GVU-Virus Win7, Farbar Recovery Scan Tool

kaesbrot · 04.01.2015, 18:28

Hat alles ohne Probleme geklappt! Hier ist das Logfile -

Code:

ATTFilter

ComboFix 15-01-04.01 - Büro 04.01.2015  18:02:45.1.1 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.1024.295 [GMT 1:00]
ausgeführt von:: c:\users\B³ro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-04 bis 2015-01-04  ))))))))))))))))))))))))))))))
.
.
2015-01-04 17:17 . 2015-01-04 17:17	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-01-04 17:17 . 2015-01-04 17:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-04 17:17 . 2015-01-04 17:17	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-01-02 22:15 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B37CC0C4-BB17-4373-8F1D-A67C1CD7B452}\mpengine.dll
2015-01-01 16:34 . 2015-01-02 22:17	--------	d-----w-	C:\FRST
2014-12-18 18:48 . 2014-12-13 03:33	115712	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-10 21:36 . 2014-11-22 01:31	1075200	----a-w-	c:\program files\Internet Explorer\networkinspection.dll
2014-12-09 19:22 . 2010-02-04 09:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2014-12-09 19:22 . 2010-02-04 09:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2014-12-09 19:22 . 2010-02-04 09:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2014-12-09 19:22 . 2010-02-04 09:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2014-12-09 19:22 . 2007-04-04 17:53	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2014-12-09 19:22 . 2014-12-09 19:22	--------	d-----w-	c:\program files\Microsoft XNA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 12:09 . 2014-05-18 11:00	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 12:09 . 2014-05-18 11:00	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-24 13:04 . 2014-05-18 08:47	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-11-21 23:22 . 2014-05-18 09:37	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-11-21 23:22 . 2014-05-18 09:37	423784	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-11-11 02:44 . 2014-11-18 21:44	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-18 21:44	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-10-31 22:33 . 2014-05-18 09:37	70384	----a-w-	c:\windows\system32\drivers\aswmonflt.sys
2014-10-27 17:51 . 2014-05-18 09:37	91496	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-10-27 17:51 . 2014-05-18 09:37	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-10-27 17:51 . 2014-05-18 09:37	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-10-27 17:51 . 2014-05-18 09:37	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-10-27 17:51 . 2014-05-18 09:37	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-10-27 17:51 . 2014-10-27 17:51	291352	----a-w-	c:\windows\system32\aswBoot.exe
2014-10-27 17:51 . 2014-10-27 17:51	43152	----a-w-	c:\windows\avastSS.scr
2014-10-25 01:32 . 2014-11-13 00:28	67584	----a-w-	c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 00:44	571904	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-13 00:28	136632	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-13 00:28	523776	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-13 00:28	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-13 00:28	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-13 00:28	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-13 00:32	2379264	----a-w-	c:\windows\system32\win32k.sys
2014-10-08 15:51 . 2014-10-08 15:51	143360	----a-w-	c:\windows\system32\UAService7.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-27 17:51	723976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-31 5223016]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^Büro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk]
path=c:\users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
backup=c:\windows\pss\Citrix Receiver.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Büro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinFehler.lnk]
path=c:\users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinFehler.lnk
backup=c:\windows\pss\WinFehler.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48	1022152	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 18:59	103720	------w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 15:50	50472	------w-	c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-04-27 18:41	87336	------w-	c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2000-01-01 00:00	604704	----a-w-	c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2009-05-19 20:16	222504	------w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 09:02	222504	------w-	c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2009-05-19 20:16	222504	------w-	c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2009-06-19 15:15	210216	------w-	c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-27 91496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [2014-10-06 73200]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-05-18 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2014-05-19 1343400]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-12-13 1527104]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-21 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2013-09-24 70440]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-16 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-27 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-31 70384]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 19:58	1087816	----a-w-	c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-26 19:31]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-26 19:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: adobe.com\get
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\2tn0p2pf.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2788)
c:\windows\System32\netprofm.dll
.
Zeit der Fertigstellung: 2015-01-04  18:23:28
ComboFix-quarantined-files.txt  2015-01-04 17:23
.
Vor Suchlauf: 9 Verzeichnis(se), 83.084.918.784 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 82.957.922.304 Bytes frei
.
- - End Of File - - 9CC5A3DA99636FCB3F1B78237D012F24
A36C5E4F47E84449FF07ED3517B43A31

GVU-Virus Win7, Farbar Recovery Scan Tool

Log-Analyse und Auswertung: GVU-Virus Win7, Farbar Recovery Scan Tool

GVU-Virus Win7, Farbar Recovery Scan Tool

Ähnliche Themen: GVU-Virus Win7, Farbar Recovery Scan Tool