Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
SMART HDD - Entfernen - Wie gehts genau?

SMART HDD - Entfernen - Wie gehts genau?


Plagegeister aller Art und deren Bekämpfung: SMART HDD - Entfernen - Wie gehts genau?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.04.2012, 19:11   #1
Nadyan
 
SMART HDD - Entfernen - Wie gehts genau? - Standard

SMART HDD - Entfernen - Wie gehts genau?


Hallo, ein Kumpel hat den Smart HDD auf seinem Notebook.
WIN Vista SP 2, 32 Bit,
Virenprogramm: Avira - hoffnungslos veraltet

Ich will SMART HDD runterhauen und brauche Eure Hilfe.
Es gibt zwar schon einige Threads dazu, wenn ich es aber richtig verstanden habe, soll man keine Lösungswege übernehmen.
Die Symptome sind die gleichen wie in den anderen Beiträgen genannt.
Desktop schwarz, alle Programme und Dateien weg bzw. nicht sichtbar.
Habe gerade OTL im Normalmodus scannen lassen.
Hier das logfile:

Zitat:
OTL logfile created on: 06.04.2012 19:52:56 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jojo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 66,51% Memory free
6,13 Gb Paging File | 5,21 Gb Available in Paging File | 84,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 49,29 Gb Free Space | 21,16% Space Free | Partition Type: NTFS
Drive D: | 1,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 232,88 Gb Total Space | 217,75 Gb Free Space | 93,50% Space Free | Partition Type: NTFS

Computer Name: JOJO-PC | User Name: Jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.06 19:27:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
PRC - [2012.03.31 22:17:56 | 000,220,672 | -H-- | M] () -- C:\ProgramData\JcCf5JuQOG1Ab1.exe
PRC - [2012.03.31 22:10:25 | 000,300,032 | -H-- | M] () -- C:\ProgramData\rmIhrYfwFjUdy.exe
PRC - [2012.01.03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.03 20:57:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.09 13:32:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.27 15:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 00:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.30 19:52:34 | 000,016,200 | -H-- | M] () -- X:\CorelIOMonitor.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.02.12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006.11.02 02:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (No Company Name) ==========

MOD - [2012.03.31 22:17:56 | 000,220,672 | -H-- | M] () -- C:\ProgramData\JcCf5JuQOG1Ab1.exe
MOD - [2012.03.31 22:10:25 | 000,300,032 | -H-- | M] () -- C:\ProgramData\rmIhrYfwFjUdy.exe
MOD - [2010.12.28 18:37:58 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.10.30 19:52:34 | 000,016,200 | -H-- | M] () -- X:\CorelIOMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - [2011.07.03 20:57:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.09 13:32:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.11.29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.07.27 15:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.03.17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.02.12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.07.03 20:57:54 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 20:57:54 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.12.28 18:37:57 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.04 10:12:06 | 000,048,600 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.08.07 07:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.01.04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.10.23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 66 CB EE C9 A6 CB 01 [binary data]
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\..\SearchScopes,DefaultScope = {D0F07D9A-9407-44B8-8696-4CA03F0A17F5}
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\..\SearchScopes\{05DC537A-CF95-4AB0-B002-515EC3F91565}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=41E88004-95A9-4924-ACE8-86C6F42C884B&apn_sauid=BA936F46-9DA6-486E-8512-3EFFB9C66C0C
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\..\SearchScopes\{D0F07D9A-9407-44B8-8696-4CA03F0A17F5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_deDE412
IE - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://t-online.de/"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=de_DE&apn_uid=41E88004-95A9-4924-ACE8-86C6F42C884B&apn_ptnrs=U3&apn_sauid=BA936F46-9DA6-486E-8512-3EFFB9C66C0C&apn_dtid=OSJ000YYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.03.03 23:37:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.03.03 23:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.24 12:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.07.24 21:25:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jojo\AppData\Roaming\mozilla\Extensions
[2011.07.24 21:25:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jojo\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.17 21:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.29 03:38:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.24 12:43:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.12 00:05:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 00:05:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 00:05:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 00:05:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 00:05:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 00:05:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel File Shell Monitor] X:\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup File not found
O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000..\Run: [LaunchList] C:\Programme\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000..\Run: [rmIhrYfwFjUdy.exe] C:\ProgramData\rmIhrYfwFjUdy.exe ()
O4 - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000..\Run: [SymphonyPreLoad] "C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\IBM Lotus Symphony" -nogui -nosplash File not found
O4 - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3611121370-2137112214-1779689433-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54896C36-44A4-454C-A93E-099031EC58D3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B8DE102-2539-4926-A69E-38C7B7016428}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jojo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jojo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.10 11:37:28 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.06 19:52:27 | 000,593,920 | -H-- | C] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
[2012.03.31 22:17:59 | 000,000,000 | -H-D | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.03.31 22:12:24 | 000,000,000 | -H-D | C] -- C:\Users\Jojo\Desktop\s04
[2012.03.31 21:07:04 | 000,000,000 | -H-D | C] -- C:\Users\Jojo\Desktop\Lennox
[2012.03.15 01:30:48 | 000,000,000 | -H-D | C] -- C:\Users\Jojo\Desktop\Apress
[2012.03.15 01:24:29 | 000,000,000 | -H-D | C] -- C:\Users\Jojo\Desktop\German_TOP100_Single_Charts_05_03_2012-MCG

========== Files - Modified Within 30 Days ==========

[2012.04.06 19:56:30 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.04.06 19:56:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.06 19:56:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.06 19:56:09 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.06 19:56:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.06 19:50:19 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.06 19:50:16 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.06 19:50:16 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.06 19:50:10 | 000,311,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.06 19:49:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.06 19:49:40 | 3184,369,664 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.06 19:27:52 | 000,593,920 | -H-- | M] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
[2012.04.05 22:58:22 | 000,001,356 | -H-- | M] () -- C:\Users\Jojo\AppData\Local\d3d9caps.dat
[2012.04.05 22:50:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.31 22:23:00 | 000,000,208 | -H-- | M] () -- C:\ProgramData\-JcCf5JuQOG1Ab1r
[2012.03.31 22:23:00 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-JcCf5JuQOG1Ab1
[2012.03.31 22:22:57 | 000,000,256 | -H-- | M] () -- C:\ProgramData\JcCf5JuQOG1Ab1
[2012.03.31 22:17:59 | 000,000,599 | -H-- | M] () -- C:\Users\Jojo\Desktop\SMART_HDD.lnk
[2012.03.31 22:17:56 | 000,220,672 | -H-- | M] () -- C:\ProgramData\JcCf5JuQOG1Ab1.exe
[2012.03.31 22:10:25 | 000,300,032 | -H-- | M] () -- C:\ProgramData\rmIhrYfwFjUdy.exe
[2012.03.29 20:32:05 | 000,001,726 | -H-- | M] () -- C:\Users\Jojo\AppData\Roaming\wklnhst.dat
[2012.03.24 09:08:04 | 000,010,752 | -H-- | M] () -- C:\Users\Jojo\Desktop\winterurlaubt.wps
[2012.03.15 02:52:33 | 002,193,933 | -H-- | M] () -- C:\Users\Jojo\Desktop\IMG_2380.JPG
[2012.03.15 02:43:55 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.03.15 01:13:29 | 000,171,008 | -H-- | M] () -- C:\Users\Jojo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.14 13:42:45 | 734,349,312 | -H-- | M] () -- C:\Users\Jojo\Desktop\Unser Leben.avi
[2012.03.12 13:07:13 | 000,010,240 | -H-- | M] () -- C:\Users\Jojo\Desktop\kennw..wps

========== Files Created - No Company Name ==========

[2012.04.06 19:49:40 | 3184,369,664 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.31 22:18:01 | 000,000,208 | -H-- | C] () -- C:\ProgramData\-JcCf5JuQOG1Ab1r
[2012.03.31 22:18:00 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-JcCf5JuQOG1Ab1
[2012.03.31 22:17:59 | 000,000,599 | -H-- | C] () -- C:\Users\Jojo\Desktop\SMART_HDD.lnk
[2012.03.31 22:17:56 | 000,220,672 | -H-- | C] () -- C:\ProgramData\JcCf5JuQOG1Ab1.exe
[2012.03.31 22:17:56 | 000,000,256 | -H-- | C] () -- C:\ProgramData\JcCf5JuQOG1Ab1
[2012.03.31 22:12:31 | 000,300,032 | -H-- | C] () -- C:\ProgramData\rmIhrYfwFjUdy.exe
[2012.03.15 04:45:57 | 002,012,238 | -H-- | C] () -- C:\Users\Jojo\Desktop\DSC02062.JPG
[2012.03.15 04:19:18 | 002,261,571 | -H-- | C] () -- C:\Users\Jojo\Desktop\IMG_1755.JPG
[2012.03.15 04:18:28 | 001,333,911 | -H-- | C] () -- C:\Users\Jojo\Desktop\IMG_1751.JPG
[2012.03.15 04:03:35 | 002,497,671 | -H-- | C] () -- C:\Users\Jojo\Desktop\IMG_3054.JPG
[2012.03.15 03:36:20 | 002,322,262 | -H-- | C] () -- C:\Users\Jojo\Desktop\Bild 519.jpg
[2012.03.15 03:23:03 | 002,160,715 | -H-- | C] () -- C:\Users\Jojo\Desktop\DSC00977.JPG
[2012.03.15 01:09:44 | 1605,537,127 | -H-- | C] () -- C:\Users\Jojo\Desktop\i_believe_i_can_fly-flight_of_the_frenchies.mov
[2012.03.15 01:05:29 | 838,531,072 | -H-- | C] () -- C:\Users\Jojo\Desktop\The Asgard Project.avi
[2012.03.15 01:02:49 | 1467,783,472 | -H-- | C] () -- C:\Users\Jojo\Desktop\Am Limit.avi
[2012.03.15 01:01:42 | 734,349,312 | -H-- | C] () -- C:\Users\Jojo\Desktop\Unser Leben.avi
[2011.05.09 16:22:35 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2011.05.09 16:22:34 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2011.05.09 16:22:34 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2011.05.09 16:22:34 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2011.05.09 16:22:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2011.05.05 21:07:45 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.12.29 22:11:27 | 000,001,726 | -H-- | C] () -- C:\Users\Jojo\AppData\Roaming\wklnhst.dat
[2010.12.29 20:44:16 | 000,171,008 | -H-- | C] () -- C:\Users\Jojo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 03:24:20 | 000,438,272 | ---- | C] () -- C:\Windows\System32\Newton.dll
[2010.12.29 03:24:10 | 003,423,139 | ---- | C] () -- C:\Windows\System32\tv3dc65.dll
[2010.12.29 03:24:10 | 000,713,644 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2010.12.29 03:24:10 | 000,060,973 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2010.12.29 00:17:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.12.29 00:16:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.12.28 21:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.28 19:29:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.12.22 04:25:00 | 000,001,356 | -H-- | C] () -- C:\Users\Jojo\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012.01.02 16:04:33 | 000,000,000 | -H-D | M] -- C:\Users\Jojo\AppData\Roaming\Amazon
[2010.12.29 22:11:34 | 000,000,000 | -H-D | M] -- C:\Users\Jojo\AppData\Roaming\Template
[2010.12.28 14:40:10 | 000,000,000 | -H-D | M] -- C:\Users\Jojo\AppData\Roaming\TMP
[2011.07.24 21:25:30 | 000,000,000 | -H-D | M] -- C:\Users\Jojo\AppData\Roaming\TomTom
[2010.12.28 22:12:18 | 000,000,000 | -H-D | M] -- C:\Users\Jojo\AppData\Roaming\WinBatch
[2012.04.05 23:17:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Vielen Dank schonmal.

 

Themen zu SMART HDD - Entfernen - Wie gehts genau?
32 bit, adobe, antivir, autorun, avira, bho, defender, downloader, entfernen, explorer, firefox, format, google earth, helper, home, langs, logfile, microsoft, plug-in, programm, programme, registry, scan, searchscopes, security, security scan, software, version=1.0, vista, wallpaper, winlogon, wmp


« kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben) | PC auf einmal sehr langsam »


Ähnliche Themen: SMART HDD - Entfernen - Wie gehts genau?


  1. Smart Web Search entfernen
    Anleitungen, FAQs & Links - 16.11.2013 (2)
  2. Smart Security entfernen
    Anleitungen, FAQs & Links - 27.01.2013 (2)
  3. Bundestrojaner 1.13 entfernen ... OTL und EXTRAS schon vorhanden, wie gehts weiter?
    Log-Analyse und Auswertung - 25.11.2012 (4)
  4. bka trojaner entfernen - wie gehts weiter?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  5. smart fortress 2012, wie entfernen?
    Log-Analyse und Auswertung - 22.05.2012 (33)
  6. Smart HDD entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (30)
  7. SMART HDD entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (3)
  8. Smart HDD/ Wie entfernen?
    Log-Analyse und Auswertung - 14.04.2012 (14)
  9. Smart HDD entfernen
    Antiviren-, Firewall- und andere Schutzprogramme - 06.04.2012 (1)
  10. Smart Fortress 2012 entfernen
    Anleitungen, FAQs & Links - 27.02.2012 (2)
  11. Windows Smart Partner entfernen
    Anleitungen, FAQs & Links - 20.02.2012 (2)
  12. Windows Smart Warden entfernen
    Anleitungen, FAQs & Links - 19.02.2012 (2)
  13. Smart Protection 2012 entfernen
    Anleitungen, FAQs & Links - 21.01.2012 (2)
  14. Smart HDD entfernen
    Anleitungen, FAQs & Links - 14.12.2010 (2)
  15. Smart Defragmenter entfernen
    Anleitungen, FAQs & Links - 01.11.2010 (2)
  16. Smart Engine entfernen
    Anleitungen, FAQs & Links - 11.10.2010 (2)
  17. SmartSecurity / Smart Security entfernen
    Anleitungen, FAQs & Links - 13.03.2010 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema SMART HDD - Entfernen - Wie gehts genau? - Hallo, ein Kumpel hat den Smart HDD auf seinem Notebook. WIN Vista SP 2, 32 Bit, Virenprogramm: Avira - hoffnungslos veraltet Ich will SMART HDD runterhauen und brauche Eure Hilfe. - SMART HDD - Entfernen - Wie gehts genau?...
Archiv
Du betrachtest: SMART HDD - Entfernen - Wie gehts genau? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19