TR/CoinMiner.J C:\Windows\temp\svhost.exe

Hadschott · 08.06.2015, 01:04

Hallo

Ich habe seit gestern das Problem mit TR/CoinMiner.J egal wie oft ich ihn lösche oder welches pro gram ich ihm entgegen schmeiße beim Nächsten System start ist er wieder da...

Avira erkeent es jedes mal aber is unfähig es zu löschen. (Oder eher Findet den aktiven part und jedes mal wenn ich den Pc neustarte wird das Programm neu geschrieben...)

Malwarebytes reagiert genau so wie Avira, also es löscht das Programm aber das bringt nichts.

Und nach einigen stöbern im Internet bin ich auch auf nichts vernümftiges gestoßen.

Wäre sehr dankbar für ein bisschen Hilfe.

AdwCleaner:

Log 1AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 08/06/2015 um 01:15:02
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Hadschott - HADSCHOTT-PC
# Gestarted von : C:\Users\Hadschott\Downloads\AdwCleaner.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Hadschott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [1342 Bytes] - [08/06/2015 01:15:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1401 Bytes] ##########

--- --- ---
Log 2AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 08/06/2015 um 01:15:57
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Hadschott - HADSCHOTT-PC
# Gestarted von : C:\Users\Hadschott\Downloads\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Hadschott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [1484 Bytes] - [08/06/2015 01:15:02]
AdwCleaner[S0].txt - [1358 Bytes] - [08/06/2015 01:15:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1417  Bytes] ##########

--- --- ---

ComboFix:

Log 1
Combofix Logfile:

Code:

ATTFilter

ComboFix 15-05-31.01 - Hadschott 08.06.2015   1:41.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.16327.14177 [GMT 2:00]
ausgeführt von:: c:\users\Hadschott\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Hadschott\Desktop\CFScript.txt.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HADSCH~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Hadschott\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-07 bis 2015-06-07  ))))))))))))))))))))))))))))))
.
.
2015-06-07 23:43 . 2015-06-07 23:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-07 23:17 . 2015-06-07 23:17	--------	d-----w-	C:\RegBackup
2015-06-07 23:14 . 2015-06-07 23:15	--------	d-----w-	C:\AdwCleaner
2015-06-07 22:50 . 2015-06-07 22:50	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-06-07 22:49 . 2015-06-07 22:49	69888	----a-w-	c:\windows\system32\drivers\stream.sys
2015-06-07 22:46 . 2015-06-07 22:46	4467928	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2015-06-07 22:46 . 2015-06-07 22:46	2907864	----a-w-	c:\windows\system32\RtPgEx64.dll
2015-06-07 22:46 . 2015-06-07 22:46	2702040	----a-w-	c:\windows\system32\RTSnMg64.cpl
2015-06-07 22:46 . 2015-06-07 22:46	1316056	----a-w-	c:\windows\system32\RTCOM64.dll
2015-06-07 22:46 . 2015-06-07 22:46	1739992	----a-w-	c:\windows\system32\RCoInstII64.dll
2015-06-07 22:40 . 2015-06-07 22:40	12872	----a-w-	c:\windows\system32\bootdelete.exe
2015-06-07 22:34 . 2015-06-07 22:34	--------	d-----w-	c:\program files\HitmanPro
2015-06-07 22:34 . 2015-06-07 22:37	--------	d-----w-	c:\programdata\HitmanPro
2015-06-03 11:49 . 2015-06-03 11:49	--------	d-----w-	c:\users\Hadschott\AppData\Roaming\Zerahypt
2015-06-01 19:07 . 2015-05-28 03:52	571024	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2015-05-25 01:33 . 2015-05-25 01:33	--------	d-----w-	c:\windows\Trainer
2015-05-21 18:18 . 2015-05-28 07:04	14987528	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2015-05-21 18:18 . 2015-05-13 06:52	31552	----a-w-	c:\windows\system32\nvhdap64.dll
2015-05-21 18:18 . 2015-05-13 06:52	195912	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2015-05-21 18:18 . 2015-05-12 06:27	1898312	----a-w-	c:\windows\system32\nvdispco6435286.dll
2015-05-21 18:18 . 2015-05-12 06:27	1557648	----a-w-	c:\windows\system32\nvdispgenco6435286.dll
2015-05-21 18:15 . 2015-06-07 23:43	--------	d-----w-	c:\programdata\NVIDIA
2015-05-21 18:15 . 2015-05-28 04:15	937288	----a-w-	c:\windows\system32\nvvsvc.exe
2015-05-21 18:15 . 2015-05-28 04:15	62608	----a-w-	c:\windows\system32\nvshext.dll
2015-05-21 18:15 . 2015-05-28 04:15	385168	----a-w-	c:\windows\system32\nvmctray.dll
2015-05-21 18:15 . 2015-05-28 04:15	3491984	----a-w-	c:\windows\system32\nvsvc64.dll
2015-05-21 18:15 . 2015-05-28 04:15	2558608	----a-w-	c:\windows\system32\nvsvcr.dll
2015-05-21 18:15 . 2015-05-28 04:15	6872904	----a-w-	c:\windows\system32\nvcpl.dll
2015-05-21 18:15 . 2015-05-27 10:48	4408727	----a-w-	c:\windows\system32\nvcoproc.bin
2015-05-21 18:15 . 2015-05-28 07:04	112968	----a-w-	c:\windows\system32\OpenCL.dll
2015-05-21 18:15 . 2015-05-28 07:04	105288	----a-w-	c:\windows\SysWow64\OpenCL.dll
2015-05-18 23:51 . 2014-11-22 10:46	38032	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2015-05-18 23:51 . 2014-11-22 10:46	35472	----a-w-	c:\windows\system32\nvaudcap64v.dll
2015-05-18 23:51 . 2014-11-22 10:46	32400	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2015-05-18 23:29 . 2015-06-04 23:02	--------	d-----w-	c:\users\Hadschott\AppData\Local\GalaxyCommunicationService
2015-05-13 14:04 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:04 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:52 . 2015-05-13 13:52	--------	d-----w-	c:\program files (x86)\GalaxyClient
2015-05-13 13:52 . 2015-05-13 13:52	--------	d-----w-	c:\programdata\GOG.com
2015-05-13 13:47 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-07 23:28 . 2014-08-24 16:45	1048576	----a-w-	c:\windows\PE_Rom.dll
2015-06-07 22:51 . 2015-06-07 22:51	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-06-07 22:49 . 2015-06-07 22:49	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-06-07 22:49 . 2015-06-07 22:49	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-06-07 22:49 . 2015-06-07 22:49	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-06-07 22:49 . 2015-06-07 22:49	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-06-07 22:49 . 2015-06-07 22:49	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-06-07 22:41 . 2015-05-06 18:02	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-28 07:04 . 2015-04-16 07:57	2986392	----a-w-	c:\windows\SysWow64\nvapi.dll
2015-05-28 07:04 . 2015-04-16 07:57	17486856	----a-w-	c:\windows\system32\nvwgf2umx.dll
2015-05-28 07:04 . 2015-04-16 07:57	12852152	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2015-05-13 14:08 . 2013-04-22 14:17	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-05-13 06:52 . 2015-04-16 07:57	1558848	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2015-05-07 14:00 . 2014-07-04 19:25	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-07 14:00 . 2014-07-04 19:25	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-04-15 03:40 . 2015-01-13 14:58	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-15 03:08 . 2015-04-15 03:08	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-04-15 03:08 . 2015-04-15 03:08	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-04-15 03:08 . 2015-04-15 03:08	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-04-15 03:08 . 2015-04-15 03:08	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-04-15 03:08 . 2015-04-15 03:08	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-04-15 03:08 . 2015-04-15 03:08	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-04-15 03:08 . 2015-04-15 03:08	367552	----a-w-	c:\windows\system32\clfs.sys
2015-04-15 03:06 . 2015-04-15 03:06	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-04-15 03:06 . 2015-04-15 03:06	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-04-15 03:06 . 2015-04-15 03:06	754688	----a-w-	c:\windows\system32\drivers\http.sys
2015-04-15 03:06 . 2015-04-15 03:06	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-04-15 03:06 . 2015-04-15 03:06	91136	----a-w-	c:\windows\system32\wdi.dll
2015-04-15 03:06 . 2015-04-15 03:06	76800	----a-w-	c:\windows\SysWow64\wdi.dll
2015-04-15 03:06 . 2015-04-15 03:06	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-04-15 03:06 . 2015-04-15 03:06	861696	----a-w-	c:\windows\system32\oleaut32.dll
2015-04-15 03:06 . 2015-04-15 03:06	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2015-04-15 02:20 . 2015-04-15 02:20	203672	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2015-04-15 02:20 . 2015-04-15 02:20	30360	----a-w-	c:\windows\system32\drivers\iaStorF.sys
2015-04-15 02:20 . 2015-04-15 02:20	1398936	----a-w-	c:\windows\system32\drivers\iaStorA.sys
2015-04-15 02:19 . 2015-04-15 02:19	129312	----a-w-	c:\windows\system32\drivers\TeeDriverx64.sys
2015-04-15 02:19 . 2015-04-15 02:19	72113152	----a-w-	c:\windows\system32\RCoRes64.dat
2015-04-15 02:19 . 2015-04-15 02:19	631000	----a-w-	c:\windows\system32\RtDataProc64.dll
2015-04-15 02:19 . 2015-04-15 02:19	3218800	----a-w-	c:\windows\system32\RtkApi64.dll
2015-04-15 02:19 . 2015-04-15 02:19	2808176	----a-w-	c:\windows\system32\RltkAPO64.dll
2015-04-14 07:37 . 2015-05-06 18:02	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-05-06 18:02	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2015-05-06 18:02	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-13 18:28 . 2014-07-26 19:46	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-13 18:28 . 2014-07-26 19:46	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-09 00:58 . 2015-04-16 07:57	1895568	----a-w-	c:\windows\system32\nvdispco6435012.dll
2015-04-09 00:58 . 2015-04-16 07:57	1557648	----a-w-	c:\windows\system32\nvdispgenco6435012.dll
2015-03-23 03:25 . 2015-04-15 03:40	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 03:40	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 03:40	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 03:40	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 03:40	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 03:40	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 03:40	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 03:40	1111552	----a-w-	c:\windows\system32\aeinv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-04 14:24	220608	----a-w-	c:\users\Hadschott\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-04 14:24	220608	----a-w-	c:\users\Hadschott\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-04 14:24	220608	----a-w-	c:\users\Hadschott\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-03-06 292848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-07 728312]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 PNPMEM;Microsoft Speichermodultreiber;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SaiK1703;SaiK1703;c:\windows\system32\DRIVERS\SaiK1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1703.sys [x]
S3 SaiU1703;SaiU1703;c:\windows\system32\DRIVERS\SaiU1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1703.sys [x]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-25 20:45	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-26 18:28]
.
2015-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04 19:16]
.
2015-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-04 14:24	244672	----a-w-	c:\users\Hadschott\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-04 14:24	244672	----a-w-	c:\users\Hadschott\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-04 14:24	244672	----a-w-	c:\users\Hadschott\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-15 8447192]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2012-08-22 12935168]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\HADSCH~1\AppData\Local\Temp\ie_script.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 80.69.100.214 80.69.100.110
TCP: Interfaces\{95CBB3F9-893E-4DDE-AD0E-78A2B13E8AF9}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-08  01:44:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-07 23:44
ComboFix2.txt  2015-06-07 23:26
.
Vor Suchlauf: 16 Verzeichnis(se), 146.118.516.736 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 145.665.245.184 Bytes frei
.
- - End Of File - - AF0FF58A203AAA788105F43A1EC19D04

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

TR/CoinMiner.J C:\Windows\temp\svhost.exe

Plagegeister aller Art und deren Bekämpfung: TR/CoinMiner.J C:\Windows\temp\svhost.exe

TR/CoinMiner.J C:\Windows\temp\svhost.exe

Ähnliche Themen: TR/CoinMiner.J C:\Windows\temp\svhost.exe