| |
| |||||||
Log-Analyse und Auswertung: nicht identifizierbare Prozesse ohne dateipfad im taskmanager,rechner wird immer langsamer,windows abstürzeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.08.2016, 14:19
| #1 |
 |  nicht identifizierbare Prozesse ohne dateipfad im taskmanager,rechner wird immer langsamer,windows abstürze Hallo,habe seit einiger zeit ein Problem das immer mehr Prozesse im Taskmanager auftauchen,die Fehler verursachen,-eigentlich sehen die Namen der Prozesse normal aus allerdings gibt es keinen dateipfad und beenden lassen die sich auch nicht,ziehen nur jede menge leistung und mein windows hat sich schon mehrere male aufgehängt dadurch,habe bis jetzt nur Adwcleaner drüberlaufen lassen der beim ersten mal etwas gefunden und auch entfernt hatte-das war vor 2 wochen,habe heute nach dem letzten crash nochmals drüberlaufen lassen und wieder wurde adwcleaner fündig AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.201 - Bericht erstellt am 09/08/2016 um 14:51:25
# Aktualisiert am 30/06/2016 von ToolsLib
# Datenbank : 2016-08-08.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : PsychoMantis - SCHNARCHNASE
# Gestartet von : C:\Users\PsychoMantis\Desktop\adwcleaner_5.201.exe
# Option : Suchlauf
# Unterstützung : https://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
Ordner gefunden : C:\Users\PsychoMantis\AppData\Local\Geckofx
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [8081 Bytes] - [25/11/2015 01:58:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [1770 Bytes] - [23/07/2016 17:44:39]
C:\AdwCleaner\AdwCleaner[S10].txt - [1732 Bytes] - [09/08/2016 14:30:53]
C:\AdwCleaner\AdwCleaner[S11].txt - [999 Bytes] - [09/08/2016 14:51:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [3585 Bytes] - [25/11/2015 01:57:23]
C:\AdwCleaner\AdwCleaner[S2].txt - [840 Bytes] - [30/11/2015 08:55:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [737 Bytes] - [03/12/2015 05:51:39]
C:\AdwCleaner\AdwCleaner[S4].txt - [718 Bytes] - [27/12/2015 01:39:18]
C:\AdwCleaner\AdwCleaner[S5].txt - [1132 Bytes] - [09/04/2016 07:57:02]
C:\AdwCleaner\AdwCleaner[S6].txt - [1277 Bytes] - [09/04/2016 07:58:58]
C:\AdwCleaner\AdwCleaner[S7].txt - [1375 Bytes] - [03/05/2016 07:02:19]
C:\AdwCleaner\AdwCleaner[S8].txt - [5100 Bytes] - [01/06/2016 19:13:44]
C:\AdwCleaner\AdwCleaner[S9].txt - [1585 Bytes] - [23/07/2016 17:42:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [1726 Bytes] ##########
desweiteren habe ich nur noch ein Scan mit Hijack this gemacht HijackThis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 14:52:51, on 09.08.2016 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18377) FIREFOX: 47.0 (x86 de) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe C:\Users\PsychoMantis\Desktop\Verknüpfungen\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [Sound Blaster Tactic3D Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe" /r O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 7460 bytes ansonsten habe ich keinerlei anti-viren software installiert da diese mir zuviel leistung ziehen die ich für games benötige,-meine hardware : AMD Phenom II X4 970 ,mainboard :Gigabyte GA-870A-UD3 ,Kingston 8GB ram,NVIDIA Geforce GT 630 4GB,3TB Festplatte von Toshiba,Betriebsystem ist Windows 7 Home Premium 64-bit da ich von Viren und Trojaner kaum eine ahnung habe hoffe ich das ihr mir helfen könnt, denn eine Neuinstallation wäre ein ziemlich langwieriges unterfangen  Habe eben noch ComboFix laufen lassen ,hier noch die Log file davon: Combofix Logfile: Code:
ATTFilter ComboFix 16-08-03.01 - PsychoMantis 09.08.2016 15:23:30.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7422.5845 [GMT 2:00]
ausgeführt von:: c:\users\PsychoMantis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2016-07-09 bis 2016-08-09 ))))))))))))))))))))))))))))))
.
.
2016-08-09 13:27 . 2016-08-09 13:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-08-09 13:27 . 2016-08-09 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-08-07 13:06 . 2016-08-07 13:10 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\WinFellow
2016-08-07 12:29 . 2016-08-07 12:34 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\dp3d
2016-08-05 18:02 . 2016-08-05 18:03 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\com.togeproductions.survivors
2016-08-04 14:38 . 2016-08-04 14:38 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\11bitstudios
2016-08-03 06:13 . 2016-08-03 06:13 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\Fallout
2016-07-31 06:10 . 2016-07-31 06:10 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\Kalypso Media
2016-07-29 05:18 . 2016-07-29 05:18 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\Vendetta
2016-07-28 01:25 . 2016-07-28 01:25 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-26 23:19 . 2016-07-26 23:19 -------- d-----w- c:\users\PsychoMantis\AppData\Local\KADOKAWA
2016-07-25 03:49 . 2016-07-25 03:49 -------- d-----w- c:\program files (x86)\Common Files\Enterbrain
2016-07-23 19:44 . 2016-07-23 19:44 -------- d-----w- c:\users\PsychoMantis\AppData\Local\Geckofx
2016-07-23 01:52 . 2016-07-23 08:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2016-07-22 23:22 . 2016-07-22 23:23 -------- d-----w- c:\users\PsychoMantis\AppData\Local\Bethesda.net Launcher
2016-07-22 23:22 . 2016-07-25 10:03 -------- d-----w- c:\program files (x86)\Bethesda.net Launcher
2016-07-20 17:00 . 2016-07-20 20:47 -------- d-----w- c:\programdata\BlueStacksSetup
2016-07-19 22:33 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B17D2AC-4678-4F8A-BE70-BD16398491D3}\mpengine.dll
2016-07-19 03:56 . 2016-07-19 03:56 -------- d-----w- c:\users\PsychoMantis\AppData\Roaming\Firefly Studios
2016-07-17 22:15 . 2016-07-17 22:15 -------- d-----w- c:\program files (x86)\Wildfire Software
2016-07-16 10:03 . 2016-07-16 10:03 -------- d-----w- c:\programdata\Gaijin
2016-07-16 09:03 . 2016-07-11 02:13 1887800 ----a-w- c:\windows\system32\NvCamera64.dll
2016-07-16 09:03 . 2016-07-11 02:13 1595840 ----a-w- c:\windows\SysWow64\NvCamera32.dll
2016-07-16 09:03 . 2016-07-10 22:36 127424 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-07-16 09:03 . 2016-05-04 02:23 129824 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-07-16 09:03 . 2016-05-04 02:22 40224 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-07-16 09:03 . 2016-05-04 02:22 130848 ----a-w- c:\windows\system32\vulkan-1.dll
2016-07-16 09:03 . 2016-05-04 02:22 45344 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-07-15 07:09 . 2016-07-15 07:09 -------- d-----w- c:\program files (x86)\Dead Frontier
2016-07-10 20:55 . 2016-07-10 20:55 -------- d-----w- C:\GR_Maps
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-09 03:37 . 2016-01-09 04:57 242448 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2016-07-13 22:45 . 2015-11-04 15:06 144749672 ----a-w- c:\windows\system32\MRT.exe
2016-07-12 14:42 . 2015-09-27 16:04 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-12 14:42 . 2015-09-27 16:04 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-12 12:21 . 2016-07-07 05:07 1579976 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2016-07-11 02:13 . 2016-05-05 01:36 14371384 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-07-11 02:13 . 2016-05-05 01:36 3840096 ----a-w- c:\windows\system32\nvapi64.dll
2016-07-11 02:13 . 2016-05-05 01:36 3393576 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-07-10 23:17 . 2016-05-05 01:37 6384064 ----a-w- c:\windows\system32\nvcpl.dll
2016-07-10 23:17 . 2016-05-05 01:37 2465848 ----a-w- c:\windows\system32\nvsvc64.dll
2016-07-10 23:17 . 2016-05-05 01:37 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-07-10 23:17 . 2016-05-05 01:37 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-07-10 23:17 . 2016-05-05 01:37 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-07-10 23:17 . 2016-05-05 01:37 1762752 ----a-w- c:\windows\system32\nvsvcr.dll
2016-07-10 23:17 . 2016-05-05 01:37 1364536 ----a-w- c:\windows\system32\nvvsvc.exe
2016-07-10 23:17 . 2016-02-04 08:10 547896 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-07-07 17:03 . 2016-05-05 01:37 7211925 ----a-w- c:\windows\system32\nvcoproc.bin
2016-07-03 03:07 . 2016-07-03 03:09 12800 ----a-w- c:\windows\SysWow64\WING32.DLL
2016-06-29 22:44 . 2016-07-07 05:07 1922616 ----a-w- c:\windows\system32\nvdispco6436869.dll
2016-06-29 22:44 . 2016-07-07 05:07 1571776 ----a-w- c:\windows\system32\nvdispgenco6436869.dll
2016-06-21 10:13 . 2010-11-21 03:27 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-06-14 20:01 . 2016-05-05 01:38 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2016-06-14 20:01 . 2016-05-05 01:38 1377800 ----a-w- c:\windows\SysWow64\nvspcap.dll
2016-06-14 20:01 . 2016-05-05 01:38 1767944 ----a-w- c:\windows\system32\nvspcap64.dll
2016-06-14 20:01 . 2016-05-05 01:38 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2016-06-14 20:01 . 2016-05-05 01:38 112216 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2016-06-14 15:21 . 2016-07-13 13:48 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-06-03 07:38 . 2016-06-10 13:42 1922616 ----a-w- c:\windows\system32\nvdispco6436839.dll
2016-06-03 07:38 . 2016-06-10 13:42 1571776 ----a-w- c:\windows\system32\nvdispgenco6436839.dll
2016-05-21 21:10 . 2016-05-30 11:49 1581624 ----a-w- c:\windows\system32\nvhdagenco64.dll
2016-05-20 15:18 . 2016-05-20 15:18 74752 ----a-w- c:\windows\ST6UNST.EXE
2016-05-20 15:18 . 2016-05-20 15:18 253952 ------w- c:\windows\Setup1.exe
2016-05-20 07:01 . 2016-05-30 11:49 1922496 ----a-w- c:\windows\system32\nvdispco6436822.dll
2016-05-20 07:01 . 2016-05-30 11:49 1573432 ----a-w- c:\windows\system32\nvdispgenco6436822.dll
2016-05-20 01:13 . 2016-05-20 01:13 875712 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2016-05-20 01:13 . 2016-05-20 01:13 536768 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2016-05-20 01:03 . 2016-05-20 01:03 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-05-20 01:03 . 2016-05-20 01:03 678592 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-05-18 16:10 . 2016-06-15 04:08 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-05-18 16:09 . 2016-06-15 04:08 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-05-17 22:48 . 2016-05-17 22:48 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2016-05-13 22:15 . 2016-06-15 04:08 382184 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 22:09 . 2016-06-15 04:08 41472 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 22:09 . 2016-06-15 04:08 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 22:09 . 2016-06-15 04:08 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 22:09 . 2016-06-15 04:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-05-13 21:54 . 2016-06-15 04:08 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-05-13 21:50 . 2016-06-15 04:08 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-05-13 21:49 . 2016-06-15 04:08 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-05-13 21:49 . 2016-06-15 04:08 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-05-13 21:27 . 2016-06-15 04:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-05-12 17:20 . 2016-06-15 04:08 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 17:20 . 2016-06-15 04:08 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 17:15 . 2016-06-15 04:08 105472 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 17:15 . 2016-06-15 04:08 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 17:15 . 2016-06-15 04:08 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-05-12 17:15 . 2016-06-15 04:08 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-05-12 17:15 . 2016-06-15 04:08 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 17:15 . 2016-06-15 04:08 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-05-12 17:14 . 2016-06-15 04:08 344064 ----a-w- c:\windows\system32\schannel.dll
2016-05-12 17:14 . 2016-06-15 04:08 28160 ----a-w- c:\windows\system32\secur32.dll
2016-05-12 17:14 . 2016-06-15 04:08 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-05-12 17:14 . 2016-06-15 04:08 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-05-12 17:14 . 2016-06-15 04:08 373760 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 17:14 . 2016-06-15 04:08 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-05-12 17:14 . 2016-06-15 04:08 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-05-12 17:14 . 2016-06-15 04:08 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-05-12 17:14 . 2016-06-15 04:08 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-05-12 17:14 . 2016-06-15 04:08 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-05-12 17:14 . 2016-06-15 04:08 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-05-12 17:14 . 2016-06-15 04:08 502272 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 17:14 . 2016-06-15 04:08 96256 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 17:14 . 2016-06-15 04:08 794624 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 17:14 . 2016-06-15 04:08 75776 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 17:14 . 2016-06-15 04:08 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 17:14 . 2016-06-15 04:08 22016 ----a-w- c:\windows\system32\credssp.dll
2016-05-12 17:14 . 2016-06-15 04:08 463872 ----a-w- c:\windows\system32\certcli.dll
2016-05-12 17:14 . 2016-06-15 04:08 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-05-12 15:18 . 2016-06-15 04:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-05-12 15:18 . 2016-06-15 04:08 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-05-12 15:18 . 2016-06-15 04:08 70144 ----a-w- c:\windows\SysWow64\winipsec.dll
2016-05-12 15:18 . 2016-06-15 04:08 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-05-12 15:18 . 2016-06-15 04:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-05-12 15:18 . 2016-06-15 04:08 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-05-12 15:18 . 2016-06-15 04:08 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-05-12 15:18 . 2016-06-15 04:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-05-12 15:18 . 2016-06-15 04:08 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-05-12 15:18 . 2016-06-15 04:08 274944 ----a-w- c:\windows\SysWow64\polstore.dll
2016-05-12 15:18 . 2016-06-15 04:08 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-05-12 15:18 . 2016-06-15 04:08 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-05-12 15:18 . 2016-06-15 04:08 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-05-12 15:18 . 2016-06-15 04:08 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-05-12 15:18 . 2016-06-15 04:08 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-05-12 15:18 . 2016-06-15 04:08 79360 ----a-w- c:\windows\SysWow64\gpapi.dll
2016-05-12 15:18 . 2016-06-15 04:08 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll
2016-05-12 15:18 . 2016-06-15 04:08 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2016-05-12 15:18 . 2016-06-15 04:08 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2016-05-12 15:18 . 2016-06-15 04:08 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2016-05-12 15:05 . 2016-06-15 04:08 64000 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:58 . 2016-06-15 04:08 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2016-05-16 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Sound Blaster Tactic3D Control Panel"="c:\program files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe" [2014-07-03 2091008]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2016-07-11 225944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;d:\origin\OriginClientService.exe;d:\origin\OriginClientService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 HDD Observer Service;HDD Observer Service;c:\program files\HDD Observer\HDDObserver.Service.exe;c:\program files\HDD Observer\HDDObserver.Service.exe [x]
R4 PAExec;PAExec;c:\windows\PAExec.exe;c:\windows\PAExec.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2016-08-06 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-12 14:42]
.
2016-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-27 14:42]
.
2016-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03 02:42]
.
2016-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03 02:42]
.
2016-08-09 c:\windows\Tasks\update-S-1-5-21-1040861988-1898195639-2225626604-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-11-07 12:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-10-23 8151040]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-06-14 1767944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\PsychoMantis\AppData\Roaming\Mozilla\Firefox\Profiles\oocegpvy.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_ó—*d>e\command]
@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_ó—*d>e\command]
@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2016-08-09 15:30:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2016-08-09 13:30
ComboFix2.txt 2016-07-23 15:53
ComboFix3.txt 2016-03-15 16:08
ComboFix4.txt 2016-02-13 07:05
.
Vor Suchlauf: 12 Verzeichnis(se), 495.213.686.784 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 494.962.028.544 Bytes frei
.
- - End Of File - - 07C9B3329506A4A4374DEC6B3AB0E7D7
A36C5E4F47E84449FF07ED3517B43A31 [/TABLE] Danke schonmal im Vorraus Geändert von CoolTool12 (09.08.2016 um 14:43 Uhr) |
| Themen zu nicht identifizierbare Prozesse ohne dateipfad im taskmanager,rechner wird immer langsamer,windows abstürze |
| bho, browser, desktop, fehler, festplatte, flash player, google, helper, hijack, hijack this, hijackthis, home, internet explorer, logfile, mozilla, problem, prozesse, rundll, scan, server, software, taskmanager, trojaner, usb, windows |
Baum-Darstellung