gerne- hier bitte.
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 13-02-07.01 - User 07.02.2013 21:25:02.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3325.1858 [GMT 1:00]
ausgeführt von:: c:\users\Sabine\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sabine\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Antivirus *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\dsgsdgdsgdsgw.js"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\dir0000.chk\like[2].htm
c:\found.000\dir0000.chk\likebox[1].htm
c:\found.000\dir0000.chk\MetArt_Pombe_Katya-AC_by_Leonardo_high_0074[1].jpg
c:\found.000\dir0001.chk\view[4].htm
c:\found.000\dir0001.chk\wmedia[1].htm
c:\found.000\dir0002.chk\mobile_adult[1].js
c:\found.000\dir0002.chk\RecorderButtonLow[1].png
c:\programdata\dsgsdgdsgdsgw.js
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-07 bis 2013-02-07 ))))))))))))))))))))))))))))))
.
.
2013-02-07 20:30 . 2013-02-07 20:31 -------- d-----w- c:\users\User\AppData\Local\temp
2013-02-07 20:30 . 2013-02-07 20:30 -------- d-----w- c:\users\Sabine\AppData\Local\temp
2013-02-07 20:30 . 2013-02-07 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-06 21:08 . 2013-02-06 21:08 87310 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-02-06 15:36 . 2013-02-06 15:36 -------- d-----w- C:\VTRoot
2013-02-06 15:18 . 2013-02-07 20:12 490448 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-02-06 15:17 . 2013-02-06 15:18 -------- d-s---w- c:\programdata\Shared Space
2013-02-06 15:16 . 2013-02-06 15:57 -------- d-----w- c:\users\User\AppData\Local\Comodo
2013-02-06 15:16 . 2013-02-06 15:16 42760 ----a-w- c:\windows\system32\certsentry.dll
2013-02-06 15:16 . 2013-02-06 15:57 -------- d-----w- c:\program files\Comodo
2013-02-06 15:13 . 2013-02-06 15:13 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
2013-02-06 15:12 . 2013-02-06 15:12 -------- d-----w- c:\program files\Secunia
2013-02-06 14:58 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FAB24B1-4D89-470C-86A7-4A7F246379F3}\mpengine.dll
2013-02-03 18:35 . 2013-02-03 18:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-24 21:43 . 2013-01-24 21:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-24 21:43 . 2013-01-24 21:43 354752 ----a-w- c:\windows\system32\guard32.dll
2013-01-24 21:42 . 2013-01-24 21:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-01-24 21:42 . 2013-01-24 21:42 263888 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-01-17 17:46 . 2013-01-17 17:46 -------- d-----w- c:\programdata\Malwarebytes
2013-01-16 18:51 . 2013-01-16 18:51 84416 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-16 18:51 . 2013-01-16 18:51 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-16 18:51 . 2013-01-16 18:51 576768 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-01-16 18:51 . 2013-01-16 18:51 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-01-11 22:45 . 2013-01-12 17:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-01-11 05:04 . 2013-01-11 05:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-01-09 21:04 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 21:04 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 21:04 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:04 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 21:04 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 21:04 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 18:35 . 2012-05-12 20:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-03 18:35 . 2010-11-03 21:17 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-10-31 08:17 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 20:48 . 2012-04-01 04:59 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:48 . 2011-05-14 05:07 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-22 08:36 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-13 18:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 18:21 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 18:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 18:21 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 18:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 18:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-01-28 21:17 . 2013-01-28 21:17 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{991D97B8-F0D8-4EA1-9100-7A65EA2D3A63}]
2012-08-28 06:53 84840 ----a-w- c:\users\User\AppData\Roaming\SenselessTV\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-03 9267816]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Ocs_SM"="c:\users\User\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1430736]
.
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SearchAnonymizer;SearchAnonymizer;c:\users\User\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:48]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 11:06]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 11:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.stimme.de/
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2148353632343: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2734364236383: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}\5416379724F687D2735364436303: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{18C2FB04-7377-47A5-B748-F817A1EEE1F3}: NameServer = 8.26.56.26,156.154.70.22
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://notes.kwpartner.de/dwa85W.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpp3pji7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stimme.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-21 18:20; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpp3pji7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2012-12-28 21:36; support@Senseless.TV; c:\users\User\AppData\Roaming\SenselessTV\ffextension
FF - ExtSQL: !HIDDEN! 2012-12-28 21:36; support@Senseless.TV; c:\users\User\AppData\Roaming\SenselessTV\ffextension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Vidalia - c:\program files\Vidalia Bridge Bundle\Vidalia\vidalia.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2013-02-07 21:32:44
ComboFix-quarantined-files.txt 2013-02-07 20:32
ComboFix2.txt 2013-02-03 16:09
.
Vor Suchlauf: 11 Verzeichnis(se), 14.107.455.488 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 14.834.802.688 Bytes frei
.
- - End Of File - - 3716C89E6250D09F9C00DA8FC9F18142
07.02.2013, 21:35
Hybrid-Darstellung
