![]() |
|
Log-Analyse und Auswertung: Smart HDD/ Wie entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Smart HDD/ Wie entfernen? Hallo, seit vorhin habe ich die typischen Smart-HDD-Probleme auf dem Notebook. Mein Desktop ist schwarz, ich kann weder auf meine Dokumente, noch auf meine Programme zugreifen - außer in Einzelfällen über Umwege. Die vielen Fenster mit angeblichen Fehlermeldungen sowie die Kaufaufforderung von Smart HDD sind nach einem ersten Quick Scan mit Malwarebytes und anschließender Fehlerbehebung schon verschwunden, der Desktop jedoch ist immer noch schwarz. Hier ist einmal der Log vom Quick Scan: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Cathrin :: CATHRIN-HP [Administrator] Schutz: Aktiviert 11.04.2012 12:25:58 mbam-log-2012-04-11 (12-25-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199931 Laufzeit: 11 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\yCtJmFuxrMKCWF.exe (Trojan.Agent) -> 5036 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yCtJmFuxrMKCWF.exe (Trojan.Agent) -> Daten: C:\ProgramData\yCtJmFuxrMKCWF.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\yCtJmFuxrMKCWF.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Cathrin :: CATHRIN-HP [Administrator] Schutz: Aktiviert 11.04.2012 12:41:50 mbam-log-2012-04-11 (12-41-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371339 Laufzeit: 1 Stunde(n), 25 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Erstmal defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:10 on 11/04/2012 (Cathrin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read SafeBoot.sys -=E.O.F=- Code:
ATTFilter . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Cathrin at 14:11:14 on 2012-04-11 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1967.338 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\Hpservice.exe C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ActivIdentity\ActivClient\acevents.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\ProgramData\DatacardService\DCService.exe C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\windows\system32\svchost.exe -k imgsvc C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\PDF24\pdf24.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\Cathrin\AppData\Roaming\T-Mobile Internet Manager\ouc.exe C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\DllHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\SearchProtocolHost.exe c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\hewlett-packard\hp protecttools security manager\bin\DPAgent.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll BHO: SwissAcademic.Citavi.Picker.IEPicker: {609d670f-b735-4da7-ac6d-f3bd358e325e} - mscoree.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe" uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe" mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe" mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [HP Connection Manager.exe] mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NOBuActivation.exe" UNATTENDED mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\cathrin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\cathrin\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\cathrin\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe StartupFolder: c:\users\cathrin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Citavi Picker... - file://c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL Trusted Zone: google.com\mail Trusted Zone: weightwatchers.de\signup Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://asa04.rmz.uni-lueneburg.de/+CSCOL+/relayp.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7EBF5330-A852-43AD-8EFC-0CA4783F1720} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7EBF5330-A852-43AD-8EFC-0CA4783F1720}\14C4943454D275C414E46454 : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: DeviceNP - DeviceNP.dll LSA: Notification Packages = DPPassFilter scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-8-31 13184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2010-2-2 51800] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-2-2 13256] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2010-2-2 40088] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-4 207400] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe [2011-1-21 81920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-21 172032] R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376] R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376] R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2010-4-5 103992] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-3-17 36864] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992] R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-6-14 90112] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2010-2-2 281192] R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2010-1-19 297984] R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-3-1 264248] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408] R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2010-3-16 331000] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-1-21 48640] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-1-21 47616] R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-1-21 38912] R2 SMManager;HP Connection Manager Service;c:\program files\hewlett-packard\hp connection manager\SMManager.exe [2010-3-13 82760] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-1-21 2320920] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-9-13 215208] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-31 63616] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-11 22344] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2011-1-21 73344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-19 1664304] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-21 29472] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-31 101504] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-12-7 362040] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-8-31 69504] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-2-1 6755840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-11-23 1120752] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-1 1343400] SUnknown sndcyobd;sndcyobd; [x] . =============== Created Last 30 ================ . 2012-04-11 10:40:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f73e59de-27ba-4c2c-9170-f36230000633}\offreg.dll 2012-04-11 10:24:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-11 09:56:50 -------- d--h--w- c:\users\cathrin\appdata\roaming\Malwarebytes 2012-04-11 09:56:41 -------- d--h--w- c:\programdata\Malwarebytes 2012-04-11 09:56:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-11 09:44:41 242688 ---ha-w- c:\programdata\1YuQ6AGiYV7j78.exe 2012-04-10 19:41:29 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f73e59de-27ba-4c2c-9170-f36230000633}\mpengine.dll 2012-03-14 21:40:11 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 21:40:10 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 07:28:47 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 07:28:46 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 07:28:30 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 07:28:30 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 07:28:30 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 07:28:29 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 07:28:29 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 07:28:29 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-12 19:13:23 -------- d-----w- c:\program files\common files\Bitdefender . ==================== Find3M ==================== . 2012-03-27 06:52:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 14:12:01,55 =============== Wenn ich etwas vergessen oder falsch gemacht habe, einfach sagen. Ich geb mir Mühe. ![]() Liebe Grüße und schon einmal vielen lieben Dank, Caetti |
Themen zu Smart HDD/ Wie entfernen? |
32 bit, acrobat update, adapter, administrator, adobe, ahnungslos, bingbar, bonjour, browser, dateien, dateisystem, defender, desktop, entfernen, explorer, heuristiks/extra, heuristiks/shuriken, hotkey, html, log, löschen, malwarebytes, microsoft, microsoft security, microsoft security essentials, pdf, plug-in, programme, scan, security, software, svchost.exe, symantec, t-mobile, wie entfernen, wie entfernen?, wmp |