Problem mit S.M.A.R.T HDD

VistaOrange · 10.04.2012, 13:32

Hallo an Alle!
Ich habe mir beim Surfen mit dem IE8 den S.M.A.R.T HDD-Virus auf meinem Laptop (Vista SP1 32bit) eingefangen. Nachdem ich mit Malwarebytes einen Quickscan gemacht und alle infizierten Objekte gelöscht habe, habe ich zur Sicherheit noch einen Vollscan gemacht, welcher allerdings ergebnislos blieb.
Jetzt fehlen mir allerdings noch alle Desktopsymbole und alle Ordner auf der Festplatte sind versteckt. Kann mir bitte jemand helfen, den Virus ganz zu löschen? Unten habe ich das Malwarebytes-Log des Quickscans eingefügt.
Ich bin kein Computerprofi und bin somit auf eure Hilfe angewiesen. Liebe Grüße, VistaOrange

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
horn :: HORN-PC [Administrator]

09.04.2012 08:30:36
mbam-log-2012-04-09 (08-30-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239573
Laufzeit: 46 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\awwEMYsOiYtEQwf.exe (Trojan.Agent) -> 3332 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|awwEMYsOiYtEQwf.exe (Trojan.Agent) -> Daten: C:\ProgramData\awwEMYsOiYtEQwf.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winog (Trojan.Agent.Gen) -> Daten: "C:\Users\horn\AppData\Roaming\winog.exe" -autorun -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|setupmwin (Trojan.Agent) -> Daten: "C:\Users\horn\AppData\Roaming\setupmwin.exe" -autorun -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\ProgramData\awwEMYsOiYtEQwf.exe (Trojan.Agent) -> Löschen bei Neustart.
C:\Users\horn\AppData\Roaming\winog.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\horn\AppData\Roaming\setupmwin.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\horn\AppData\Local\Temp\QUHsSpLeToQ6Pe.exe.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\horn\Downloads\installer_vanbasco_karaoke_player_2_53_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\horn\AppData\Local\Temp\nsrbgxod.bak (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 10.04.2012, 16:14

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

VistaOrange · 10.04.2012, 21:51

Danke für die schnelle Antwort. Hier ist das ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0a7eb24b7475a744996e36aac5febaf0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-09 05:42:06
# local_time=2012-04-09 07:42:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 0 171514415 0 0
# compatibility_mode=8192 67108863 100 0 590 590 0 0
# scanned=232589
# found=9
# cleaned=0
# scan_time=11634
C:\ProgramData\SKpkoWaVFBdoCP.exe	a variant of Win32/Kryptik.ADWY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\SKpkoWaVFBdoCP.exe	a variant of Win32/Kryptik.ADWY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\horn\AppData\Local\Temp\BBFF.tmp	a variant of Win32/Kryptik.BG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\horn\AppData\Local\Temp\jar_cache52288.tmp	a variant of Java/TrojanDownloader.Agent.NAN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\horn\AppData\Local\Temp\SetupDataMngr_Searchqu.exe	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Users\horn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5e79af06-13437665	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\horn\AppData\Roaming\winpmon.exe	a variant of Win32/Kryptik.LSX trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\horn\Downloads\fblauncher.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\horn\Downloads\fsSetup132.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I

cosinus · 11.04.2012, 13:12

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

VistaOrange · 11.04.2012, 13:45

Sorry, das hatte ich vergessen zu sagen. Der Desktop ist schwarz und es sind nur die Symbole ,,Papierkorb" ,,esetmartinstaller" und ,,Malwarebytes" zu sehen.
Die Schnellzugriffleiste neben dem Windows symbol, sowie das Startmenü sind leer.
Bei ,,Alle Programme" sind alle Ordner zu sehen. Wenn ich z.B. im Ordner ...\AppData\Roaming bin, wird dort nur der Ordner Microsoft gezeigt. Gebe ich allerdings ein ...\AppData\Roaming\.minecraft\bin\minecraft.jar ein, öffnet sich die Datei ganz normal. Da eben (fast) alle Datein versteckt sind, ist der normale Modus kaum benutzbar. Als Virenschutz habe ich immer nur die vorinstallierte Windows-Firewall benutzt. Grüße, VistaOrange

Anmerkung: Ich habe es jetzt geschafft Minecraft über die Pfadangabe zu öffnen. Das Menü ist uneingeschränkt nutzbar, allerdings lassen sich die Welten nicht laden (vermutlich weil sie versteckt sind). Vielleicht hilft dir das weiter.

cosinus · 11.04.2012, 14:25

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

VistaOrange · 11.04.2012, 15:06

Danke, jetzt kann ich alle Dateien wieder sehen. Allerdings gibt es immernoch eine Datei, die SMART HDD heißt. Wie kann ich die auch noch löschen?

cosinus · 11.04.2012, 15:39

Kannst du löschen!!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

VistaOrange · 11.04.2012, 17:24

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.04.2012 22:56:25 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\horn\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 56,15% Memory free
3,73 Gb Paging File | 2,90 Gb Available in Paging File | 77,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,04 Gb Total Space | 15,51 Gb Free Space | 10,55% Space Free | Partition Type: NTFS
 
Computer Name: HORN-PC | User Name: horn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.09 22:54:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\horn\Desktop\OTL.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.02.29 23:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.01.21 04:24:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.01.21 04:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.18 05:09:04 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2007.08.15 02:41:54 | 000,650,752 | ---- | M] (ITE Tech Inc.) -- C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
PRC - [2007.08.13 14:47:38 | 000,364,544 | ---- | M] () -- C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.28 15:10:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.28 15:09:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.28 15:09:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.28 15:07:20 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.28 15:04:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.06.02 17:09:16 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010.11.20 22:26:35 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.08.13 14:47:38 | 000,364,544 | ---- | M] () -- C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.06 01:17:19 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008.02.29 23:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.09.18 05:09:36 | 000,452,968 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007.07.30 03:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.07.04 11:04:54 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.06.19 12:04:48 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.01.24 18:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\horn\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.14 17:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.14 17:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.28 16:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.17 01:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horn\AppData\Roaming\mozilla\Extensions
[2010.01.17 12:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.09 15:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions
[2010.12.22 21:38:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.05 15:25:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.12.22 21:38:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.22 21:38:57 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010.10.26 21:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.12.22 21:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\staged-xpis
[2011.08.13 20:21:45 | 000,002,399 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\askcom.xml
[2011.08.31 11:25:08 | 000,000,917 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\conduit.xml
[2012.04.09 06:37:40 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-1.xml
[2010.12.13 17:55:32 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-10.xml
[2011.02.05 13:56:28 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-11.xml
[2009.06.30 16:35:18 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-2.xml
[2010.01.09 16:34:14 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-3.xml
[2010.01.24 15:54:49 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-4.xml
[2010.09.09 18:20:42 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-5.xml
[2010.09.19 17:11:37 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-6.xml
[2010.10.26 21:00:39 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-7.xml
[2010.10.30 18:39:33 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-8.xml
[2010.12.13 16:29:07 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin.xml
[2011.10.21 14:58:22 | 000,002,520 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\SearchResults.xml
[2011.12.17 01:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.03.30 18:35:43 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.05.19 16:43:51 | 000,000,000 | ---D | M] (PHPNukeDE Toolbar) -- C:\Program Files\mozilla firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d}
[2011.06.02 17:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.20 13:23:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.05 15:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.18 19:43:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.16 18:14:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.16 18:14:43 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.16 18:14:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.21 14:58:22 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.03.16 18:14:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.16 18:14:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe (Corel Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000..\Run: [Alamandi tray notifier] C:\Program Files\Intenium\Alamandi\TaskBarNotifier.exe File not found
O4 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000..\Run: [Spotify] C:\Users\horn\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000..\Run: [winpmon] C:\Users\horn\AppData\Roaming\winpmon.exe (Sysinternals)
O4 - Startup: C:\Users\horn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C4C31E-6CF6-4F8C-B151-08CE6CB518A8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - c:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\horn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\horn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.09 22:54:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\horn\Desktop\OTL.exe
[2012.04.09 21:57:17 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\horn\Desktop\unhide.exe
[2012.04.09 16:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.09 16:17:32 | 002,322,184 | ---- | C] (ESET) -- C:\Users\horn\Desktop\esetsmartinstaller_enu.exe
[2012.04.09 10:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.04.09 08:28:55 | 000,000,000 | ---D | C] -- C:\Users\horn\AppData\Roaming\Malwarebytes
[2012.04.09 08:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.09 08:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.09 08:28:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.09 08:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.09 07:52:14 | 000,000,000 | ---D | C] -- C:\Users\horn\Desktop\Backup Clemens
[2012.04.09 07:33:53 | 000,000,000 | ---D | C] -- C:\Users\horn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.07 17:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2012.04.07 17:34:24 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2012.04.02 01:29:28 | 000,000,000 | ---D | C] -- C:\Users\horn\AppData\Local\Spotify
[2012.04.02 01:28:11 | 000,000,000 | ---D | C] -- C:\Users\horn\AppData\Roaming\Spotify
[2012.03.31 06:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.09 22:57:22 | 000,699,100 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.09 22:57:22 | 000,655,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.09 22:57:22 | 000,128,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.09 22:57:21 | 000,156,392 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.09 22:54:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\horn\Desktop\OTL.exe
[2012.04.09 22:50:20 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.09 22:50:18 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.09 22:50:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.09 22:50:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.09 22:50:06 | 1874,018,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.09 22:44:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.09 22:17:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.09 21:57:21 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\horn\Desktop\unhide.exe
[2012.04.09 16:17:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\horn\Desktop\esetsmartinstaller_enu.exe
[2012.04.09 08:30:15 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.09 08:23:22 | 000,000,160 | ---- | M] () -- C:\ProgramData\-SKpkoWaVFBdoCPr
[2012.04.09 08:23:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\-SKpkoWaVFBdoCP
[2012.04.09 08:15:12 | 000,000,256 | ---- | M] () -- C:\ProgramData\SKpkoWaVFBdoCP
[2012.04.09 07:54:03 | 000,081,920 | ---- | M] () -- C:\Users\horn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.09 07:33:53 | 000,000,605 | ---- | M] () -- C:\Users\horn\Desktop\SMART_HDD.lnk
[2012.04.09 07:33:35 | 000,239,104 | ---- | M] ( ) -- C:\ProgramData\SKpkoWaVFBdoCP.exe
[2012.04.08 20:31:44 | 000,000,925 | ---- | M] () -- C:\Users\horn\Desktop\Internet Explorer.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.02 01:29:27 | 000,001,712 | ---- | M] () -- C:\Users\horn\Desktop\Spotify.lnk
[2012.03.22 02:25:52 | 000,017,163 | ---- | M] () -- C:\Users\horn\Documents\Deutsch.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.09 22:07:10 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.04.09 22:07:10 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozze.lnk
[2012.04.09 22:07:10 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.09 09:39:30 | 1874,018,304 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.09 08:28:15 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.09 07:34:01 | 000,000,160 | ---- | C] () -- C:\ProgramData\-SKpkoWaVFBdoCPr
[2012.04.09 07:34:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\-SKpkoWaVFBdoCP
[2012.04.09 07:33:53 | 000,000,605 | ---- | C] () -- C:\Users\horn\Desktop\SMART_HDD.lnk
[2012.04.09 07:33:43 | 000,000,256 | ---- | C] () -- C:\ProgramData\SKpkoWaVFBdoCP
[2012.04.09 07:33:35 | 000,239,104 | ---- | C] ( ) -- C:\ProgramData\SKpkoWaVFBdoCP.exe
[2012.04.06 00:56:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 01:29:27 | 000,001,712 | ---- | C] () -- C:\Users\horn\Desktop\Spotify.lnk
[2012.04.02 01:29:27 | 000,001,698 | ---- | C] () -- C:\Users\horn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.03.22 02:25:50 | 000,017,163 | ---- | C] () -- C:\Users\horn\Documents\Deutsch.odt
[2011.11.25 20:21:29 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.09.28 17:53:20 | 015,859,524 | ---- | C] () -- C:\Windows\System32\SuperPhotoShop_SuperPhotoShop Layouter_uninstaller.exe
[2011.09.23 14:37:54 | 000,000,605 | ---- | C] () -- C:\Users\horn\AppData\Roaming\.minecraft - Verknüpfung.lnk
[2011.07.24 08:53:03 | 000,000,000 | ---- | C] () -- C:\Users\horn\AppData\Local\{39BAC29A-53FF-42F8-87DC-9B87630131BF}
[2011.07.24 07:06:12 | 000,000,000 | ---- | C] () -- C:\Users\horn\AppData\Local\{7994C672-0A8D-4572-B5B1-CB22B386F64B}
[2011.07.02 14:30:09 | 000,000,000 | ---- | C] () -- C:\Users\horn\AppData\Local\{FB1341F0-9E5C-4E16-A632-3A4748ACB893}
[2011.06.22 17:32:24 | 000,000,000 | ---- | C] () -- C:\Users\horn\AppData\Local\{234DD887-45C2-4290-8B18-02A13AE0A15A}
[2011.05.05 19:58:19 | 000,000,000 | ---- | C] () -- C:\Users\horn\AppData\Local\{61DC69B6-FE31-4326-ACBC-65A58F9BACB5}
[2010.11.20 22:26:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.11.06 20:31:02 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
 
========== LOP Check ==========
 
[2012.04.06 00:55:18 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\.minecraft
[2011.10.21 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\AnvSoft
[2011.09.25 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Atari
[2011.05.28 19:52:39 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\cerasus.media
[2012.02.11 20:44:37 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\DVDVideoSoft
[2012.02.20 01:59:31 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.16 14:09:21 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\FreeFLVConverter
[2012.02.21 07:15:53 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\FreeScreenToVideo
[2012.03.07 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\gtk-2.0
[2012.02.28 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\ICQ
[2010.11.20 22:25:56 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Leadertech
[2011.11.07 19:18:03 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\MCEdit
[2011.03.24 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Nvu
[2011.06.02 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\OpenOffice.org
[2008.12.31 23:23:53 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Phase6
[2011.04.16 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\ProtectDISC
[2011.11.07 19:18:12 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\pymclevel
[2012.04.09 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Spotify
[2011.05.04 20:05:26 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Synthesia
[2010.01.17 12:52:16 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Thunderbird
[2012.03.31 06:27:10 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\TS3Client
[2011.07.16 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\XMedia Recode
[2009.05.29 16:51:55 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\YuLeech
[2012.04.09 22:48:48 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.22 15:11:49 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{60C7E2D2-14F9-4CF4-9C1F-E6BEBBEEC48A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.06 00:55:18 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\.minecraft
[2009.03.29 12:05:20 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Adobe
[2011.10.21 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\AnvSoft
[2010.03.05 15:27:55 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Apple Computer
[2011.09.25 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Atari
[2011.05.28 19:52:39 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\cerasus.media
[2009.12.04 18:18:39 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Corel
[2012.02.11 20:44:37 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\DVDVideoSoft
[2012.02.20 01:59:31 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.16 14:09:21 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\FreeFLVConverter
[2012.02.21 07:15:53 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\FreeScreenToVideo
[2009.03.27 19:40:35 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Google
[2012.03.07 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\gtk-2.0
[2012.02.28 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\ICQ
[2008.12.22 23:14:19 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Identities
[2010.11.20 22:25:56 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Leadertech
[2009.03.27 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Macromedia
[2012.04.09 08:28:55 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Malwarebytes
[2011.11.07 19:18:03 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\MCEdit
[2011.09.06 20:56:50 | 000,000,000 | --SD | M] -- C:\Users\horn\AppData\Roaming\Microsoft
[2010.03.19 15:28:31 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Move Networks
[2009.03.27 18:36:25 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Mozilla
[2011.03.24 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Nvu
[2011.06.02 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\OpenOffice.org
[2008.12.31 23:23:53 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Phase6
[2011.04.16 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\ProtectDISC
[2011.11.07 19:18:12 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\pymclevel
[2008.12.31 23:22:04 | 000,000,000 | R--D | M] -- C:\Users\horn\AppData\Roaming\SecuROM
[2012.04.09 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Spotify
[2011.05.04 20:05:26 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Synthesia
[2010.01.17 12:52:16 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\Thunderbird
[2012.03.31 06:27:10 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\TS3Client
[2011.04.16 21:02:30 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\WinRAR
[2011.07.16 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\XMedia Recode
[2009.05.29 16:51:55 | 000,000,000 | ---D | M] -- C:\Users\horn\AppData\Roaming\YuLeech
 
< %APPDATA%\*.exe /s >
[2008.01.21 04:25:20 | 000,067,584 | ---- | M] (Sysinternals) -- C:\Users\horn\AppData\Roaming\winpmon.exe
[2011.10.21 19:13:41 | 010,891,336 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Users\horn\AppData\Roaming\.minecraft\saves\FreeVideoDub.exe
[2011.10.21 18:11:48 | 014,655,808 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\horn\AppData\Roaming\.minecraft\saves\FreeYouTubeDownload3016.exe
[2011.01.11 20:39:01 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\horn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.11.07 19:18:03 | 000,060,473 | ---- | M] () -- C:\Users\horn\AppData\Roaming\MCEdit\mcedit-uninstall.exe
[2011.09.27 04:09:12 | 000,018,944 | ---- | M] () -- C:\Users\horn\AppData\Roaming\MCEdit\MCEditData\main.exe
[2010.03.19 15:28:31 | 000,144,053 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2012.04.02 01:29:27 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Users\horn\AppData\Roaming\Spotify\spotify.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 14:26:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.11.12 14:26:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:26:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:26:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\horn\Documents\Latein.MP3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\horn\Documents\Dasistesgrundschule.avi:TOC.WMV
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E1F04E8D

< End of report >

--- --- ---

cosinus · 11.04.2012, 18:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2010.12.22 21:38:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.05 15:25:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.12.22 21:38:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.22 21:38:57 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010.10.26 21:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.12.22 21:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\staged-xpis
[2011.08.13 20:21:45 | 000,002,399 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\askcom.xml
[2011.08.31 11:25:08 | 000,000,917 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\conduit.xml
[2012.04.09 06:37:40 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-1.xml
[2010.12.13 17:55:32 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-10.xml
[2011.02.05 13:56:28 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-11.xml
[2009.06.30 16:35:18 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-2.xml
[2010.01.09 16:34:14 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-3.xml
[2010.01.24 15:54:49 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-4.xml
[2010.09.09 18:20:42 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-5.xml
[2010.09.19 17:11:37 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-6.xml
[2010.10.26 21:00:39 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-7.xml
[2010.10.30 18:39:33 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-8.xml
[2010.12.13 16:29:07 | 000,000,950 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin.xml
[2011.10.21 14:58:22 | 000,002,520 | ---- | M] () -- C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\SearchResults.xml
[2009.03.30 18:35:43 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.05.19 16:43:51 | 000,000,000 | ---D | M] (PHPNukeDE Toolbar) -- C:\Program Files\mozilla firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d}
[2011.10.21 14:58:22 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000..\Run: [Alamandi tray notifier] C:\Program Files\Intenium\Alamandi\TaskBarNotifier.exe File not found
O4 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000..\Run: [winpmon] C:\Users\horn\AppData\Roaming\winpmon.exe (Sysinternals)
O7 - HKU\S-1-5-21-2581363697-430895227-1450211989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.04.09 08:23:22 | 000,000,160 | ---- | M] () -- C:\ProgramData\-SKpkoWaVFBdoCPr
[2012.04.09 08:23:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\-SKpkoWaVFBdoCP
[2012.04.09 08:15:12 | 000,000,256 | ---- | M] () -- C:\ProgramData\SKpkoWaVFBdoCP
[2012.04.09 07:33:53 | 000,000,605 | ---- | M] () -- C:\Users\horn\Desktop\SMART_HDD.lnk
[2012.04.09 07:33:35 | 000,239,104 | ---- | M] ( ) -- C:\ProgramData\SKpkoWaVFBdoCP.exe
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E1F04E8D
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

VistaOrange · 11.04.2012, 19:40

Während des Fixes ist OTL abgestürzt (,,OTL.exe funktioniert nicht mehr...wird geschlossen...") Danach habe ich den Computer Heruntergefahren und neu gestartet. Soll ich den gleichen Code nochmal einfügen oder muss ich jetzt etwas anderes machen?

cosinus · 12.04.2012, 08:50

Wiederhol den Fix im abgesicherten Modus bitte

VistaOrange · 12.04.2012, 13:24

Im Abgesicherten Modus funktionierte der Fix reibungslos. Hier das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Folder C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Folder C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}\ not found.
Folder C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\ not found.
Folder C:\Users\horn\AppData\Roaming\mozilla\Firefox\Profiles\hiwm7aa1.default\extensions\staged-xpis\ not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\askcom.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\conduit.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\icqplugin.xml not found.
File C:\Users\horn\AppData\Roaming\Mozilla\Firefox\Profiles\hiwm7aa1.default\searchplugins\SearchResults.xml not found.
Folder C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Program Files\mozilla firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d}\ not found.
File C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Alamandi tray notifier not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winpmon not found.
File C:\Users\horn\AppData\Roaming\winpmon.exe not found.
Registry value HKEY_USERS\S-1-5-21-2581363697-430895227-1450211989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File C:\ProgramData\-SKpkoWaVFBdoCPr not found.
File C:\ProgramData\-SKpkoWaVFBdoCP not found.
File C:\ProgramData\SKpkoWaVFBdoCP not found.
File C:\Users\horn\Desktop\SMART_HDD.lnk not found.
File C:\ProgramData\SKpkoWaVFBdoCP.exe not found.
Unable to delete ADS C:\ProgramData\TEMP:3447AB86 .
Unable to delete ADS C:\ProgramData\TEMP:E1F04E8D .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: horn
->Temp folder emptied: 32703 bytes
->Temporary Internet Files folder emptied: 201649 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17706776 bytes
->Flash cache emptied: 641 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2478769465 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.381,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: horn
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04122012_133908

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 12.04.2012, 15:32

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

VistaOrange · 12.04.2012, 19:25

Hier das Tdsskiller-Log (Muss ich als Anhang hochladen, da es zu lang ist)

11.04.2012, 13:12	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit S.M.A.R.T HDD Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

11.04.2012, 14:25	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit S.M.A.R.T HDD Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! __________________ --> Problem mit S.M.A.R.T HDD

12.04.2012, 08:50	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit S.M.A.R.T HDD Wiederhol den Fix im abgesicherten Modus bitte __________________ Logfiles bitte immer in CODE-Tags posten

Problem mit S.M.A.R.T HDD

Log-Analyse und Auswertung: Problem mit S.M.A.R.T HDD