCR\Install.Install.1
(x86) HKCR\Install.Install.1\CLSID

Adware.PTech
(x86) HKU\S-1-5-21-1368715813-3537462312-1738632630-1000\Software\PTech

Adware.Tracking Cookie
.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMPCW13Q.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-CheatEngine
ZIP ARCHIVE( C:\USERS\ANDY\DOWNLOADS\VIRTUAL_VILLAGERS_THE_TREE_OF_LIFE_PLUS_22_TRAINER.ZIP )/VIRTUAL VILLAGERS THE TREE OF LIFE +22 TRAINER.EXE
C:\USERS\ANDY\DOWNLOADS\VIRTUAL_VILLAGERS_THE_TREE_OF_LIFE_PLUS_22_TRAINER.ZIP
Von Eset habe ich kein Log bekommen, nur die Nachricht über einen Fund, der auch beseitigt wurde:
ESET
Zitat:
C:\Users\*******\Documents\Sony Ericsson\Sony Ericsson PC Companion\Telefonsicherungen\C902.dbk Win32/Peerfrag.DJ Wurm gelöscht - in Quarantäne kopiert
Und hier OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.04.2012 07:57:31 - Run 2
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\*******\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,37% Memory free
8,20 Gb Paging File | 5,58 Gb Available in Paging File | 68,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,04 Gb Total Space | 98,84 Gb Free Space | 34,31% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,33 Gb Free Space | 89,65% Space Free | Partition Type: FAT32
Drive F: | 288,13 Gb Total Space | 245,46 Gb Free Space | 85,19% Space Free | Partition Type: NTFS
Drive G: | 69,02 Gb Total Space | 11,48 Gb Free Space | 16,64% Space Free | Partition Type: NTFS
Drive I: | 39,16 Gb Total Space | 6,34 Gb Free Space | 16,18% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 72,29 Gb Free Space | 92,53% Space Free | Partition Type: NTFS
 
Computer Name: TABASCO | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.19 22:53:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.14 22:49:08 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2011.09.01 19:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- F:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2011.08.22 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2011.07.22 09:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.06.03 14:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008.11.03 13:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2008.01.31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2008.01.25 19:11:28 | 000,269,432 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
PRC - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 08:30:13 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8e6e0fe015ea55ed5330966b933f555f\System.Messaging.ni.dll
MOD - [2012.04.12 08:30:09 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012.04.12 07:54:07 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.12 07:53:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.02.17 17:11:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.17 08:42:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.17 08:40:49 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.11.14 14:08:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.03.30 06:40:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe
MOD - [2006.05.04 06:58:38 | 001,239,040 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfdialogs100.bpl
MOD - [2006.05.04 06:58:38 | 000,237,056 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\expertpdf4core.bpl
MOD - [2006.05.04 06:58:36 | 003,014,656 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfcore100.bpl
MOD - [2006.05.04 06:58:36 | 001,026,048 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vsvector100.bpl
MOD - [2006.05.04 06:58:36 | 000,230,912 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfeditor100.bpl
MOD - [2006.04.15 06:34:26 | 000,568,320 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\TMSlite100.bpl
MOD - [2006.03.02 20:39:28 | 001,844,224 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\te100.bpl
MOD - [2006.03.02 20:33:18 | 000,444,928 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\VirtualTree100.bpl
MOD - [2006.03.02 20:28:36 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\uoolep100.bpl
MOD - [2006.03.02 20:01:50 | 000,071,168 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\VSDesktop100.bpl
MOD - [2006.03.02 19:57:48 | 000,383,488 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\visage100.bpl
MOD - [2006.03.02 19:55:22 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\vsmisc100.bpl
MOD - [2005.12.26 13:20:52 | 002,098,176 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\PKIECtrl100.bpl
MOD - [2003.08.22 07:23:16 | 000,225,792 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF\sqlite.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.02.14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.10.18 15:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.10.18 15:23:24 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.10.18 15:23:06 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.04.20 07:56:59 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.22 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.07.25 03:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- F:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.07.22 09:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.03.17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.03.01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.25 16:19:48 | 000,238,592 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.03 14:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.29 12:25:30 | 000,920,064 | ---- | M] () [Auto | Running] -- C:\Programme\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.01.29 12:24:52 | 000,193,024 | ---- | M] () [Auto | Running] -- C:\Programme\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.01.25 19:11:28 | 000,269,432 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe -- (Acer TV Share Service)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Acer\Empowering Technology\eRecovery\WSVD.sys -- (WSVD)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.05 10:00:03 | 000,376,400 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2011.11.23 12:49:18 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.11.23 12:49:18 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.10.15 14:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.10.15 14:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.15 14:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.03.29 12:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\cjusb.sys -- (cjusb)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.08 16:17:58 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.26 22:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.01.09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.05.20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008.03.19 01:29:30 | 001,379,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008.01.31 02:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.31 02:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.01.21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008.01.09 13:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007.12.10 15:22:10 | 000,144,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV:64bit: - [2007.12.10 15:22:06 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017obex.sys -- (s3017obex)
DRV:64bit: - [2007.12.10 15:22:04 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV:64bit: - [2007.12.10 15:22:02 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007.12.10 15:22:00 | 000,146,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdm.sys -- (s3017mdm)
DRV:64bit: - [2007.12.10 15:22:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdfl.sys -- (s3017mdfl)
DRV:64bit: - [2007.12.10 15:21:56 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV:64bit: - [2006.12.12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV - [2012.01.03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.01.03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2008.04.25 13:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.28 13:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011.12.21 17:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 15:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.23 19:05:04 | 000,000,000 | ---D | M]
 
[2009.08.05 17:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2009.08.05 17:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.04.03 09:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\jmpcw13q.default\extensions
[2010.04.27 09:01:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\jmpcw13q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.03 09:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.03 09:50:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.12.21 17:26:02 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.02.28 13:42:06 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.03.19 15:24:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2008.06.19 11:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll
[2008.06.19 11:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll
[2012.04.03 09:49:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 16:34:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 16:34:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.28 09:55:37 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.11 16:34:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20111221101030.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221101030.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Germany GmbH)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.24 07:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.04.23 19:45:29 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\SUPERAntiSpyware.com
[2012.04.23 19:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.04.23 19:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.04.23 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.04.23 19:05:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.23 18:53:37 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\JavaRa116
[2012.04.23 09:47:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.23 07:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.23 07:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.04.19 22:53:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2012.04.11 15:01:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 15:01:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 15:01:53 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.11 15:01:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.11 15:01:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 15:01:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 15:01:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 15:01:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 15:01:52 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.11 15:01:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.11 15:01:52 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.11 14:58:35 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 14:57:49 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 14:57:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 14:57:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.09 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Malwarebytes
[2012.04.09 22:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.09 22:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.09 22:32:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.09 22:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.05 09:16:37 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Leadertech
[2012.04.05 09:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.04.05 09:14:45 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2012.04.05 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.04.05 09:14:34 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2012.04.05 09:14:34 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2012.04.05 09:14:34 | 000,159,248 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2012.04.05 09:14:34 | 000,096,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2012.04.05 09:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.04.05 09:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.04.05 09:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.04.05 09:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.04.04 08:03:16 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\S2
[2012.04.04 08:03:11 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\S2
[2012.04.03 09:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.03 09:50:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.03 09:50:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.03 09:50:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.02 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\RCT3
[2012.04.02 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Atari
[2012.04.02 09:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IronCode
[2012.04.02 09:14:39 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\IronCode
[2012.03.30 07:19:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.26 09:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.03.26 09:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.03.26 09:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.24 09:07:59 | 000,271,360 | ---- | M] () -- C:\Users\*******\Documents\backupKontakte2009-08-03.pst
[2012.04.24 09:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.24 07:59:57 | 002,019,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.24 07:59:57 | 000,853,058 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.24 07:59:57 | 000,782,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.24 07:59:57 | 000,211,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.24 07:59:57 | 000,170,028 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.24 07:58:40 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012.04.24 07:53:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 07:53:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 07:53:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.23 19:57:58 | 000,001,185 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.04.23 19:45:07 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.23 19:02:12 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.20 13:02:10 | 000,000,000 | ---- | M] () -- C:\Users\*******\Documents\PDF1
[2012.04.20 07:56:59 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.20 07:56:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.19 22:53:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2012.04.05 09:15:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.04.05 09:15:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.04.05 09:15:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2012.04.05 09:15:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2012.04.05 09:14:45 | 000,001,695 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.03 09:49:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.03 09:49:49 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.03 09:49:49 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.03 09:49:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.31 23:55:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[1 C:\Users\*******\Documents\*.tmp files -> C:\Users\*******\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.23 19:57:58 | 000,001,185 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.04.23 19:45:07 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.23 19:02:12 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.23 19:02:12 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.04.05 09:15:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012.04.05 09:15:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012.04.05 09:15:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2012.04.05 09:15:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2012.04.05 09:14:45 | 000,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.03.30 07:19:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.02.21 08:51:13 | 000,000,115 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.14 14:44:56 | 000,004,823 | ---- | C] () -- C:\Users\*******\AppData\Local\EmptySettings.xml
[2011.11.14 12:05:54 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.11.14 11:59:22 | 000,000,099 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.11.14 11:41:36 | 000,000,100 | ---- | C] () -- C:\Windows\Startup.INI
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.13 16:16:21 | 000,000,092 | ---- | C] () -- C:\Users\*******\AppData\Local\fusioncache.dat
[2010.11.12 15:18:41 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2010.11.12 15:18:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2010.11.01 12:27:55 | 000,000,030 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2010.10.04 10:37:41 | 000,000,072 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2010.06.01 10:12:17 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
 
========== LOP Check ==========
 
[2011.09.25 13:05:27 | 000,000,000 | -HSD | M] -- C:\Users\*******\AppData\Roaming\.#
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Acer GameZone Console
[2012.02.20 09:06:55 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Alawar
[2011.07.11 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Amazon
[2010.02.12 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Ankh - Heart of Osiris
[2009.08.30 13:43:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Ashampoo
[2009.09.30 13:12:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Ashampoo Cover Studio 2
[2012.04.02 11:29:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Atari
[2009.08.31 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Big Fish Games
[2010.06.02 09:55:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Blackberry Desktop
[2009.10.08 16:41:20 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2009.08.03 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DataDesign
[2011.11.14 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DATEV
[2011.11.14 16:04:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DatevScan
[2010.02.01 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Disney Interactive Studios
[2009.08.30 13:18:01 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Droppix
[2011.05.19 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.03 11:23:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\eSobi
[2010.04.15 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\eXPert PDF Editor
[2011.07.13 17:11:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FileZilla
[2009.08.30 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FloodLightGames
[2011.12.09 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Grand Ages Rome
[2011.09.23 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Imperium Romanum
[2012.04.02 09:14:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IronCode
[2012.04.05 09:16:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Leadertech
[2010.04.06 14:11:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Lexware
[2011.09.14 12:51:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\NevoSoft
[2011.07.13 19:03:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nvu
[2009.08.13 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC-FAX TX
[2011.09.16 07:58:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PeerNetworking
[2010.05.03 07:18:21 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PixelPlanet
[2009.09.02 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PlayFirst
[2012.01.30 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Research In Motion
[2012.02.13 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\runic games
[2009.08.30 13:19:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ScanSoft
[2009.09.02 09:39:26 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Shape games
[2010.11.04 14:11:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Stardock
[2009.08.05 17:07:36 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TomTom
[2012.02.08 17:56:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Tropico 3
[2012.01.31 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Tropico3
[2010.12.13 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Turbine
[2009.09.12 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\VSRevoGroup
[2011.09.19 09:20:11 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\YoudaGames
[2012.04.24 07:52:11 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Alt 24.04.2012, 08:53   #6
Nadyan
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



OTL Extras:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2012 07:57:31 - Run 2
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\******\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,37% Memory free
8,20 Gb Paging File | 5,58 Gb Available in Paging File | 68,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,04 Gb Total Space | 98,84 Gb Free Space | 34,31% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,33 Gb Free Space | 89,65% Space Free | Partition Type: FAT32
Drive F: | 288,13 Gb Total Space | 245,46 Gb Free Space | 85,19% Space Free | Partition Type: NTFS
Drive G: | 69,02 Gb Total Space | 11,48 Gb Free Space | 16,64% Space Free | Partition Type: NTFS
Drive I: | 39,16 Gb Total Space | 6,34 Gb Free Space | 16,18% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 72,29 Gb Free Space | 92,53% Space Free | Partition Type: NTFS
 
Computer Name: ******** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 72 98 D2 CF DB 15 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DvpExe.exe" = F:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DcomSrv.exe" = F:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DvpExe.exe" = F:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DcomSrv.exe" = F:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DvpExe.exe" = F:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DcomSrv.exe" = F:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DvpExe.exe" = F:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"F:\DATEV\SYSTEM\DcomSrv.exe" = F:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09651D13-8A92-4330-A74B-8BA464016A2C}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{133FB0F8-BE0A-4A1C-A698-BFA705B7B707}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{15D8F286-A04F-4635-996C-2563C47C7A3A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{16F0DC29-8E7C-4687-9CFE-66555D88A8F7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2D897709-DB54-41A2-8F3A-D74AA29C3753}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{3BF2C06F-2B04-46DB-88F5-BB9E9B43B0E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3EFCEB2B-7548-4500-9294-06EFEACAD740}" = lport=137 | protocol=17 | dir=in | app=system | 
"{48256316-353F-4B82-8790-7D9CEBAEA443}" = lport=138 | protocol=17 | dir=in | app=system | 
"{57FE8B01-9FB4-449C-80CA-45B68F4FBC91}" = lport=40000 | protocol=6 | dir=in | name=c:\program files (x86)\common files\metaboli\core\yummy.launcher.exe 40000 | 
"{94DA378C-D949-4265-B056-BCB78FB58F79}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9B235B63-F9AF-4A87-BD62-A8F270B9A87D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BF11ADCD-304F-4A03-940E-40AE6F77C35D}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe | 
"{C34CC121-D9E9-4390-94AC-F95C40BB863A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{D9FE4BCC-38F0-49E1-AAF9-D0788B2D9DC2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DDAB317F-CF72-4A9A-A7D3-BC58AD4BEE79}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{E4073FBA-96DA-4609-9BDA-76D37480B78B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E6C07455-7CE5-4BDC-AF37-6A48511E13BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FA1957ED-2AED-473C-83EF-E281E89587CF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FAFB8B7F-7243-4D84-A73A-7700122CB5A9}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09ACF31B-1130-426B-B17D-C6702C30A712}" = protocol=6 | dir=in | app=c:\datev\programm\k0005000\arbeitsplatz.exe | 
"{0B861F34-7F48-415C-AD14-C0E4ACDB6975}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{0B982E12-993E-4FEE-9081-9827F0A1AEA6}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{0D9EDE19-ED91-43B2-881F-B037D50BCF87}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{0DC8C96F-D788-4926-93D1-E51F43199679}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{119A9458-CD8D-4E53-8990-AD9C52978442}" = protocol=6 | dir=in | app=f:\games\maelstrom\maelstrom.exe | 
"{1267AE68-CE83-4720-A816-44BE9D3899F1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1623FD06-4C24-4DF9-BCD8-607825C8AC5C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{183AD0DD-52B6-4895-942A-0CE26A00FBF3}" = protocol=17 | dir=in | app=f:\games\maelstrom\maelstrom.exe | 
"{1CE68B58-9978-49C3-AC28-5EE58F23BBEA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\metaboli\core\yummy.installer.exe | 
"{1D43BC04-0727-482C-A359-FDE15DF06E42}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{2679099C-4C18-4F37-9FCD-B623A15AD692}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{29CFA0C4-4CDD-4C53-B5A2-282D57F312EC}" = dir=in | app=c:\program files (x86)\acer arcade live\acer tv share\kernel\dmstv\clmsserver.exe | 
"{2BF123E3-48EF-465E-BA79-5F8A7FE1B071}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\metaboli\core\yummy.launcher.exe | 
"{2F275652-D885-42BC-84D2-054053B9EA65}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{39296A87-5899-4071-A3D1-9669ABB1E80F}" = protocol=6 | dir=in | app=c:\games\grand theft auto iv\launchgtaiv.exe | 
"{3C38AF67-D55D-4CDF-B675-02C1C90D5E74}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{44763F31-A3B6-487E-97A1-B9E5F6DE9F42}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{46954D69-5684-40EF-B240-12CBB148296F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{48E17C43-8915-4655-9C25-FF8B927F3CB7}" = protocol=17 | dir=in | app=c:\metaboli\spiele\hiredgunsjaggededgede\bin\game.exe | 
"{492A8194-F350-41CE-9563-D3530A80FDCD}" = protocol=6 | dir=in | app=f:\games\demigod\bin\demigod.exe | 
"{4CF9023B-F019-4C56-B7B7-52A6AD079A04}" = protocol=6 | dir=in | app=c:\datev\programm\rwapplic\datev.irw.managed.serviceprovider.exe | 
"{4EF5741B-67BC-474A-A045-C60F98613DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{4FA4C4C7-5017-4F95-A4B4-028A6A378870}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5161639D-DBC9-4612-8107-57E2F7F25D62}" = protocol=17 | dir=in | app=c:\games\grand theft auto iv\launchgtaiv.exe | 
"{52EA5E20-41D6-4A63-9FB2-339CBFDEE360}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{6D632FFF-7564-4B63-A525-1B6FDF02354F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{77FF2DD1-82A4-442D-9688-AE7BB45DDC52}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{8293EE20-75F9-49CB-8937-047E98F69C04}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{8486D2FA-7BF8-4EB2-8F99-A041A1915DDB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{849913CD-8480-4DBE-BF55-AE854A4BA094}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{8C3C0539-4FD7-4364-A8B6-6C249244ACF9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8E4CAEDE-A3B3-45E0-BA7F-CBE22F35E8DA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\metaboli\core\yummy.installer.exe | 
"{A7CD53BD-40A5-405D-949D-80719C13EDC0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\metaboli\core\yummy.launcher.exe | 
"{B2F484C7-8643-465A-ABD4-DF667001FAFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B507D268-9652-4BBB-8C57-8E249127B719}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B7128E17-B786-42A4-BBC8-4D7D62BB67FF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BF27E239-34FD-4C77-8AAF-F0847B37F1A6}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{CC9DE1DC-791A-4591-8FD5-BDAA9BBDC19A}" = protocol=6 | dir=in | app=c:\metaboli\spiele\hiredgunsjaggededgede\bin\game.exe | 
"{CE2E67B3-0631-4AD0-B979-902268365339}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D23FEF2D-8D55-4DCE-AF19-767493B4D92E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer tv share\acer tv share.exe | 
"{D64F2875-85B8-4BE8-BFF1-6FB1B9BEDDCA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{D8DAE10C-8E5F-4D6A-BB1C-8B64A5A85CBC}" = protocol=17 | dir=in | app=f:\games\demigod\bin\demigod.exe | 
"{E5B78A68-4BF4-4F07-BC5D-27F8FAA3B010}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{EA15EF97-A687-4A4C-A176-8EC0B33F95D2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{EA48B8AD-DBF6-403E-8E06-DA68E10F4274}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FB26B696-786E-465E-AB3E-12F0A3008AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{FEE369D3-F479-4F68-890A-44AA99159EDA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FF84127D-D295-4179-B9E2-F2B1579FF545}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"TCP Query User{549FB961-FA6A-4A3F-B357-95333CB73450}C:\metaboli\spiele\dawnofwarsoulstormde\soulstorm.exe" = protocol=6 | dir=in | app=c:\metaboli\spiele\dawnofwarsoulstormde\soulstorm.exe | 
"TCP Query User{895730A3-1F1D-4376-B829-6126E2F17793}C:\metaboli\spiele\sniperelitede\sniperelite.exe" = protocol=6 | dir=in | app=c:\metaboli\spiele\sniperelitede\sniperelite.exe | 
"UDP Query User{8EB12D15-2BED-4493-9BBB-088CC739F386}C:\metaboli\spiele\dawnofwarsoulstormde\soulstorm.exe" = protocol=17 | dir=in | app=c:\metaboli\spiele\dawnofwarsoulstormde\soulstorm.exe | 
"UDP Query User{906E4C42-DC56-4CF1-B463-6CA613406BA6}C:\metaboli\spiele\sniperelitede\sniperelite.exe" = protocol=17 | dir=in | app=c:\metaboli\spiele\sniperelitede\sniperelite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0C297A75-3111-4B3F-9264-84D61FF79F0D}" = Acer TV Share
"{0F72FEF7-6E87-49C5-AB0E-FBAFD0E00EF2}" = XMLServiceToolV2
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17BADF87-3597-46FE-8D74-69C4FA78883E}" = Gothic 3
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{229A9797-2EE6-4B96-9CEC-3E4710F611E0}" = Lexware Abschreibungsrechner
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation 
"{43034BED-DF67-4CC8-8D13-D18B0298F402}" = Lexware QuickBooks 2011
"{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{53A2399A-7ECE-4717-9CD0-1C57FD35BBCA}" = XBRL Tool
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{60891535-4275-1397-5171-786998808383}" = Governor of Poker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72633C0F-CFFC-43C6-B3B5-BF473B9FCFDF}" = DDBAC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8940A440-4D53-4CCF-B9AE-5D59FB71DDF6}" = Lexware reisekosten 2009
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OUTLOOKR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9FFD7E59-7EA4-4D30-98D3-CFB29936BFB8}" = Stampit Home
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{BAF5D206-543D-4960-AA5C-810F71AE0B6F}" = Lexware Elster
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C45668B2-46F0-46B3-AD23-64450043718B}" = Lexware lohnauskunft 2010
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (DATEV_CL_DE01)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4DA3403-9797-2600-2A09-C06429FDE753}" = Application Profiles
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.210
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2009 Advanced_is1" = Ashampoo Burning Studio 2009 Advanced
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"DATEVB00000482.0" = DATEV Installation V.2.9
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"Downloader" = Downloader
"DSGPlayer" = SAT1 GAME CENTER
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD2one V2" = DVD2one V2.4.0
"FileZilla Client" = FileZilla Client 3.3.0.1
"FormatFactory" = FormatFactory 2.30
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"Geheime Fälle: Die gestohlene Venus" = Geheime Fälle: Die gestohlene Venus
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Grand Ages Rome_is1" = Grand Ages Rome
"Grand Theft Auto IV_is1" = Grand Theft Auto IV
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
"Hitman: Contracts" = Hitman: Contracts
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Imperium Romanum" = Imperium Romanum 1.01
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Metaboli Player" = Metaboli Player
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MSC" = McAfee Total Protection
"MyCamera" = Canon Utilities MyCamera
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.0.1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.85
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Saqqarah" = Saqqarah
"SD-Reisekosten 2009 Einzelplatz für 1 Reisenden " = SD-Reisekosten 2009 Einzelplatz für 1 Reisenden 
"SD-Reisekosten 2010 Einzelplatz für 1 Reisenden " = SD-Reisekosten 2010 Einzelplatz für 1 Reisenden 
"SD-Reisekosten 2011 Einzelplatz für 1 Reisenden " = SD-Reisekosten 2011 Einzelplatz für 1 Reisenden 
"Supreme Auction_is1" = Supreme Auction
"TomTom HOME" = TomTom HOME 2.6.4.1641
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.04.2012 13:51:54 | Computer Name = ******** | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.04.2012 13:51:54 | Computer Name = ******** | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.04.2012 13:57:03 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2012 15:24:23 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2012 15:27:40 | Computer Name = ******** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\******\Downloads\esetsmartinstaller_deu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 23.04.2012 15:27:47 | Computer Name = ******** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\******\Downloads\esetsmartinstaller_deu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 24.04.2012 01:43:32 | Computer Name = ******** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\******\Downloads\esetsmartinstaller_deu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 24.04.2012 01:50:31 | Computer Name = ******** | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.04.2012 01:54:54 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2012 03:05:27 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 23.04.2012 15:24:23 | Computer Name = ******** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2012 15:24:23 | Computer Name = ******** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.04.2012 15:24:34 | Computer Name = ******** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.04.2012 15:25:03 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.04.2012 01:55:00 | Computer Name = ******** | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.04.2012 01:55:00 | Computer Name = ******** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2012 01:55:00 | Computer Name = ******** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2012 01:55:00 | Computer Name = ******** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 24.04.2012 01:55:00 | Computer Name = ******** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 24.04.2012 01:55:28 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 24.04.2012, 14:21   #7
kira
/// Helfer-Team
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:
Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=mcafee&p="

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 25.04.2012, 07:32   #8
Nadyan
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



HI Kira,

danke, hier das Log vom Fix:

Zitat:
All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\******\Desktop\cmd.bat deleted successfully.
C:\Users\******\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ******
->Temp folder emptied: 1056926 bytes
->Temporary Internet Files folder emptied: 2964770 bytes
->Java cache emptied: 219478 bytes
->FireFox cache emptied: 49162168 bytes
->Flash cache emptied: 790 bytes

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2503 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 3065454 bytes

Total Files Cleaned = 54,00 mb


OTL by OldTimer - Version 3.2.40.0 log created on 04252012_081849

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Ach so ja:
Derzeit sind keine Probleme ersichtlich, alles läuft einwandfrei.

Alt 25.04.2012, 16:33   #9
kira
/// Helfer-Team
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!


Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 25.04.2012, 21:05   #10
Nadyan
 
BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Standard

BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?



HI Kira, besten Dank für Deine Zeit und Deine Mühe. Gut, das es dieses Board gibt. Viele Grüße und alles Gute.

Antwort

Themen zu BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?
0x00000001, alternate, bho, bonjour, canon, conduit, converter, dateisystem, document, downloader, expert pdf, firefox, flash player, heuristiks/extra, heuristiks/shuriken, home, kaspersky, lexware, locker, logfile, mozilla, mp3, phishing, plug-in, popup, programm, realtek, registry, scan, searchscopes, senden, siteadvisor, software, trojaner, version=1.0, virus, vista, windows, windows unlocker, zugänglich




Ähnliche Themen: BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?


  1. BKA-Trojaner und Kaspersky Rescue Disk; PC Winows 7
    Log-Analyse und Auswertung - 31.07.2014 (1)
  2. Keine Netzwerkverbindung mit Kaspersky Rescue Disk
    Alles rund um Windows - 04.03.2014 (11)
  3. Interpol Trojaner mit Kaspersky Rescue Disk 10 entfernen geht nicht.
    Log-Analyse und Auswertung - 21.12.2013 (15)
  4. Kaspersky Rescue Disk Bericht
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (1)
  5. 2x | Kaspersky Rescue Disk Bericht
    Mülltonne - 12.09.2013 (1)
  6. Bundespolizei Trojaner, Probleme mit Kaspersky Rescue Disk.....
    Log-Analyse und Auswertung - 18.02.2013 (3)
  7. GVU-Trojaner, Überprüfung mit malwarebytes, Kaspersky Rescue Disk und avast, verschiedene Funde, jetzt sauber?
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (22)
  8. GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (12)
  9. PC gesperrt, kASPERSKY Rescue Disk bootet nicht.
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (16)
  10. Kaspersky Rescue Disk funktioniert nicht
    Log-Analyse und Auswertung - 27.10.2012 (1)
  11. Trojaner "Zeus 2" / kaspersky rescue disk
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (2)
  12. Kaspersky Rescue Disk, updatequelle nicht gefunden, keine Netzwerkverbindung
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (1)
  13. BKA-Virus nicht durch Kaspersky Rescue Disk erkannt
    Plagegeister aller Art und deren Bekämpfung - 16.09.2011 (14)
  14. Virenbekämpfung mit Kaspersky rescue disk 10 ... hängengeblieben?
    Antiviren-, Firewall- und andere Schutzprogramme - 16.07.2011 (15)
  15. Kaspersky Rescue Disk 10
    Alles rund um Windows - 18.06.2011 (1)
  16. Kaspersky Rescue Disk
    Anleitungen, FAQs & Links - 24.03.2010 (3)

Zum Thema BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? - Hallo, nachdem ich gerade mit Hilfe von Cosinus den Rechner eines Freundes bereinigt habe, mache ich mir Gedanken über mein System. Ich habe den o.g. BKA Virus mit Kaspersky Rescue - BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?...
Archiv
Du betrachtest: BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.