| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
10.05.2014, 13:36
| #1 |
| /// TB-Ausbilder /// Anleitungs-Guru  |  Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok, bitte auch noch die Addition.txt posten... 
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
10.05.2014, 13:57
| #2 |
| | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Wo finde ich die Addition.txt
__________________ |
|
10.05.2014, 14:00
| #3 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Die sollte eigentlich auch
__________________Code:
ATTFilter C:\Users\Gaming pc\Desktop
Wenn Du sie nicht findest nicht schlimm, FRST starten, Haken setzen bei Addition.txt und nochmal auf Scan drücken... 
__________________ |
|
10.05.2014, 14:03
| #4 |
| | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok hab´s hier Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-05-2014
Ran by Gaming pc at 2014-05-10 15:01:15
Running from C:\Users\Gaming pc\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Ghost Recon Phantoms - EU (HKCU\...\d8be6c3f847d7d92) (Version: 1.35.5979.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{44D03537-3061-490B-BF0C-DACA4DEE8797}) (Version: 5.6.14 - Oracle Corporation)
MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation)
MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle)
MySQL Server 5.6 (HKLM\...\{23EEC459-9E65-4DCE-83B8-A1FDB44B9337}) (Version: 5.6.14 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle)
MySQL Workbench 6.0 CE (HKLM-x32\...\{0B724473-51F5-49E8-958C-4BB3C0AAAF35}) (Version: 6.0.7 - Oracle Corporation)
OpenVPN 2.3.3-I002 (HKLM-x32\...\OpenVPN) (Version: 2.3.3-I002 - )
Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)
PBO Manager v.1.4 beta (HKLM\...\{127B5371-1802-4EDD-A25A-A43BF761D383}) (Version: 1.4.0 - )
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.17 - PremiumSoft CyberTech Ltd.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Restore Points =========================
09-05-2014 14:17:38 Installed SpyHunter
09-05-2014 14:22:37 Removed SpyHunter
09-05-2014 18:16:19 Removed MySQL Connector/ODBC 5.2 64bit (community edition)
09-05-2014 18:16:34 Removed MySQL Connector Net 6.7.4
09-05-2014 18:17:00 Removed Vegas Pro 12.0 (64-bit)
09-05-2014 18:18:50 Removed MySQL Documents 5.6
09-05-2014 18:19:50 Removed MySQL Connector C++ 1.1.3
09-05-2014 18:20:02 Removed MySQL Connector J
09-05-2014 18:50:59 RegClean Pro Fr, Mai 09, 14 20:50
09-05-2014 19:00:29 Installed AVG 2014
09-05-2014 19:01:18 Installed AVG 2014
09-05-2014 19:05:14 Removed AVG 2014
10-05-2014 09:16:12 Installed AVG 2014
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-06-17 17:57 - 00001487 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 csc3-2010-crl.verisign.com
127.0.0.1 ocsp.verisign.com
127.0.0.1 crl.verisign.com
127.0.0.1 download.dm.origin.com
127.0.0.1 secure.download.dm.origin.com
127.0.0.1 loginregistration.dm.origin.com
127.0.0.1 achievements.gameservices.ea.com
127.0.0.1 friends.dm.origin.com
127.0.0.1 avatar.dm.origin.com
127.0.0.1 ecommerce.dm.origin.com
127.0.0.1 static.cdn.ea.com
127.0.0.1 tealium.hs.llnwd.net
127.0.0.1 heartbeat.dm.origin.com
127.0.0.1 web.dm.origin.com
127.0.0.1 store.origin.com
127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com
127.0.0.1 eaassets-a.akamaihd.net
127.0.0.1 ssl.resources.ea.com
127.0.0.1 akamai.cdn.ea.com
127.0.0.1 novafusion.ea.com
127.0.0.1 proxy.novafusion.ea.com
127.0.0.1 ec2-23-23-167-200.compute-1.amazonaws.com
127.0.0.1 dirtybits.dm.origin.com
127.0.0.1 chat.dm.origin.com
127.0.0.1 easo.ea.com
127.0.0.1 ea.com
127.0.0.1 telemetry.simcity.com
127.0.0.1 ec2-54-228-227-181.eu-west-1.compute.amazonaws.com
127.0.0.1 ec2-46-137-177-16.eu-west-1.compute.amazonaws.com
There are 11 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {05E22C15-AD8D-49A8-A9FB-24EB083CA143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {0AFE4B3A-10B7-4F95-BE15-9B6890A1D772} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {0FE2AB4C-4369-4F52-B37B-9659200A1552} - System32\Tasks\CS Browser Assistant 2.0-enabler => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-enabler.exe
Task: {28DDF4E9-308C-46B7-8956-CAB825140E55} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {35B64F17-8457-4CFB-93D3-E3F8C9A8CCE7} - System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe
Task: {471D57E0-CFD6-4BCD-81A5-DC48DC528523} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-03-13] (Intel Corporation)
Task: {5B256E7B-0C95-4D69-AF93-FB157CA177C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {64D2BA3C-A1A6-4109-9ECD-17F4ACEC3375} - System32\Tasks\CS Browser Assistant 2.0-firefoxinstaller => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-firefoxinstaller.exe
Task: {6569A672-7776-4A44-81AE-F0716AC7ED61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
Task: {6C6FECA8-BE1C-4AAA-BDFF-B33B46458425} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {6CE999AF-84EF-4E49-8616-DDC3743629BB} - System32\Tasks\Windows Update Check - 0x140703D5 => C:\ProgramData\folder\mtqadjqbe.exe [] ()
Task: {6F5ADDFB-A153-44D2-9ACB-17122CDFFA38} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {7443E756-0398-43D1-9D61-59DABBAEEFF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {7B778D8D-E9BE-49CC-A92F-9C90CAB6E699} - System32\Tasks\CS Browser Assistant 2.0-updater => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-updater.exe
Task: {8177C1FF-236F-4A57-BF2E-4377EB1A3789} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {8249F99B-ABE1-4602-800E-0C12D0097385} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {983A234F-DDBC-4096-B734-E6FB0DC6278E} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A28EF333-2B66-4651-B2B4-EBD24959D344} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {A41202DF-47E8-4001-B08D-7A3F39007D30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {A54FCA05-0AC2-4FC6-8BF1-3503D65C5F18} - System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe
Task: {B9234F7A-4E44-4A40-B473-441AADF72EC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-09] (Adobe Systems Incorporated)
Task: {BFEBC2D9-3AF3-4A23-8B4E-8C4FE8C0396D} - System32\Tasks\Install_SSD => C:\Users\Gaming
Task: {D557F350-B077-4C75-B95C-1470A27126A7} - System32\Tasks\CS Browser Assistant 2.0-codedownloader => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-codedownloader.exe
Task: {DA79FAB7-8775-4B86-97DC-8E79504B7BD2} - System32\Tasks\CS Browser Assistant 2.0-chromeinstaller => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-chromeinstaller.exe
Task: {FB7CB1B9-2064-45B3-A205-F087A73C561D} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {FCACAD34-56A9-4DEE-A5F7-8D491C3B81B9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-chromeinstaller.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-chromeinstaller.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-codedownloader.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-codedownloader.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-enabler.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-enabler.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-firefoxinstaller.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-firefoxinstaller.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-updater.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-updater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Opera scheduled Uninstall survey 1394193655.job => ?
Task: C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\WS.Booster-S-1839310039.job => c:\programdata\right soft\ws.booster\WS.Booster.exe
==================== Loaded Modules (whitelisted) =============
2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-01-23 08:12 - 2013-01-23 08:12 - 00425016 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2013-09-10 10:04 - 2013-09-10 10:04 - 12915712 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2014-03-19 18:12 - 2014-03-19 18:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-10 15:52 - 2013-03-12 22:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/10/2014 03:00:43 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm FRST64.exe, Version 10.5.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13c0
Startzeit: 01cf6c4fb8cc37c6
Endzeit: 0
Anwendungspfad: C:\Users\Gaming pc\Desktop\FRST64.exe
Berichts-ID: 12ee2654-d843-11e3-9004-d43d7ebdbc00
Error: (05/10/2014 02:59:29 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 00:01:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 11:26:16 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16521, Zeitstempel: 0x53114286
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x714
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/10/2014 11:20:19 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48507263
Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48507263
Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48497279
Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48497279
System errors:
=============
Error: (05/10/2014 02:59:52 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (05/10/2014 02:59:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/10/2014 02:58:51 PM) (Source: Service Control Manager) (User: ) (EventID: 7003)
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.
Error: (05/10/2014 00:03:06 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (05/10/2014 00:01:06 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (05/10/2014 00:00:39 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/10/2014 00:00:33 PM) (Source: Service Control Manager) (User: ) (EventID: 7003)
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.
Error: (05/10/2014 11:22:30 AM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (05/10/2014 11:20:58 AM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (05/10/2014 11:19:47 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (05/10/2014 03:00:43 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: FRST64.exe10.5.2014.013c001cf6c4fb8cc37c60C:\Users\Gaming pc\Desktop\FRST64.exe12ee2654-d843-11e3-9004-d43d7ebdbc00
Error: (05/10/2014 02:59:29 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 00:01:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 11:26:16 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1652153114286unknown0.0.0.000000000c0000005000000000000000071401cf6c31e470cf9cC:\Program Files\Internet Explorer\iexplore.exeunknown22c28630-d825-11e3-b32e-d43d7ebdbc00
Error: (05/10/2014 11:20:19 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48507263
Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48507263
Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48497279
Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48497279
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8120.6 MB
Available physical RAM: 6027.18 MB
Total Pagefile: 16239.38 MB
Available Pagefile: 13560.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:508.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 88570D40)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
10.05.2014, 17:40
| #5 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Hallo, Dein PC ist mit einigen Schädlingen infiziert. Es kann nicht schaden von einem anderen PC aus Logindaten zu ändern. Solange dieser Rechner nicht wieder >clean< ist, würde ich damit keine sensiblen Logins etc. mehr vornehmen. Bitte auch keine weiteren Tools installieren etc. Code:
ATTFilter 09-05-2014 14:17:38 Installed SpyHunter
Schritt 1 Wichtig: Benenne die runtergeladene Combofix.exe vor dem Start in CF.exe um! Ansonsten folge diesen Anweisungen analog: Scan mit Combofix
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
11.05.2014, 09:34
| #6 |
| | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok habs ausgeführt und es gab keine probleme Code:
ATTFilter ComboFix 14-05-10.01 - Gaming pc 11.05.2014 10:21:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8121.6436 [GMT 2:00]
ausgeführt von:: c:\users\Gaming pc\Desktop\CF.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Windows Manager\winmgr.exe
c:\programdata\1382544747.bdinstall.bin
c:\programdata\1382623707.bdinstall.bin
c:\programdata\Folder\mtqadjqbe.exe
c:\programdata\Local Settings\Temp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js
c:\users\Gaming pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Surftastic_iels
c:\users\Gaming pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Whilokii_iels
c:\users\Gaming pc\AppData\Local\nsy525F.tmp
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js
c:\users\Public\AlexaNSISPlugin.4516.dll
c:\windows\ST6UNST.000
c:\windows\SysWow64\Microsoft.com
c:\programdata\Folder . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-11 bis 2014-05-11 ))))))))))))))))))))))))))))))
.
.
2014-05-10 16:02 . 2014-05-10 16:02 -------- d-----w- c:\users\Gaming pc\AppData\Local\Apps
2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\ATI
2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\Apple Computer
2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Local\Avg2014
2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Local\MFAData
2014-05-10 09:47 . 2014-05-10 09:47 -------- d-----w- C:\OETemp
2014-05-10 09:38 . 2014-05-10 13:01 -------- d-----w- C:\FRST
2014-05-10 09:15 . 2014-05-10 09:15 -------- d-----w- c:\program files (x86)\GUMDF08.tmp
2014-05-10 09:15 . 2014-05-10 09:15 6103040 ----a-w- c:\program files (x86)\GUTDF67.tmp
2014-05-09 19:04 . 2014-05-09 19:04 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\TuneUp Software
2014-05-09 18:59 . 2014-05-10 09:17 -------- d-----w- c:\programdata\MFAData
2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\VDLL.DLL
2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\rundll16.exe
2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\RUNDL132.EXE
2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\logo1_.exe
2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\logo_1.exe
2014-05-09 18:40 . 2014-05-09 18:40 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2014-05-09 18:40 . 2014-05-09 18:40 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2014-05-09 18:40 . 2014-05-09 18:40 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2014-05-09 18:40 . 2014-05-09 18:40 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2014-05-09 18:40 . 2014-05-09 18:40 -------- d-----w- c:\programdata\MicroWorld
2014-05-09 18:30 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-09 18:30 . 2014-05-10 09:59 -------- d-----w- C:\AdwCleaner
2014-05-09 18:21 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-09 18:21 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-09 18:21 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-09 17:56 . 2014-05-09 17:56 -------- d-----w- c:\users\Gaming pc\ChromeExtensions
2014-05-09 17:47 . 2014-05-09 17:47 120832 ----a-w- c:\windows\system32\cmlua64.exe
2014-05-09 17:41 . 2014-05-10 09:22 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-05-09 17:37 . 2014-05-09 17:37 -------- d-----w- c:\programdata\AVAST Software
2014-05-09 17:33 . 2014-05-10 10:01 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\Oracle
2014-05-09 14:17 . 2014-05-09 14:17 -------- d-----w- c:\program files\Enigma Software Group
2014-05-09 14:17 . 2014-05-09 14:22 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-09 14:17 . 2014-05-09 14:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-05-09 14:09 . 2014-05-10 10:00 -------- d-----w- c:\program files (x86)\Avira
2014-05-04 14:37 . 2014-05-11 08:27 -------- d-----w- c:\programdata\folder
2014-05-04 10:02 . 2014-05-06 13:54 -------- d-----w- c:\program files (x86)\Breaking
2014-05-03 19:43 . 2013-10-08 07:55 1988096 ----a-w- c:\windows\system32\libmysql_e.dll
2014-05-03 19:43 . 2014-05-03 19:43 -------- d-----w- c:\program files\PremiumSoft
2014-05-03 19:41 . 2014-05-10 09:51 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\MySQL
2014-05-03 19:37 . 2014-05-09 18:19 -------- d-----w- c:\program files\MySQL
2014-05-03 19:36 . 2014-05-09 18:18 -------- d-----w- c:\program files (x86)\MySQL
2014-05-03 19:36 . 2014-05-03 19:37 -------- d-----w- c:\programdata\MySQL
2014-05-01 18:03 . 2014-05-01 18:03 -------- d-----w- c:\program files\PBO Manager v.1.4 beta
2014-04-30 17:49 . 2014-04-30 17:49 -------- d-----w- c:\program files\TAP-Windows
2014-04-30 17:49 . 2014-04-30 17:49 -------- d-----w- c:\program files (x86)\OpenVPN
2014-04-30 17:14 . 2014-04-30 17:14 -------- d-----w- c:\program files (x86)\Overwolf
2014-04-30 17:14 . 2014-04-30 17:14 -------- d-----w- c:\program files (x86)\Common Files\Overwolf
2014-04-30 17:13 . 2014-05-10 15:55 -------- d-----w- c:\users\Gaming pc\AppData\Local\Overwolf
2014-04-30 17:13 . 2014-04-30 17:13 -------- d-----w- c:\users\Gaming pc\AppData\Local\TeamSpeak 3 Client
2014-04-25 18:16 . 2014-05-11 08:25 -------- d-sh--w- c:\program files (x86)\Windows Manager
2014-04-25 18:11 . 2014-04-25 18:16 -------- d-----w- c:\program files (x86)\Kepard
2014-04-25 17:53 . 2014-04-25 17:53 -------- d-----w- c:\program files (x86)\Common Files\Steganos
2014-04-25 09:38 . 2014-04-25 09:38 -------- d-----w- c:\program files (x86)\Common Files\BattlEye
2014-04-25 08:22 . 2014-04-25 08:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87E93FE7-EC4D-46DF-8A2A-139AD922AC5D}\offreg.dll
2014-04-24 11:20 . 2014-04-24 11:20 3019880 ----a-w- c:\program files (x86)\BTSync.exe
2014-04-24 11:20 . 2014-04-24 11:20 1068544 ----a-w- c:\program files (x86)\ApplyUpdate.exe
2014-04-22 12:58 . 2014-05-10 15:28 -------- d-----w- c:\users\Gaming pc\AppData\Local\Arma 3
2014-04-22 12:58 . 2014-04-22 12:58 -------- d-----w- c:\programdata\Bohemia Interactive
2014-04-18 16:56 . 2014-04-22 10:51 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-17 11:04 . 2004-02-22 08:11 764416 --sh--w- c:\windows\SysWow64\devil.dll
2014-04-17 11:04 . 2009-09-27 07:39 415744 --sh--w- c:\windows\SysWow64\avisynth.dll
2014-04-17 11:04 . 2005-07-14 10:31 32256 --sh--w- c:\windows\SysWow64\AVSredirect.dll
2014-04-17 11:04 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\yv12vfw.dll
2014-04-17 11:04 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\i420vfw.dll
2014-04-17 11:00 . 2004-07-02 14:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2014-04-17 11:00 . 2014-04-22 13:49 -------- d-----w- c:\program files (x86)\eRightSoft
2014-04-16 11:23 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87E93FE7-EC4D-46DF-8A2A-139AD922AC5D}\mpengine.dll
2014-04-13 10:29 . 2014-05-11 08:27 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-04-11 15:40 . 2014-04-11 15:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-11 15:40 . 2014-04-11 15:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-09 18:42 . 2014-05-09 18:41 19759335 ----a-w- c:\windows\REGBK00.ZIP
2014-05-09 13:54 . 2013-09-17 13:47 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-09 13:54 . 2013-09-17 13:47 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 15:40 . 2013-09-16 13:19 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-01 06:05 . 2014-03-19 14:56 23133696 ----a-w- c:\windows\system32\mshtml.dll
2014-03-01 05:17 . 2014-03-19 14:56 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 05:16 . 2014-03-19 14:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-19 14:56 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-19 14:56 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-19 14:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-19 14:56 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-19 14:56 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-19 14:56 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-19 14:56 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-19 14:56 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-19 14:56 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-19 14:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-19 14:56 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:11 . 2014-03-19 14:56 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-03-01 04:02 . 2014-03-19 14:56 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-19 14:56 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-19 14:56 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-19 14:56 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-19 14:56 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-19 14:56 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-19 14:56 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-19 14:56 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-19 14:56 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-19 14:56 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-19 14:56 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-19 14:56 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-19 14:56 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-19 14:56 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-19 14:56 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-01-07 14:58 . 2014-01-07 12:56 820984 ----a-w- c:\program files (x86)\DragonsProphetSetup.exe
2014-01-07 14:58 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-9.bin
2014-01-07 14:56 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-8.bin
2014-01-07 14:54 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-7.bin
2014-01-07 14:51 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-6.bin
2014-01-07 14:49 . 2014-01-07 12:56 92102186 ----a-w- c:\program files (x86)\DragonsProphetSetup-51.bin
2014-01-07 14:48 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-50.bin
2014-01-07 14:45 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-5.bin
2014-01-07 14:43 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-49.bin
2014-01-07 14:40 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-48.bin
2014-01-07 14:38 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-47.bin
2014-01-07 14:36 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-46.bin
2014-01-07 14:33 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-45.bin
2014-01-07 14:31 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-44.bin
2014-01-07 14:28 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-43.bin
2014-01-07 14:26 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-42.bin
2014-01-07 14:24 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-41.bin
2014-01-07 14:21 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-40.bin
2014-01-07 14:19 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-4.bin
2014-01-07 14:16 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-39.bin
2014-01-07 14:14 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-38.bin
2014-01-07 14:12 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-37.bin
2014-01-07 14:09 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-36.bin
2014-01-07 14:07 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-35.bin
2014-01-07 14:04 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-34.bin
2014-01-07 14:02 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-33.bin
2014-01-07 14:00 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-32.bin
2014-01-07 13:57 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-31.bin
2014-01-07 13:55 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-30.bin
2014-01-07 13:52 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-3.bin
2014-01-07 13:50 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-29.bin
2014-01-07 13:48 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-28.bin
2014-01-07 13:45 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-27.bin
2014-01-07 13:43 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-26.bin
2014-01-07 13:40 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-25.bin
2014-01-07 13:38 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-24.bin
2014-01-07 13:36 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-23.bin
2014-01-07 13:33 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-22.bin
2014-01-07 13:31 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-21.bin
2014-01-07 13:28 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-20.bin
2014-01-07 13:26 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-2.bin
2014-01-07 13:24 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-19.bin
2014-01-07 13:21 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-18.bin
2014-01-07 13:19 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-17.bin
2014-01-07 13:16 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-16.bin
2014-01-07 13:14 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-15.bin
2014-01-07 13:12 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-14.bin
2014-01-07 13:09 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-13.bin
2014-01-07 13:07 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-12.bin
2014-01-07 13:04 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-11.bin
2014-01-07 13:02 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-10.bin
2014-01-07 12:59 . 2014-01-07 12:56 208900096 ----a-w- c:\program files (x86)\DragonsProphetSetup-1.bin
2009-09-27 07:39 415744 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11 764416 --sh--w- c:\windows\SysWOW64\devil.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2014-03-05 37664]
"MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe" [2013-07-05 762368]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-12-06 389120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2014-03-27 314896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
.
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Util Surftastic;Util Surftastic;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe [x]
R3 ALSysIO;ALSysIO;c:\users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 14:40 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17 13:54]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24 15:57]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24 15:57]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job
- c:\users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27 10:12]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job
- c:\users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27 10:12]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
uStart Page = hxxp://www.bing.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-10 - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Wow6432Node-HKCU-Run-adminkey - c:\programdata\folder\mtqadjqbe.exe
Wow6432Node-HKLM-Run-d2be3e6d11846430c067fc874a79f583 - c:\users\Gaming pc\AppData\Local\Temp\java.exe
Wow6432Node-HKLM-Run-ApnTBMon - c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
Toolbar-10 - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
AddRemove-d8be6c3f847d7d92 - c:\users\Gaming pc\AppData\Local\Apps\2.0\N58WLDKM.V42\H71K9KWH.5Q6\laun...app_59711684aa47878d_0001.0023_c2562620c05acb90\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1761028741-3533212565-443726766-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,de,e2,59,04,e5,f6,40,27,81,e2,ee,57,80,96,f3,d5,19,98,9a,8f,
80,14,09,20,bd,5e,12,5f,b6,e2,65,af,02,56,a9,52,3a,11,b5,0e,a6,75,ab,5b,cc,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-11 10:31:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-11 08:31
.
Vor Suchlauf: 23 Verzeichnis(se), 541.242.998.784 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 541.675.495.424 Bytes frei
.
- - End Of File - - 981B29E1437A31E18C3AC8DE66187C38
A36C5E4F47E84449FF07ED3517B43A31
|
|
11.05.2014, 11:31
| #7 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok, gute Arbeit Manuel! Schritt 1 Scan mit  Malwarebytes AntimalwareUnter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits". Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten". Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...) Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle. Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread. Schritt 2
Schritt 3   Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. |
| admin, aktiviere, aktivieren, angemeldet, antimalwareprogramme, avira, avira funktioniert nicht, berechtigungen, deaktiviert, festgestellt, firewall, firewall deaktiviert, gemeldet, gestellt, gestern, hoffe, installier, installiert, malwarebytes, malwarebytes geht nicht, meldung, nicht mehr, nicht mehr öffnen, problem, windows, windows firewall, öffnen |
WARNUNG an die MITLESER: 
Adwarecleaner.
Hybrid-Darstellung
