![]() |
|
Plagegeister aller Art und deren Bekämpfung: Im Hintergrund läuft nicht auffindbare (audio) WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
|
![]() | #1 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Im Hintergrund läuft nicht auffindbare (audio) Werbung hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | #2 | |
| ![]() Im Hintergrund läuft nicht auffindbare (audio) WerbungZitat:
Code:
ATTFilter ComboFix 14-10-29.01 - jan 30.10.2014 23:09:35.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8141.5542 [GMT 1:00] ausgeführt von:: c:\users\jan\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1414458381.208.bin c:\programdata\1414458381.7344.bin c:\programdata\1414458381.8164.bin c:\programdata\1414458381.8380.bin c:\programdata\1414459636.bdinstall.bin c:\programdata\1414464457.bdinstall.bin c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk c:\windows\msdownld.tmp . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Adobe Licensing Console . . ((((((((((((((((((((((( Dateien erstellt von 2014-09-28 bis 2014-10-30 )))))))))))))))))))))))))))))) . . 2014-10-30 22:41 . 2014-10-30 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-10-30 22:41 . 2014-10-30 22:41 -------- d-----w- c:\users\paps\AppData\Local\temp 2014-10-30 22:41 . 2014-10-30 22:41 -------- d-----w- c:\users\Padmin\AppData\Local\temp 2014-10-30 22:02 . 2014-10-30 22:02 -------- d-sh--w- c:\users\jan\AppData\Local\EmieUserList 2014-10-30 22:02 . 2014-10-30 22:02 -------- d-sh--w- c:\users\jan\AppData\Local\EmieSiteList 2014-10-29 21:51 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA67CE2-D705-43CF-9576-170D2AD4F8C1}\mpengine.dll 2014-10-28 20:41 . 2014-10-29 06:36 -------- d-----w- C:\FRST 2014-10-28 00:56 . 2014-10-28 00:56 -------- d-----w- c:\programdata\Dumps 2014-10-27 02:16 . 2014-10-27 02:16 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys 2014-10-27 02:16 . 2014-10-27 02:16 74512 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll 2014-10-27 01:44 . 2014-10-27 01:44 -------- d-----w- c:\programdata\BDLogging 2014-10-27 01:44 . 2013-11-04 14:47 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2014-10-27 01:44 . 2013-11-04 14:47 74512 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll 2014-10-27 01:44 . 2007-04-11 10:11 511328 ----a-w- c:\windows\capicom.dll 2014-10-27 01:44 . 2012-11-02 12:17 261056 ----a-w- c:\windows\system32\drivers\avchv.sys 2014-10-27 01:40 . 2014-10-27 01:47 -------- d-----w- c:\programdata\Bitdefender 2014-10-27 01:40 . 2013-11-04 14:47 84848 ----a-w- c:\windows\system32\BDSandBoxUISkin.dll 2014-10-27 01:40 . 2013-11-04 14:46 34384 ----a-w- c:\windows\system32\BDSandBoxUH.dll 2014-10-27 01:40 . 2014-10-27 01:40 -------- d-----w- c:\program files\Bitdefender 2014-10-27 01:40 . 2014-10-27 01:40 -------- d-----w- c:\users\jan\AppData\Roaming\QuickScan 2014-10-27 01:40 . 2014-10-27 01:40 -------- d-----w- c:\program files\Common Files\Bitdefender 2014-10-27 01:40 . 2014-10-27 01:40 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender 2014-10-26 23:13 . 2014-10-26 23:13 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2014-10-25 22:03 . 2014-02-17 11:41 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2014-10-25 02:34 . 2014-10-25 02:34 319912 ----a-w- c:\windows\system32\javaws.exe 2014-10-25 02:34 . 2014-10-25 02:34 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-10-25 02:34 . 2014-10-25 02:34 189352 ----a-w- c:\windows\system32\javaw.exe 2014-10-25 02:34 . 2014-10-25 02:34 189352 ----a-w- c:\windows\system32\java.exe 2014-10-25 02:33 . 2014-10-25 02:33 125952 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys 2014-10-25 02:33 . 2014-10-25 02:33 -------- d-----w- c:\program files\Synaptics 2014-10-25 02:33 . 2014-10-25 02:33 33008 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2014-10-25 02:33 . 2014-10-25 02:33 49048 ----a-w- c:\windows\system32\drivers\asahci64.sys 2014-10-25 02:32 . 2014-10-25 02:32 941784 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2014-10-25 02:32 . 2014-10-25 02:32 73800 ----a-w- c:\windows\system32\RtNicProp64.dll 2014-10-25 02:32 . 2014-10-25 02:32 110080 ----a-w- c:\windows\system32\DelayAPO.dll 2014-10-25 02:32 . 2014-10-25 02:32 94720 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2014-10-25 02:30 . 2014-10-25 02:30 98816 ----a-w- c:\windows\system32\OpenVideo64.dll 2014-10-25 02:30 . 2014-10-25 02:30 91648 ----a-w- c:\windows\system32\mantleaxl64.dll 2014-10-25 02:30 . 2014-10-25 02:30 86528 ----a-w- c:\windows\system32\OVDecode64.dll 2014-10-25 02:30 . 2014-10-25 02:30 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll 2014-10-25 02:30 . 2014-10-25 02:30 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2014-10-25 02:30 . 2014-10-25 02:30 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll 2014-10-25 02:30 . 2014-10-25 02:30 127488 ----a-w- c:\windows\system32\mantle64.dll 2014-10-25 02:30 . 2014-10-25 02:30 113664 ----a-w- c:\windows\SysWow64\mantle32.dll 2014-10-25 02:30 . 2014-10-25 02:30 827392 ----a-w- c:\windows\system32\coinst_14.30.dll 2014-10-25 02:30 . 2014-10-25 02:30 235008 ----a-w- c:\windows\system32\clinfo.exe 2014-10-25 02:30 . 2014-10-25 02:30 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2014-10-25 01:26 . 2014-10-25 01:26 -------- d-----w- c:\users\jan\AppData\Roaming\ProductData 2014-10-25 01:25 . 2014-10-25 01:25 -------- d-----w- c:\users\jan\AppData\Roaming\Apple Computer 2014-10-25 01:25 . 2014-10-30 08:46 -------- d-----w- c:\programdata\ProductData 2014-10-25 01:25 . 2014-10-25 01:25 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-10-25 01:25 . 2014-10-25 02:16 -------- d-----w- c:\programdata\IObit 2014-10-25 01:25 . 2014-10-30 22:01 -------- d-----w- c:\program files (x86)\IObit 2014-10-25 01:23 . 2014-10-25 01:50 -------- d-----w- c:\users\jan\AppData\Roaming\IObit 2014-10-24 07:24 . 2014-10-24 07:24 -------- d-----w- c:\users\Default\AppData\Local\Mozilla 2014-10-15 15:38 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll 2014-10-14 19:43 . 2014-10-14 19:43 -------- d-----w- c:\programdata\Insight Software Solutions 2014-10-04 08:48 . 2014-10-04 08:48 -------- d-----w- c:\program files (x86)\predm 2014-10-01 10:11 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-10-01 10:11 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-30 22:46 . 2014-03-01 14:55 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-10-25 02:34 . 2012-11-03 15:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-10-25 02:34 . 2012-11-03 15:12 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-10-25 02:32 . 2012-10-24 10:35 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2014-10-25 02:30 . 2012-12-19 19:44 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll 2014-10-25 02:30 . 2012-04-06 01:09 144328 ----a-w- c:\windows\system32\atiuxp64.dll 2014-10-25 02:30 . 2012-12-19 20:50 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll 2014-10-25 02:30 . 2013-12-06 21:57 8044976 ----a-w- c:\windows\system32\atiumd6a.dll 2014-10-25 02:30 . 2013-12-06 21:56 8296296 ----a-w- c:\windows\system32\atiumd64.dll 2014-10-25 02:29 . 2012-12-19 19:31 118096 ----a-w- c:\windows\system32\atiu9p64.dll 2014-10-25 02:29 . 2012-12-19 19:30 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2014-10-25 02:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2014-10-25 02:29 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll 2014-10-25 02:29 . 2012-04-06 01:54 10826488 ----a-w- c:\windows\system32\atidxx64.dll 2014-10-25 02:29 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll 2014-10-25 02:29 . 2012-09-28 01:43 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll 2014-10-25 02:29 . 2012-04-06 02:20 1335544 ----a-w- c:\windows\system32\aticfx64.dll 2014-10-25 02:29 . 2014-04-18 01:09 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2014-10-25 02:29 . 2013-12-06 20:22 1210880 ----a-w- c:\windows\system32\atiadlxx.dll 2014-10-25 02:29 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-10-25 02:29 . 2014-04-18 02:19 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll 2014-10-15 21:48 . 2012-10-24 13:09 103265616 ----a-w- c:\windows\system32\MRT.exe 2014-10-02 13:53 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe 2014-09-09 22:11 . 2014-09-26 09:21 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-26 09:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-04 20:52 . 2012-12-30 16:47 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-09-04 20:52 . 2014-05-01 12:34 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-09-04 20:52 . 2014-01-03 13:57 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-09-04 20:52 . 2013-03-18 11:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-09-04 20:52 . 2013-03-18 11:06 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-09-04 20:52 . 2012-12-30 16:47 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-09-04 20:52 . 2012-12-30 16:47 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-09-04 20:52 . 2012-12-30 16:47 307344 ----a-w- c:\windows\system32\aswBoot.exe 2014-09-04 20:52 . 2012-12-30 16:47 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-09-04 20:52 . 2014-09-04 20:52 43152 ----a-w- c:\windows\avastSS.scr 2014-09-04 19:45 . 2014-09-04 19:45 1241155 ----a-w- c:\windows\SysWow64\lnsecsl.exe 2014-09-02 07:44 . 2012-07-17 12:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-23 02:07 . 2014-09-01 20:13 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-09-01 20:13 311808 ----a-w- c:\windows\SysWow64\gdi32.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft AutoScreenRecorder 3.1 Free"="0" [X] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-10-24 133400] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-09-03 2237328] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-09-19 606024] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "Arc"="c:\games\newerwinter (arc)\Arc\ArcLauncher.exe" [2013-10-10 129384] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-04 4085896] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x] R3 ArcService;Arc Service;c:\games\newerwinter (arc)\Arc\ArcService.exe;c:\games\newerwinter (arc)\Arc\ArcService.exe [x] R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 GPU-Z;GPU-Z;c:\users\jan\AppData\Local\Temp\GPU-Z.sys;c:\users\jan\AppData\Local\Temp\GPU-Z.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 VsEtwService120;Visual Studio ETW-Ereignisauflistungsdienst;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x] S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\games\tribes ascend\HiPatchService.exe;c:\games\tribes ascend\HiPatchService.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2014-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 02:34] . 2014-10-30 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 10:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13671640] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.duckduckgo.de/ mLocal Page = c:\windows\SysWOW64\blank.htm mStart Page = about:blank mSearch Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl uSearchAssistant = hxxp://www.google.com IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 192.168.18.1 FF - ProfilePath - c:\users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\wwr93b21.default-1410014549966\ FF - prefs.js: browser.search.selectedEngine - Google FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file) Toolbar-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file) WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file) ShellIconOverlayIdentifiers-{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - (no file) ShellIconOverlayIdentifiers-{853B7E05-C47D-4985-909A-D0DC5C6D7303} - (no file) ShellIconOverlayIdentifiers-{42D38F2E-98E9-4382-B546-E24E4D6D04BB} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2305584309-2288151904-3530611227-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c4,4c,79,6b,a6,1e,af,6c,32,6e,c1,25,b8,f0,e7,11,d7,c7,f3,87,6c,db,22, 33,36,36,8c,7f,cb,e6,b1,4a,d3,e8,cc,9f,e8,59,97,a3,58,29,79,81,c7,16,d6,e7,\ "??"=hex:d7,39,e6,92,e4,9f,45,fd,4d,aa,98,e8,1d,c3,f4,28 . [HKEY_USERS\S-1-5-21-2305584309-2288151904-3530611227-1000\Software\SecuROM\License information*] "datasecu"=hex:f8,43,05,63,c7,e5,1b,89,42,99,87,97,ba,d6,7e,f3,d3,c0,29,97,18, 04,82,e2,17,dd,20,56,55,e1,c8,a8,f6,f2,c2,78,73,72,d7,c9,f9,93,20,6e,81,0d,\ "rkeysecu"=hex:fd,44,ad,66,4e,8b,68,c4,c9,a3,ca,e1,e3,37,a0,e9 . [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-10-30 23:51:28 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-10-30 22:51 . Vor Suchlauf: 13 Verzeichnis(se), 130.629.017.600 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 130.463.342.592 Bytes frei . - - End Of File - - 5C194660BB40370BAD2567BD56EF9A4A ![]() |
![]() |
Themen zu Im Hintergrund läuft nicht auffindbare (audio) Werbung |
administrator, adobe, adobe flash player, avast, bitdefender 2015, bluestacks, driver booster, explorer, fehlercode 0x3, fehlercode 0xc0000005, fehlercode windows, flash player, google, homepage, mozilla, pup.optional.downloadsponsor, security, services.exe, svchost.exe, teamspeak, this device cannot start. (code10), werbung, windows |