Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
SMART HDD Virus

SMART HDD Virus


Log-Analyse und Auswertung: SMART HDD Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.04.2012, 12:23   #1
Schokimuffin
 
SMART HDD Virus - Standard

SMART HDD Virus


Hallöchen,
meine Freundin hat der Virus auch erwischt.
Habe die Anleitung, die ich im Forum gefunden habe soweit befolgt.
Habe OTL im Quickscan laufen lassen und folgende txt-Dateien erhalten:

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 08.04.2012 12:26:38 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Anwender\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 49,40% Memory free
3,74 Gb Paging File | 1,90 Gb Available in Paging File | 50,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,17 Gb Total Space | 14,67 Gb Free Space | 21,84% Space Free | Partition Type: NTFS
Drive D: | 67,22 Gb Total Space | 67,13 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,43 Gb Free Space | 72,92% Space Free | Partition Type: FAT32
 
Computer Name: ANWENDER-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.08 12:09:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Downloads\OTL.exe
PRC - [2011.07.01 03:24:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 03:34:09 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe
PRC - [2010.11.04 21:44:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.03.18 10:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programme\PACKARD BELL\SetupMyPC\SmpSys.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.14 11:26:44 | 001,695,744 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Programme\Logitech\Vid HD\vpxmd.dll
MOD - [2011.01.13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\SDL.dll
MOD - [2009.04.22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009.04.10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtCore4.dll
MOD - [2009.03.04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009.03.04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009.03.04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009.03.04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtXml4.dll
MOD - [2009.03.04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtSql4.dll
MOD - [2009.03.04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009.03.04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtGui4.dll
MOD - [2009.03.04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Programme\Logitech\Vid HD\phonon4.dll
MOD - [2007.09.14 11:26:44 | 001,695,744 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.01 03:24:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 03:34:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.05.25 20:28:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.07.01 03:24:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 03:24:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.07 10:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009.10.07 10:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.06 17:14:00 | 009,638,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.11.12 11:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.09.24 11:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.24 20:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.01 05:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.07.22 04:11:16 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
DRV - [2007.04.23 15:19:24 | 000,227,328 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imax_mini_n3600&r=1v3505097106p0365vqi5y4651023n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imax_mini_n3600&r=1v3505097106p0365vqi5y4651023n
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Programme\Celebrity Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Anwender\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.04 23:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 09:31:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.23 14:42:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.04 23:34:26 | 000,000,000 | ---D | M]
 
[2010.03.19 20:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2012.04.07 06:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\46gto4th.default\extensions
[2012.04.08 12:24:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\46gto4th.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.08 12:24:57 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\46gto4th.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.12 22:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46GTO4TH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.21 09:31:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.23 14:41:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.27 09:39:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.27 09:39:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.27 09:39:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.27 09:39:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.28 00:41:38 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2012.02.27 09:39:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.27 09:39:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Programme\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Programme\Celebrity Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1759400110-181458488-2166540216-1000\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Programme\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759400110-181458488-2166540216-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1759400110-181458488-2166540216-1000..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O4 - HKU\S-1-5-21-1759400110-181458488-2166540216-1000..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-1759400110-181458488-2166540216-1000..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-1759400110-181458488-2166540216-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anwender\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{447FCA1D-DC6E-40F9-9C6D-C44D50668482}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{368efe46-7f2e-11df-863c-00226864802d}\Shell - "" = AutoRun
O33 - MountPoints2\{368efe46-7f2e-11df-863c-00226864802d}\Shell\AutoRun\command - "" = E:\laucher.exe
O33 - MountPoints2\{c07ff2dc-f256-11df-a8be-00226864802d}\Shell - "" = AutoRun
O33 - MountPoints2\{c07ff2dc-f256-11df-a8be-00226864802d}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.08 02:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.08 02:28:10 | 000,000,000 | R--D | C] -- C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.04.08 01:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.04.07 21:16:17 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Malwarebytes
[2012.04.07 21:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.07 21:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.07 20:53:06 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Avira
[2012.04.07 20:51:58 | 000,000,000 | R--D | C] -- C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(2548)
[2012.04.06 13:36:14 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Neuer Ordner (2)
[2012.04.06 13:04:55 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\bb datein
[2012.04.04 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\i.o
[2012.04.04 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Neuer Ordner
[2012.03.17 10:37:36 | 000,000,000 | R--D | C] -- C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(19)
[2010.12.15 15:32:06 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe132A.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.08 12:30:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Gast 2.job
[2012.04.08 12:30:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8BC7F6E2-CD85-44D2-8B30-F1AF70883688}.job
[2012.04.08 12:27:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.08 12:27:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.08 02:34:24 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.08 02:34:24 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.08 02:34:24 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.08 02:34:24 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.08 02:28:52 | 000,098,726 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.08 02:27:32 | 000,098,726 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.08 02:27:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.08 02:26:57 | 1878,065,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.07 21:59:17 | 000,105,627 | ---- | M] () -- C:\Users\Anwender\Desktop\326331_2488174570662_1441633457_32857661_1544903157_o.jpg
[2012.04.07 20:56:35 | 000,000,160 | ---- | M] () -- C:\ProgramData\-i5pwwveTLKMgHir
[2012.04.07 20:56:35 | 000,000,000 | ---- | M] () -- C:\ProgramData\-i5pwwveTLKMgHi
[2012.04.07 20:56:32 | 000,000,256 | ---- | M] () -- C:\ProgramData\i5pwwveTLKMgHi
[2012.04.07 20:43:24 | 000,251,361 | ---- | M] () -- C:\Users\Anwender\Desktop\lion-cub-light.jpg
[2012.04.07 16:19:06 | 000,007,808 | ---- | M] () -- C:\Users\Anwender\AppData\Local\d3d9caps.dat
[2012.04.03 15:51:24 | 000,152,168 | ---- | M] () -- C:\Users\Anwender\Desktop\miri.jpg
[2012.04.03 15:02:28 | 000,018,457 | ---- | M] () -- C:\Users\Anwender\Desktop\alki.jpg
[2012.04.03 14:57:52 | 000,048,632 | ---- | M] () -- C:\Users\Anwender\Desktop\trevor vs. clemens.jpg
[2012.04.02 11:51:44 | 000,103,767 | ---- | M] () -- C:\Users\Anwender\Desktop\amrit.jpg
 
========== Files Created - No Company Name ==========
 
[2012.04.07 21:58:51 | 000,105,627 | ---- | C] () -- C:\Users\Anwender\Desktop\326331_2488174570662_1441633457_32857661_1544903157_o.jpg
[2012.04.07 20:56:35 | 000,000,160 | ---- | C] () -- C:\ProgramData\-i5pwwveTLKMgHir
[2012.04.07 20:56:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\-i5pwwveTLKMgHi
[2012.04.07 20:56:29 | 000,000,256 | ---- | C] () -- C:\ProgramData\i5pwwveTLKMgHi
[2012.04.07 20:43:22 | 000,251,361 | ---- | C] () -- C:\Users\Anwender\Desktop\lion-cub-light.jpg
[2012.04.06 13:38:02 | 000,430,535 | ---- | C] () -- C:\Users\Anwender\Desktop\IMG-20111029-00592.jpg
[2012.04.06 13:38:02 | 000,421,855 | ---- | C] () -- C:\Users\Anwender\Desktop\IMG-20111029-00592 - Kopie.jpg
[2012.04.06 13:38:00 | 000,409,378 | ---- | C] () -- C:\Users\Anwender\Desktop\IMG-20111029-00590.jpg
[2012.04.06 13:38:00 | 000,355,517 | ---- | C] () -- C:\Users\Anwender\Desktop\IMG-20111029-00591 - Kopie.jpg
[2012.04.06 13:37:42 | 000,106,184 | ---- | C] () -- C:\Users\Anwender\Desktop\89196fd0f432fe5d11b28a945652705e.jpg
[2012.04.06 13:37:42 | 000,042,151 | ---- | C] () -- C:\Users\Anwender\Desktop\291211ec036356ace9aa5a865f19f257.jpg
[2012.04.03 15:02:27 | 000,018,457 | ---- | C] () -- C:\Users\Anwender\Desktop\alki.jpg
[2012.04.03 14:57:51 | 000,048,632 | ---- | C] () -- C:\Users\Anwender\Desktop\trevor vs. clemens.jpg
[2012.04.03 14:14:10 | 000,152,168 | ---- | C] () -- C:\Users\Anwender\Desktop\miri.jpg
[2012.04.02 11:51:44 | 000,103,767 | ---- | C] () -- C:\Users\Anwender\Desktop\amrit.jpg
[2012.03.09 16:59:48 | 000,175,963 | ---- | C] () -- C:\Users\Anwender\Desktop\DSC03873 - Kopie.JPG
[2012.03.09 16:58:21 | 000,146,235 | ---- | C] () -- C:\Users\Anwender\Desktop\DSC02110 - Kopie.JPG
[2012.03.09 16:57:49 | 000,177,184 | ---- | C] () -- C:\Users\Anwender\Desktop\DSC01971 - Kopie.JPG
[2011.07.13 09:44:30 | 000,007,808 | ---- | C] () -- C:\Users\Anwender\AppData\Local\d3d9caps.dat
[2011.07.05 00:15:41 | 000,005,120 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.15 18:47:25 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.04 23:33:10 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.04.28 13:25:12 | 000,078,213 | ---- | C] () -- C:\Windows\hpqins05.dat
 
========== LOP Check ==========
 
[2010.03.21 17:43:36 | 000,000,000 | -HSD | M] -- C:\Users\Anwender\AppData\Roaming\.#
[2009.05.25 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Acer GameZone Console
[2011.07.11 12:00:56 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.08 12:24:55 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Facebook
[2010.05.15 18:55:08 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Leadertech
[2010.01.23 17:23:37 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Packard Bell
[2011.02.23 16:12:56 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Research In Motion
[2010.03.19 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Sega
[2009.07.11 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Template
[2010.11.26 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Uniblue
[2009.05.25 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009.05.25 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010.03.16 10:51:34 | 000,000,000 | -HSD | M] -- C:\Users\Gast\AppData\Roaming\.#
[2009.05.25 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Acer GameZone Console
[2009.11.06 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Packard Bell
[2009.08.03 16:45:45 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Sega
[2009.08.18 12:33:24 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Template
[2009.11.03 18:37:48 | 000,000,000 | -HSD | M] -- C:\Users\Gast 2\AppData\Roaming\.#
[2009.05.25 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Gast 2\AppData\Roaming\Acer GameZone Console
[2009.10.22 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\Gast 2\AppData\Roaming\Go Go Gourmet
[2009.10.19 14:17:54 | 000,000,000 | ---D | M] -- C:\Users\Gast 2\AppData\Roaming\Meridian93
[2009.09.23 17:06:18 | 000,000,000 | ---D | M] -- C:\Users\Gast 2\AppData\Roaming\Packard Bell
[2012.04.08 12:30:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Customer Registration Reminder - Gast 2.job
[2012.04.07 07:10:15 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.08 12:30:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8BC7F6E2-CD85-44D2-8B30-F1AF70883688}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9F683177
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:753F86A9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C99F6ECA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:DAFD38AE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:DAFAF1BF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C46995DA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2634FC95
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F3176E45

< End of report >

und Extras.txt:

Code:
ATTFilter
Error - 01.03.2012 12:48:56 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.03.2012 12:49:41 | Computer Name = Anwender-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.03.2012 12:53:29 | Computer Name = Anwender-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.03.2012 12:53:29 | Computer Name = Anwender-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.03.2012 12:53:30 | Computer Name = Anwender-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.03.2012 12:53:30 | Computer Name = Anwender-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 05.04.2012 04:43:45 | Computer Name = Anwender-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.04.2012 04:45:22 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.04.2012 10:10:22 | Computer Name = Anwender-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.04.2012 10:11:40 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.04.2012 14:51:07 | Computer Name = Anwender-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.04.2012 14:52:45 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.04.2012 14:56:54 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 07.04.2012 20:13:25 | Computer Name = Anwender-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetbiosSmb vom Serverdienst nicht gebunden werden. Der Serverdienst konnte
 nicht gestartet werden.
 
Error - 07.04.2012 20:27:11 | Computer Name = Anwender-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.04.2012 20:28:36 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Könnte mir jemand vielleicht das dazu passende Script anfertigen? Das wäre sehr nett
Frohe Ostern!

Alt 08.04.2012, 21:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART HDD Virus - Standard

SMART HDD Virus


Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Antwort

Themen zu SMART HDD Virus
adobe, alternate, antivir, autorun, avira, bho, conduit, converter, defender, desktop, explorer, fehler, firefox, format, home, logfile, lws.exe, mp3, netgear, netzwerk, nvidia, packard bell, photoshop, plug-in, registry, searchscopes, senden, smart hdd, software, usb, virus, vista


« TR/Dropper.gen7 wie entfernen? | Bitte LOG auswerten, es werden immer komische MAils versandt »


Ähnliche Themen: SMART HDD Virus


  1. SMART HDD Virus Befall - entfernen für Laien
    Log-Analyse und Auswertung - 23.02.2013 (31)
  2. smart repair virus auf rechner
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (2)
  3. Smart HDD Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (19)
  4. Smart HDD Virus
    Plagegeister aller Art und deren Bekämpfung - 20.05.2012 (3)
  5. SMART HDD Virus
    Log-Analyse und Auswertung - 12.05.2012 (38)
  6. Virus Löschen SMART FORTRESS 2012
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (1)
  7. Smart HDD Virus hat alle Dateien und Programme versteckt
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  8. SMART HDD Virus!
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (8)
  9. HDD Smart Virus Malware Logfile
    Log-Analyse und Auswertung - 22.04.2012 (11)
  10. Befall Smart Hdd-Virus
    Log-Analyse und Auswertung - 20.04.2012 (35)
  11. SMART HDD Virus Befall
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  12. Trojanerproblem nach Smart Fortress 2012 Virus
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  13. Virus SMART HDD, OTL-Log bereits erfolgt
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  14. hdd smart virus auf dem computer
    Log-Analyse und Auswertung - 11.04.2012 (6)
  15. (2x) Trojanerproblem nach Smart Fortress 2012 Virus
    Mülltonne - 09.04.2012 (1)
  16. SMART HDD Virus Befall / wie entfernen?
    Log-Analyse und Auswertung - 09.04.2012 (21)
  17. SMART HDD Virus/Trojaner
    Log-Analyse und Auswertung - 02.04.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema SMART HDD Virus - Hallöchen, meine Freundin hat der Virus auch erwischt. Habe die Anleitung, die ich im Forum gefunden habe soweit befolgt. Habe OTL im Quickscan laufen lassen und folgende txt-Dateien erhalten: OTL.txt: - SMART HDD Virus...
Archiv
Du betrachtest: SMART HDD Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55