Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Auch hier Abnow am Start!

Auch hier Abnow am Start!


Log-Analyse und Auswertung: Auch hier Abnow am Start!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.03.2012, 17:05   #1
MutationX
 
Auch hier Abnow am Start! - Standard

Auch hier Abnow am Start!


Schönen guten Tag,

auch auf meinem Arbeitsrechner habe ich das Abnow-Problem mit dem Rootkit und der falschen Google-Weiterleitung.

Hatte vorher Spyware-Terminator, jetzt McAfee Internet Security 2012 am Start. McAfee findet das Rootkit, die falsche Weiterleitung verschwindet aber nicht.

Anbei Logfiles von OTL und FRST.

Muss ich den PC plattmachen?

Besten Dank im Voraus!

Update: TDSSKiller findet nichts!

Code:
ATTFilter
OTL logfile created on: 13.03.2012 11:17:33 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\NilsMAC2\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,37% Memory free
3,97 Gb Paging File | 2,32 Gb Available in Paging File | 58,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,47 Gb Total Space | 1,78 Gb Free Space | 3,00% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 18,11 Gb Free Space | 18,54% Space Free | Partition Type: NTFS
Drive E: | 273,43 Gb Total Space | 3,75 Gb Free Space | 1,37% Space Free | Partition Type: NTFS
Drive G: | 34,88 Gb Total Space | 16,52 Gb Free Space | 47,37% Space Free | Partition Type: HFS
Drive I: | 1,95 Gb Total Space | 1,86 Gb Free Space | 95,34% Space Free | Partition Type: FAT32
 
Computer Name: NILSMAC-PC-PC | User Name: NilsMAC2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.13 11:14:07 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\NilsMAC2\Desktop\OTL.exe
PRC - [2012.03.13 08:16:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.03 08:30:34 | 000,016,824 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
PRC - [2011.12.21 23:11:26 | 003,961,464 | ---- | M] (Eye-Fi, Inc.) -- C:\Programme\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2011.12.20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.12.06 17:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011.12.06 17:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011.12.06 17:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011.11.22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2011.11.13 13:04:00 | 000,472,224 | -H-- | M] (Ceedo Technologies Ltd.) -- I:\AutoDetect.exe
PRC - [2011.10.26 03:32:24 | 000,037,280 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\esinter\Bin\eservutil.exe
PRC - [2011.09.21 10:26:30 | 015,759,200 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2011.08.15 17:34:40 | 000,526,208 | ---- | M] (Apple Inc.) -- C:\Programme\Boot Camp\Bootcamp.exe
PRC - [2011.07.21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 06:33:29 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
PRC - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.09.28 07:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- D:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.13 08:16:22 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.23 14:29:01 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.18 09:40:28 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012.02.18 09:39:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012.02.18 09:39:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012.02.18 09:38:55 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012.01.03 22:51:09 | 008,671,232 | ---- | M] () -- d:\Program Files\Adobe\Acrobat 9.0\Acrobat\ExLang32.DEU
MOD - [2012.01.03 09:45:08 | 000,016,832 | ---- | M] () -- D:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2011.12.21 23:05:12 | 000,014,848 | ---- | M] () -- C:\Programme\Eye-Fi\Helper\Locales\de\Helper.dll
MOD - [2011.12.21 22:59:12 | 000,133,120 | ---- | M] () -- C:\Programme\Eye-Fi\Helper\libexif.dll
MOD - [2011.12.21 22:56:16 | 000,209,408 | ---- | M] () -- C:\Programme\Eye-Fi\Helper\libopenraw.dll
MOD - [2011.12.20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.12.20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.12.20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.12.20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.12.20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.12.20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.12.20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.12.20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011.12.20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.19 10:19:34 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.12.21 00:15:30 | 001,041,248 | ---- | M] () -- D:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll
MOD - [2009.07.14 09:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 02:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009.06.10 22:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.02.27 11:52:56 | 000,258,048 | ---- | M] () -- D:\Program Files\Adobe\Acrobat 9.0\Acrobat\sqlite.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (x10nets)
SRV - File not found [Auto | Stopped] --  -- (U81xbus)
SRV - File not found [Auto | Stopped] --  -- (tng-dtmg)
SRV - File not found [Auto | Stopped] --  -- (se45bus)
SRV - File not found [Auto | Stopped] --  -- (SE2Emdfl)
SRV - File not found [Auto | Stopped] --  -- (SE2Bbus)
SRV - File not found [Auto | Stopped] --  -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] --  -- (pcscnsrv)
SRV - File not found [Auto | Stopped] --  -- (mmc_2K)
SRV - File not found [Auto | Stopped] --  -- (mfetdik)
SRV - File not found [Auto | Stopped] --  -- (ireike)
SRV - File not found [Auto | Stopped] --  -- (iaimtv2)
SRV - File not found [Auto | Stopped] --  -- (HWSCtrl)
SRV - File not found [Auto | Stopped] --  -- (cisvc)
SRV - File not found [Auto | Stopped] --  -- (bt3cusb)
SRV - File not found [Auto | Stopped] --  -- (AdfuUd)
SRV - [2011.12.06 17:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.12.06 17:21:24 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.12.06 17:21:08 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.11.23 13:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Disabled | Stopped] -- d:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.10.26 03:32:24 | 000,037,280 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2011.10.18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.08.15 17:34:40 | 000,194,432 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2011.07.29 20:31:40 | 001,249,064 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011.07.05 01:33:00 | 000,032,768 | ---- | M] (STRATO) [Disabled | Stopped] -- D:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.13 17:37:22 | 000,014,088 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011.01.28 12:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcnasvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.01.13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.10.29 16:59:40 | 000,517,416 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2010.10.05 15:28:12 | 001,060,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010.10.05 15:27:52 | 000,484,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010.10.05 15:24:38 | 000,237,056 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.02.17 17:19:34 | 003,007,488 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2010.01.16 21:37:36 | 000,099,640 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2009.11.10 18:36:04 | 000,431,456 | ---- | M] (Seagate) [Disabled | Stopped] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.10.09 15:39:59 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Disabled | Stopped] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.09.01 09:12:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:14:41 | 000,005,120 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dnwhodisp.dll -- (us30sys)
SRV - [2008.08.15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz135)
DRV - [2011.10.15 12:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 12:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 12:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 12:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 12:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 12:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 12:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 12:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 12:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011.08.15 17:34:40 | 000,058,200 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2011.08.15 17:34:40 | 000,015,320 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2011.08.15 17:34:40 | 000,015,064 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2011.07.05 01:33:02 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.06.02 19:36:46 | 000,026,624 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2011.04.27 08:51:46 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.04.23 08:08:43 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.04.23 08:08:43 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011.04.23 08:08:39 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011.04.23 08:08:32 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010.11.11 19:00:58 | 000,012,928 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2010.10.28 12:27:39 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.10.28 12:27:39 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.05.15 15:55:14 | 000,265,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.02.10 01:16:58 | 001,255,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.01.15 22:17:34 | 009,905,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.04 15:14:38 | 000,560,448 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.11.04 15:14:38 | 000,020,032 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ModRc.sys -- (MODRC)
DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.06 11:49:56 | 000,570,168 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009.10.06 11:49:56 | 000,527,800 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.22 09:11:53 | 000,033,280 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aapltp.sys -- (aapltp)
DRV - [2009.07.22 09:11:52 | 000,004,224 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aapltctp.sys -- (aapltctp)
DRV - [2009.07.22 09:11:38 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:12:21 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2009.02.11 19:23:02 | 000,040,496 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2009.02.11 19:22:52 | 000,129,880 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2009.02.11 19:22:48 | 000,032,040 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2008.04.15 14:29:47 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\applebt.sys -- (applebt)
DRV - [2008.04.15 14:29:35 | 000,007,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthKicker.sys -- (BthKicker)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.27 09:53:00 | 000,062,464 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60446
IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Programme\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60446
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\..\SearchScopes\{20F3FFBA-CE26-4978-95BB-B3567F8A71F9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: d:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: d:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NilsMAC2\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NilsMAC2\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.03.13 10:58:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2012.03.13 09:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.13 08:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.31 10:20:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011.05.04 17:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
 
[2010.11.25 12:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NilsMAC2\AppData\Roaming\mozilla\Extensions
[2012.03.07 09:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NilsMAC2\AppData\Roaming\mozilla\Firefox\Profiles\lhgidjls.default\extensions
[2011.06.06 17:15:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\NilsMAC2\AppData\Roaming\mozilla\Firefox\Profiles\lhgidjls.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.07 09:00:15 | 000,000,000 | ---D | M] (TVersitybar Community Toolbar) -- C:\Users\NilsMAC2\AppData\Roaming\mozilla\Firefox\Profiles\lhgidjls.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2012.01.26 09:01:28 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\NilsMAC2\AppData\Roaming\mozilla\Firefox\Profiles\lhgidjls.default\extensions\firefox@ghostery.com
[2011.10.29 13:04:22 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\NilsMAC2\AppData\Roaming\mozilla\Firefox\Profiles\lhgidjls.default\extensions\firefox@tvunetworks.com
[2010.11.29 22:26:54 | 000,000,000 | ---D | M] (vShare) -- C:\Users\NilsMAC2\AppData\Roaming\mozilla\Firefox\Profiles\lhgidjls.default\extensions\vshare@toolbar
[2011.12.10 22:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.13 08:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.03.13 09:38:03 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\NILSMAC2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHGIDJLS.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2012.03.13 08:16:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 08:16:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 08:16:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012.03.13 08:16:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 08:16:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 08:16:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 08:16:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\NilsMAC2\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\NilsMAC2\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\NilsMAC2\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\NilsMAC2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\NilsMAC2\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Veetle TV Player (Enabled) = d:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = d:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: McAfee SiteAdvisor = C:\Users\NilsMAC2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\
CHR - Extension: Full Screen Weather = C:\Users\NilsMAC2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1_0\
CHR - Extension: Jolicloud = C:\Users\NilsMAC2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo\1.0.5_0\
 
O1 HOSTS File: ([2010.04.20 10:37:35 | 000,000,828 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Programme\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20120313093211.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Programme\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - d:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\..\Toolbar\WebBrowser: (TVersitybar Toolbar) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Programme\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IRW] C:\Windows\System32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004..\Run: [Eye-Fi] C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.)
O4 - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004..\Run: [OfficeSyncProcess] D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004..\RunOnce: [Ceedo Repair] I:\AutoDetect.exe (Ceedo Technologies Ltd.)
O4 - Startup: C:\Users\NILSMAC-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = D:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1423093518-3241370514-1357387564-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{194DEA16-6205-46E2-94E2-0DF5DBB8C7C9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F264AD4-5FE9-4C66-BF30-06C9A3B7601C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CACEFFFB-24F7-4158-94A0-0DD7BA918429}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.11.17 23:52:30 | 000,000,722 | -H-- | M] () - I:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011.11.13 13:04:00 | 000,472,224 | -H-- | M] (Ceedo Technologies Ltd.) - I:\AutoDetect.exe -- [ FAT32 ]
O32 - AutoRun File - [2011.11.07 21:00:16 | 000,521,368 | ---- | M] (Ceedo Technologies Ltd.) - I:\Autorun.exe -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 11:16:20 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\NilsMAC2\Desktop\OTL.exe
[2012.03.13 10:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.03.13 10:50:36 | 000,000,000 | ---D | C] -- C:\FRST
[2012.03.13 09:32:09 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2012.03.13 09:32:01 | 000,165,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2012.03.13 09:32:00 | 000,464,176 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012.03.13 09:32:00 | 000,338,176 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2012.03.13 09:32:00 | 000,180,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012.03.13 09:32:00 | 000,121,256 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2012.03.13 09:32:00 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012.03.13 09:32:00 | 000,064,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2012.03.13 09:32:00 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012.03.13 09:32:00 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2012.03.13 09:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2012.03.13 09:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012.03.13 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012.03.13 09:19:09 | 000,118,784 | R--- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys.1d2b.deleteme
[2012.03.13 09:19:05 | 000,459,728 | R--- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys.0a2e.deleteme
[2012.03.13 09:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.03.13 08:39:20 | 000,000,000 | ---D | C] -- C:\Users\NilsMAC2\AppData\Roaming\SpeedyPC Software
[2012.03.13 08:39:20 | 000,000,000 | ---D | C] -- C:\Users\NilsMAC2\AppData\Roaming\DriverCure
[2012.03.13 08:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.03.12 16:31:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.03.12 16:27:43 | 000,000,000 | -HSD | C] -- C:\Users\NilsMAC2\AppData\Local\90408992
[2012.03.09 10:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.03.06 14:40:54 | 000,000,000 | ---D | C] -- C:\Users\NilsMAC2\Desktop\Haus
[2012.03.06 10:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.06 10:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.06 10:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.03.06 10:14:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.06 09:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
[2012.02.29 14:52:04 | 000,000,000 | ---D | C] -- C:\Users\NilsMAC2\AppData\Local\{D85D974D-77D5-4F4E-A68B-840932EB124A}
[2012.02.29 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\NilsMAC2\AppData\Local\{D1F2CC78-051B-4580-86B5-2F8982A0F398}
[2012.02.27 08:54:21 | 000,000,000 | ---D | C] -- C:\Users\NilsMAC2\AppData\Local\{DC793263-CC8D-4236-AC57-FEEEDDC5AF9B}
[2012.02.25 10:51:17 | 000,000,000 | ---D | C] -- C:\Users\NilsMAC2\AppData\Local\{997C7AC4-8F85-4EC9-AF9D-95B978D9061B}
[2012.02.16 21:35:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.16 21:35:27 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.16 21:35:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.16 21:35:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.16 21:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.16 21:35:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.16 20:05:08 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.16 20:01:16 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 11:20:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dnwhodisp.dll
[2012.03.13 11:14:07 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\NilsMAC2\Desktop\OTL.exe
[2012.03.13 11:03:02 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 11:03:02 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 11:01:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423093518-3241370514-1357387564-1004UA.job
[2012.03.13 11:00:35 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.13 11:00:35 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.13 11:00:35 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.13 11:00:35 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.13 10:59:10 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012.03.13 10:53:52 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_ad13.cmd
[2012.03.13 10:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.13 10:53:44 | 1596,833,792 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.13 09:01:01 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423093518-3241370514-1357387564-1004Core.job
[2012.03.13 08:08:39 | 000,002,172 | ---- | M] () -- C:\Users\NilsMAC2\Desktop\Öffentlich - Verknüpfung.lnk
[2012.03.13 07:50:59 | 000,002,429 | ---- | M] () -- C:\Users\NilsMAC2\Desktop\Google Chrome.lnk
[2012.03.09 14:59:20 | 000,014,731 | ---- | M] () -- C:\Users\NilsMAC2\Desktop\H5360BD_nm.png
[2012.03.09 10:04:42 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.03.06 10:18:06 | 000,001,559 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.27 20:39:55 | 000,055,322 | ---- | M] () -- C:\Users\NilsMAC2\Desktop\Ueberweisung_Matthiesen.jpg
[2012.02.23 14:29:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.22 16:52:58 | 000,064,743 | ---- | M] () -- C:\Users\NilsMAC2\Desktop\Himbgensberg_Plan.jpg
[2012.02.18 09:39:14 | 002,311,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.03.13 09:33:35 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012.03.12 16:28:06 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_ad13.cmd
[2012.03.09 14:59:18 | 000,014,731 | ---- | C] () -- C:\Users\NilsMAC2\Desktop\H5360BD_nm.png
[2012.03.06 10:18:06 | 000,001,559 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.27 20:39:55 | 000,055,322 | ---- | C] () -- C:\Users\NilsMAC2\Desktop\Ueberweisung_Matthiesen.jpg
[2012.02.22 16:52:58 | 000,064,743 | ---- | C] () -- C:\Users\NilsMAC2\Desktop\Himbgensberg_Plan.jpg
[2012.01.03 09:58:26 | 000,000,021 | ---- | C] () -- C:\Users\NilsMAC2\AppData\Local\mc.pixel.data
[2011.12.06 16:23:21 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011.12.06 11:43:59 | 000,000,132 | ---- | C] () -- C:\Windows\wmssetup.ini
[2011.12.05 16:54:58 | 000,005,632 | ---- | C] () -- C:\Users\NilsMAC2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011.02.21 14:37:13 | 000,000,120 | ---- | C] () -- C:\Users\NilsMAC2\AppData\Local\Grenifukine.dat
[2011.02.21 14:37:13 | 000,000,000 | ---- | C] () -- C:\Users\NilsMAC2\AppData\Local\Fsilapupi.bin
[2010.10.22 14:33:43 | 000,000,000 | ---- | C] () -- C:\Windows\Czuhea.exe
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.04.09 20:50:38 | 000,143,276 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo

< End of report >
Geändert von MutationX (13.03.2012 um 17:40 Uhr)

Alt 13.03.2012, 17:46   #2
markusg
/// Malware-holic
 
Auch hier Abnow am Start! - Standard

Auch hier Abnow am Start!


hi,
ja bei dem teil ist es besser neu aufzusetzen.
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________
Alt 13.03.2012, 20:09   #3
MutationX
 
Auch hier Abnow am Start! - Standard

Auch hier Abnow am Start!


Verdammt - trotzdem danke!
__________________
Alt 13.03.2012, 20:13   #4
markusg
/// Malware-holic
 
Auch hier Abnow am Start! - Standard

Auch hier Abnow am Start!


hi, kannst dich ja noch melden wegen der tipps zum absichern, und wegen sonstiger fragen natürlich auch
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Auch hier Abnow am Start!
abnow, adobe, alternate, autorun, becker, bho, bonjour, conduit, document, downloader, explorer, firefox, format, google, helper, internet, langs, logfiles, microsoft, mozilla, notification, nvidia, plug-in, programme, registry, rootkit, scan, searchscopes, security, server, siteadvisor, usb, version=1.0, windows, winlogon, wmp


« Trojaner nach BKA-Meldung | Mein GMX Account sendet große Anzahl Spam-E-Mails »


Ähnliche Themen: Auch hier Abnow am Start!


  1. V9.com ständig auch hier
    Plagegeister aller Art und deren Bekämpfung - 02.09.2014 (11)
  2. System Progressive Protection auch hier
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (7)
  3. hier auch ein Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 25.05.2012 (6)
  4. TR/Kazy.mekml.1 leider auch hier
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  5. Hier auch: BKA-Trojaner
    Log-Analyse und Auswertung - 15.04.2011 (6)
  6. Zone Media - auch hier
    Log-Analyse und Auswertung - 26.07.2010 (13)
  7. Bekommt man hier auch antworten?
    Mülltonne - 20.11.2008 (0)
  8. Auch hier TR/Vundo.Gen!
    Plagegeister aller Art und deren Bekämpfung - 30.10.2008 (6)
  9. Auch hier TR/Vundo.Gen!
    Mülltonne - 29.10.2008 (0)
  10. Hab ich auch n HiJacker? Hier mein Log...
    Log-Analyse und Auswertung - 14.10.2008 (0)
  11. könnt hier auch was faul sein ??
    Log-Analyse und Auswertung - 04.06.2007 (1)
  12. auch ratlos hier ist auch mein logfile bitte helfen
    Mülltonne - 30.03.2006 (1)
  13. Auch hier Spysheriff Reste?
    Log-Analyse und Auswertung - 05.01.2006 (1)
  14. Auch Hier habe Ich ein Problem !!
    Antiviren-, Firewall- und andere Schutzprogramme - 12.04.2005 (3)
  15. tach auch könnt ihr auch hier ein auge drauf werfen
    Log-Analyse und Auswertung - 25.02.2005 (8)
  16. Auch hier.... Agent.KT
    Plagegeister aller Art und deren Bekämpfung - 20.02.2005 (5)
  17. Suche auch Hilfe ... hier mein Log!
    Log-Analyse und Auswertung - 27.12.2004 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Auch hier Abnow am Start! - Schönen guten Tag, auch auf meinem Arbeitsrechner habe ich das Abnow-Problem mit dem Rootkit und der falschen Google-Weiterleitung. Hatte vorher Spyware-Terminator, jetzt McAfee Internet Security 2012 am Start. McAfee findet - Auch hier Abnow am Start!...
Archiv
Du betrachtest: Auch hier Abnow am Start! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131