Computer gesperrt- GVU Virus

Tabbeus · 03.06.2013, 20:44

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-06-03.06 - Tabea 03.06.2013  20:58:34.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.2196 [GMT 2:00]
ausgeführt von:: c:\users\Tabea\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ChatZum Toolbar\tbunsx9782.tmp\tbHElper.dll
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\DealPlyUpdateVer.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\PricePeep
c:\program files (x86)\PricePeep\installer.ico
c:\program files (x86)\PricePeep\pricepeep.dll
c:\program files (x86)\PricePeep\uninstall.exe
c:\program files (x86)\PricePeep\unutil.exe
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\program files (x86)\XingHaoLyrics\lrCSpal.dll
c:\users\Tabea\AppData\Roaming\AcroIEHelpe.txt
c:\users\Tabea\AppData\Roaming\Mozilla\Firefox\Profiles\0kw1oeqw.default-1347280281532\extensions\pricepeep@getpricepeep.com.xpi
c:\users\Tabea\AppData\Roaming\prapproxy32.dll
c:\users\Tabea\AppData\Roaming\skype.ini
c:\users\Tabea\AppData\Roaming\srvblck2.tmp
c:\users\Tabea\Desktop\Setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-03 bis 2013-06-03  ))))))))))))))))))))))))))))))
.
.
2013-06-03 16:31 . 2013-06-03 16:31	--------	d-----w-	c:\users\Tabea\AppData\Roaming\Optimizer Pro
2013-06-03 16:31 . 2013-06-03 16:31	--------	d-----w-	c:\program files (x86)\Optimizer Pro
2013-06-03 16:31 . 2013-06-03 16:31	--------	d-----w-	c:\users\Tabea\AppData\Local\Programs
2013-06-03 16:31 . 2013-06-03 16:31	--------	d-----w-	c:\users\Tabea\AppData\Roaming\Iminent
2013-06-03 16:30 . 2013-06-03 16:30	--------	d-----w-	c:\programdata\Iminent
2013-06-03 16:30 . 2013-06-03 16:30	--------	d-----w-	c:\program files (x86)\Common Files\Umbrella
2013-06-03 16:29 . 2013-06-03 16:31	--------	d-----w-	c:\program files (x86)\Iminent
2013-06-03 16:18 . 2013-06-03 16:18	--------	d-----w-	c:\program files (x86)\7-Zip
2013-06-03 16:18 . 2013-06-03 19:14	--------	d-----w-	c:\program files (x86)\XingHaoLyrics
2013-06-03 16:18 . 2013-06-03 16:18	--------	d-----w-	c:\programdata\BrowserDefender
2013-06-03 16:18 . 2013-06-03 16:18	--------	d-----w-	c:\users\Tabea\AppData\Roaming\BabSolution
2013-06-03 16:18 . 2013-06-03 16:18	--------	d-----w-	c:\program files (x86)\Delta
2013-06-03 16:18 . 2013-06-03 16:18	--------	d-----w-	c:\users\Tabea\AppData\Roaming\Delta
2013-06-03 16:17 . 2013-06-03 16:17	--------	d-----w-	c:\program files (x86)\FilesFrog Update Checker
2013-06-03 15:56 . 2013-06-03 15:56	--------	d-----w-	c:\windows\SysWow64\jmdp
2013-06-03 15:56 . 2013-06-03 15:56	--------	d-----w-	c:\windows\SysWow64\ARFC
2013-06-03 15:56 . 2013-06-03 19:17	--------	d-----w-	c:\windows\SysWow64\WNLT
2013-06-03 15:56 . 2013-05-21 13:31	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-05-16 07:27 . 2013-04-05 06:50	855552	----a-w-	c:\windows\system32\jscript.dll
2013-05-15 15:39 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 18:04 . 2011-03-28 09:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 07:35 . 2012-01-08 19:08	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 15:39	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 15:39	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 15:39	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 15:39	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 15:39	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:39	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 14:06	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-22 02:03 . 2013-03-22 02:03	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-22 02:03 . 2013-03-22 02:03	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-22 02:03 . 2013-03-22 02:03	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-22 02:03 . 2013-03-22 02:03	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 02:03 . 2013-03-22 02:03	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 02:03 . 2013-03-22 02:03	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-22 02:03 . 2013-03-22 02:03	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-22 02:03 . 2013-03-22 02:03	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-22 02:03 . 2013-03-22 02:03	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-22 02:03 . 2013-03-22 02:03	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-22 02:03 . 2013-03-22 02:03	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-22 02:03 . 2013-03-22 02:03	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 02:03 . 2013-03-22 02:03	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-22 02:03 . 2013-03-22 02:03	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-22 02:03 . 2013-03-22 02:03	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-22 02:03 . 2013-03-22 02:03	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-22 02:03 . 2013-03-22 02:03	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 02:03 . 2013-03-22 02:03	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-22 02:03 . 2013-03-22 02:03	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-22 02:03 . 2013-03-22 02:03	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-22 02:03 . 2013-03-22 02:03	441856	----a-w-	c:\windows\system32\html.iec
2013-03-22 02:03 . 2013-03-22 02:03	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-22 02:03 . 2013-03-22 02:03	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-22 02:03 . 2013-03-22 02:03	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-22 02:03 . 2013-03-22 02:03	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-22 02:03 . 2013-03-22 02:03	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-22 02:03 . 2013-03-22 02:03	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-22 02:03 . 2013-03-22 02:03	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-22 02:03 . 2013-03-22 02:03	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-22 02:03 . 2013-03-22 02:03	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-22 02:03 . 2013-03-22 02:03	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-22 02:03 . 2013-03-22 02:03	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-22 02:03 . 2013-03-22 02:03	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-22 02:03 . 2013-03-22 02:03	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-22 02:03 . 2013-03-22 02:03	235008	----a-w-	c:\windows\system32\url.dll
2013-03-22 02:03 . 2013-03-22 02:03	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-22 02:03 . 2013-03-22 02:03	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-22 02:03 . 2013-03-22 02:03	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-22 02:03 . 2013-03-22 02:03	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-22 02:03 . 2013-03-22 02:03	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-22 02:03 . 2013-03-22 02:03	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-22 02:03 . 2013-03-22 02:03	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-22 02:03 . 2013-03-22 02:03	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-22 02:03 . 2013-03-22 02:03	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 02:03 . 2013-03-22 02:03	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-22 02:03 . 2013-03-22 02:03	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-22 02:03 . 2013-03-22 02:03	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-22 02:03 . 2013-03-22 02:03	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-22 02:03 . 2013-03-22 02:03	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-11 06:54	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 06:54	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 06:54	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 06:54	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 06:54	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 06:54	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02	295832	----a-w-	c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2011-05-09 176936]
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"= "c:\program files (x86)\ChatZum Toolbar\tbunsx9782.tmp\tbcore3.dll" [2012-08-29 2665984]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{37d48d9c-3f7e-412f-b5bf-611be7ccfca1}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Tabea\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Tabea\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Tabea\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Tabea\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-29 138096]
"Spotify Web Helper"="c:\users\Tabea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-31 1104384]
"Spotify"="c:\users\Tabea\AppData\Roaming\Spotify\Spotify.exe" [2013-05-31 4657152]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-26 336384]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-05-21 1074736]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-05-21 884784]
.
c:\users\Tabea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tabea\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-5 25863280]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 12:16	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000Core.job
- c:\users\Tabea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-29 15:34]
.
2013-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000UA.job
- c:\users\Tabea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-29 15:34]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 18:56]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Tabea\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Tabea\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Tabea\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Tabea\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=83e13856-d807-4318-9501-706d39059307&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Tabea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Tabea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tabea\AppData\Roaming\Mozilla\Firefox\Profiles\0kw1oeqw.default-1347280281532\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - ExtSQL: 2013-04-30 17:45; pricepeep@getpricepeep.com; c:\users\Tabea\AppData\Roaming\Mozilla\Firefox\Profiles\0kw1oeqw.default-1347280281532\extensions\pricepeep@getpricepeep.com.xpi
FF - ExtSQL: 2013-06-03 18:18; ffxtlbr@delta.com; c:\users\Tabea\AppData\Roaming\Mozilla\Firefox\Profiles\0kw1oeqw.default-1347280281532\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-06-03 18:18; lrcspal@xinghao.net; c:\program files (x86)\XingHaoLyrics\FF
FF - ExtSQL: 2013-06-03 18:31; webbooster@iminent.com; c:\users\Tabea\AppData\Roaming\Mozilla\Firefox\Profiles\0kw1oeqw.default-1347280281532\extensions\webbooster@iminent.com
FF - ExtSQL: 2013-06-03 18:31; amo@dealplyshopping.com; c:\users\Tabea\AppData\Roaming\Mozilla\Firefox\Profiles\0kw1oeqw.default-1347280281532\extensions\amo@dealplyshopping.com
FF - ExtSQL: !HIDDEN! 2013-06-03 18:31; webbooster@iminent.com; c:\users\Tabea\AppData\Roaming\Mozilla\Firefox\Profiles\0kw1oeqw.default-1347280281532\extensions\webbooster@iminent.com
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - c:\program files (x86)\XingHaoLyrics\lrcspal.dll
BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
WebBrowser-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-PricePeep - c:\program files (x86)\PricePeep\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$CSSQL05]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:CSSQL05"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\windows\SysWOW64\jmdp\stij.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-03  21:28:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-03 19:28
.
Vor Suchlauf: 9 Verzeichnis(se), 100.845.031.424 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 100.286.304.256 Bytes frei
.
- - End Of File - - B927AEC4E2C2592BEBF3447C7F7E96FC

--- --- ---

Computer gesperrt- GVU Virus

Plagegeister aller Art und deren Bekämpfung: Computer gesperrt- GVU Virus

Computer gesperrt- GVU Virus

Ähnliche Themen: Computer gesperrt- GVU Virus