| darkshadow | 19.06.2015 17:44 |
Festplatte füllt sich im Minuten Takt
Hallo liebes TB-Forum
Ich versuche seit heute mittag für meinen freund herauszufinden wieso sich der speicher im minutentakt füllt
Mir ist auch eine video datei aufgefallen die virus hieß 90kb groß war ,null sekunden lang,
dafür aber eine C++ struktur enthielt da ich die Datei aber nicht mehr finde kann ich sie nicht genau analysieren ich hoffe ihr könnt uns helfen
MFG Darkshadow
Daurch ich mich recht gut auskenne hab ich den ComboFix ausgeführt weil die belegung umd die 500MB die minute war hier das log Code:
ComboFix 15-06-18.01 - ***** 19.06.2015 16:44:08.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.5400 [GMT 2:00]
ausgeführt von:: c:\users\Gamer\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-19 bis 2015-06-19 ))))))))))))))))))))))))))))))
.
.
2015-06-19 14:55 . 2015-06-19 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-19 14:34 . 2015-06-19 14:34 -------- d-----w- c:\users\Gamer\AppData\Roaming\JAM Software
2015-06-19 14:24 . 2015-06-19 14:25 -------- d-----w- C:\KVRT_Data
2015-06-19 14:02 . 2015-06-19 14:22 -------- d-----w- c:\programdata\HitmanPro
2015-06-18 22:29 . 2015-06-18 22:29 -------- d-----w- c:\program files (x86)\Dungeon Defenders
2015-06-17 16:07 . 2015-06-17 16:09 -------- d-----w- c:\users\Gamer\AppData\Roaming\Download Manager
2015-06-17 12:07 . 2015-05-28 19:03 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-16 07:21 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D0A99D-78C0-408F-B0E2-4087B30AA0F4}\mpengine.dll
2015-06-15 15:21 . 2015-06-15 15:21 -------- d-----w- c:\users\Gamer\AppData\Local\Activision
2015-06-15 15:20 . 2015-06-15 15:20 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2015-06-13 06:07 . 2015-06-13 06:07 -------- d-----w- c:\users\Gamer\AppData\Roaming\DarkSoulsII
2015-06-12 07:09 . 2015-06-12 07:09 -------- d-----w- c:\users\Gamer\AppData\Roaming\Empty Clip Studios
2015-06-11 04:14 . 2015-06-11 04:14 -------- d-----w- c:\users\Gamer\AppData\Roaming\CobiMobi
2015-06-11 04:12 . 2015-06-11 04:12 -------- d-----w- c:\users\Gamer\AppData\Roaming\MMFApplications
2015-06-10 04:59 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-06-09 16:20 . 2015-06-09 16:20 -------- d-----w- c:\users\Gamer\AppData\Roaming\DevPro, LLC
2015-06-09 05:20 . 2015-06-09 05:20 136408 ----a-w- c:\windows\system32\drivers\47515E80.sys
2015-06-01 11:17 . 2015-05-28 03:52 571024 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-06-01 11:00 . 2015-06-17 07:32 -------- d-----w- c:\programdata\boost_interprocess
2015-06-01 11:00 . 2015-04-03 13:21 48784 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-06-01 11:00 . 2015-04-03 13:21 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-05-28 19:03 . 2015-05-28 19:03 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-05-28 19:03 . 2015-05-28 19:03 43112 ----a-w- c:\windows\avastSS.scr
2015-05-28 19:03 . 2015-05-28 19:03 449896 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-05-26 17:46 . 2015-05-26 17:46 -------- d-----w- c:\users\Gamer\AppData\Roaming\Trine2
2015-05-23 02:56 . 2015-05-23 02:56 -------- d-----w- c:\windows\system32\vbox
2015-05-23 02:56 . 2015-05-23 02:56 -------- d-----w- c:\windows\SysWow64\vbox
2015-05-21 21:53 . 2015-05-13 06:52 31552 ----a-w- c:\windows\system32\nvhdap64.dll
2015-05-21 21:53 . 2015-05-13 06:52 195912 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-05-21 21:53 . 2015-05-12 06:27 1898312 ----a-w- c:\windows\system32\nvdispco6435286.dll
2015-05-21 21:53 . 2015-05-12 06:27 1557648 ----a-w- c:\windows\system32\nvdispgenco6435286.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-19 15:01 . 2014-07-29 15:11 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-17 16:11 . 2014-10-24 19:30 156392 ----a-w- c:\windows\SysWow64\eEmpty.exe
2015-06-15 15:23 . 2014-07-29 18:35 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-06-15 15:23 . 2014-07-29 18:35 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-06-13 05:12 . 2014-07-29 10:20 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-13 05:12 . 2014-07-29 10:20 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-11 04:14 . 2014-08-02 16:59 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2015-06-11 04:14 . 2014-08-02 16:59 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2015-06-10 23:20 . 2014-07-30 03:56 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-28 19:03 . 2014-07-29 15:43 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-28 19:03 . 2014-07-29 15:43 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-28 19:03 . 2014-07-29 15:43 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-28 19:03 . 2014-07-29 15:43 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-28 19:03 . 2014-07-29 15:43 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-28 19:03 . 2014-07-29 15:43 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-28 19:03 . 2014-07-29 15:43 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-28 19:03 . 2014-07-29 15:43 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-28 07:04 . 2014-12-23 16:57 2986392 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-05-28 07:04 . 2014-11-19 19:29 112968 ----a-w- c:\windows\system32\OpenCL.dll
2015-05-28 07:04 . 2014-11-19 19:29 105288 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-05-28 07:04 . 2014-11-19 19:28 3379680 ----a-w- c:\windows\system32\nvapi64.dll
2015-05-28 07:04 . 2014-11-19 19:28 12852152 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-05-28 04:15 . 2014-11-19 19:30 937288 ----a-w- c:\windows\system32\nvvsvc.exe
2015-05-28 04:15 . 2014-11-19 19:30 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-05-28 04:15 . 2014-11-19 19:30 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-05-28 04:15 . 2014-11-19 19:30 3491984 ----a-w- c:\windows\system32\nvsvc64.dll
2015-05-28 04:15 . 2014-11-19 19:30 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-05-28 04:15 . 2014-11-19 19:30 6872904 ----a-w- c:\windows\system32\nvcpl.dll
2015-05-27 10:48 . 2014-11-19 19:30 4408727 ----a-w- c:\windows\system32\nvcoproc.bin
2015-05-23 01:47 . 2014-07-29 18:53 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-05-23 01:47 . 2014-07-25 05:33 1320304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-05-23 01:47 . 2014-07-29 18:53 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-05-23 01:47 . 2014-07-25 05:33 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-05-13 06:52 . 2015-01-26 14:25 1558848 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-05-09 03:13 . 2015-06-10 05:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-05 01:29 . 2015-05-14 01:32 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-14 01:32 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-01 13:17 . 2015-05-14 01:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 01:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-14 01:32 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-14 01:32 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-14 01:31 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-14 01:32 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-14 01:32 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2014-07-29 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-07-29 15:11 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-07-29 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-14 01:32 328704 ----a-w- c:\windows\system32\services.exe
2015-04-09 00:58 . 2015-05-03 05:49 1895568 ----a-w- c:\windows\system32\nvdispco6435012.dll
2015-04-09 00:58 . 2015-05-03 05:49 1557648 ----a-w- c:\windows\system32\nvdispgenco6435012.dll
2015-04-08 03:29 . 2015-05-14 01:31 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-14 01:31 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-14 01:31 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-04-04 03:29 . 2015-05-14 01:32 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-04 03:29 . 2015-05-14 01:32 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-04-04 03:22 . 2015-05-14 01:32 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-04-04 03:22 . 2015-05-14 01:32 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-04-04 03:22 . 2015-05-14 01:32 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-04-04 03:22 . 2015-05-14 01:32 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-04-04 03:22 . 2015-05-14 01:32 28160 ----a-w- c:\windows\system32\secur32.dll
2015-04-04 03:22 . 2015-05-14 01:32 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-04-04 03:22 . 2015-05-14 01:32 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-04-04 03:22 . 2015-05-14 01:32 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-04-04 03:22 . 2015-05-14 01:32 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-04 03:22 . 2015-05-14 01:32 22016 ----a-w- c:\windows\system32\credssp.dll
2015-04-04 03:20 . 2015-05-14 01:32 31232 ----a-w- c:\windows\system32\lsass.exe
2015-04-04 03:20 . 2015-05-14 01:32 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-04-04 03:17 . 2015-05-14 01:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-04-04 03:17 . 2015-05-14 01:32 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-04 03:15 . 2015-05-14 01:32 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-04-04 03:05 . 2015-05-14 01:32 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-04-04 03:05 . 2015-05-14 01:32 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-04-04 03:05 . 2015-05-14 01:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-04-04 03:05 . 2015-05-14 01:32 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-04-04 03:05 . 2015-05-14 01:32 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-04-04 03:05 . 2015-05-14 01:32 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-04-04 03:05 . 2015-05-14 01:32 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-04-04 03:04 . 2015-05-14 01:32 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-04-04 03:04 . 2015-05-14 01:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-04-04 03:01 . 2015-05-14 01:32 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-04-04 03:01 . 2015-05-14 01:32 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-04-04 02:59 . 2015-05-14 01:32 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-04-03 13:21 . 2014-05-28 09:24 52880 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-03-30 13:25 . 2014-09-05 08:13 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-03-25 03:24 . 2015-04-15 05:55 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 05:55 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 05:55 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 05:55 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 05:55 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 05:55 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 05:55 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 05:55 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 05:55 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 05:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 05:55 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 05:55 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 05:55 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 05:55 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 05:55 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 05:55 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-11 10:43 223432 ----a-w- c:\users\Gamer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-11 10:43 223432 ----a-w- c:\users\Gamer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-11 10:43 223432 ----a-w- c:\users\Gamer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-05-18 3632472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-05-14 28920448]
"Akamai NetSession Interface"="c:\users\Gamer\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-28 5515496]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-03-30 3978600]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 33479496;33479496;c:\windows\system32\DRIVERS\33479496.sys;c:\windows\SYSNATIVE\DRIVERS\33479496.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys;c:\windows\SYSNATIVE\DRIVERS\eve.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys;c:\windows\SYSNATIVE\drivers\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\drivers\xhcdrv.sys;c:\windows\SYSNATIVE\drivers\xhcdrv.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29 05:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCError]
@="{0960F090-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F090-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCErrorShared]
@="{0960F091-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F091-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCOK]
@="{0960F092-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F092-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCOKShared]
@="{0960F093-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F093-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCSync]
@="{0960F094-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F094-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCSyncShared]
@="{0960F095-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F095-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCWarning]
@="{0960F096-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F096-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OCWarningShared]
@="{0960F097-F328-48A3-B746-276B1E3C3722}"
[HKEY_CLASSES_ROOT\CLSID\{0960F097-F328-48A3-B746-276B1E3C3722}]
2014-11-06 14:46 273408 ----a-w- c:\program files (x86)\ownCloud\shellext\OCOverlays_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-11 10:43 262344 ----a-w- c:\users\Gamer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-11 10:43 262344 ----a-w- c:\users\Gamer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-11 10:43 262344 ----a-w- c:\users\Gamer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-28 19:03 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-23 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-05-23 1571696]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2012-08-22 12935168]
.
------- Zusätzlicher Suchlauf -------
.
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
Trusted Zone: aeriagames.com
FF - ProfilePath - c:\users\Gamer\AppData\Roaming\Mozilla\Firefox\Profiles\qjedzmm9.default\
FF - ExtSQL: !HIDDEN! 2014-08-11 20:46; {B64D9B05-48E1-4CEB-BF58-E0643994E900}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_33479496.lnk - c:\users\Gamer\AppData\Local\Temp\_uninst_33479496.bat
c:\users\Gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48964575.lnk - c:\users\Gamer\AppData\Local\Temp\_uninst_48964575.bat
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-S4 League - c:\users\Gamer\Desktop\Sonstiges\S4League\Uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-81771348-503357986-749784082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-81771348-503357986-749784082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-81771348-503357986-749784082-1000\Software\SecuROM\License information*]
"datasecu"=hex:0d,9e,9c,14,e7,6d,dc,17,cb,89,8b,df,b4,ac,b0,db,6b,18,ba,e7,32,
e7,76,e0,cd,21,17,9c,c0,54,7f,a7,fa,0a,7a,38,ea,2e,e4,b7,3f,d7,63,eb,52,be,\
"rkeysecu"=hex:96,c5,f5,1e,a9,69,b3,22,1f,bc,dc,87,90,c8,dc,59
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-19 17:07:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-06-19 15:07
.
Vor Suchlauf: 10 Verzeichnis(se), 49.893.564.416 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 51.280.248.832 Bytes frei
.
- - End Of File - - 5D4178BF0993B8C778BEDF18B8526B9A
A36C5E4F47E84449FF07ED3517B43A31
|
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
