Win32/Small.CA-Virus

schnipschnap · 13.04.2013, 19:40

Ne, es haengt wieder an gleicher stelle, diesmal ohne Neustart.
Mir ist nur aufgefallen, dass sophos einen HipsVirus erkannt haben will, nachdem internet aus, on access scan deaktiviert und combofix gestartet wurde. Den genauen Namen muesst ich nachschaun. Soll ich wieder abbrechen?

aharonov · 13.04.2013, 19:44

Abbrechen, die Combofix.exe umbenennen in NoMBR.exe und nochmals versuchen.

schnipschnap · 13.04.2013, 20:19

klappt auch nicht. es ist die gleiche schose wie vorher

aharonov · 13.04.2013, 20:26

Heieiei, letzter Versuch: Wieder umbenennen in Combofix.exe und im abgesicherten Modus ausführen.

schnipschnap · 13.04.2013, 20:31

wie kann ich den im abgesicherten modus ausführen?

soll ich die exe lösche und vielleicht neu runterladen ?

aharonov · 13.04.2013, 20:33

Starte in den abgesicherten Modus (Anleitung) und führe Combofix ganz normal aus wie sonst auch.

schnipschnap · 13.04.2013, 21:10

Nun.... Der Scan im abgesicherten Modus laeuft und brauch wahrscheinlich die ganze nacht... :-/

Alles genauso wie vorher ... Was soll ich machen?

Ich habs abgebrochen. Ich kann nicht mehr...

aharonov · 13.04.2013, 22:18

Dann mach stattdessen das:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.

Falls Funde angezeigt werden:

Klicke auf den CleanUp Button und erlaube den Neustart.
Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.

Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.

schnipschnap · 14.04.2013, 09:09

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
Malwarebytes : Free Anti-Malware download

Database version: v2013.04.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Schabnam :: SCHABNAM-THINK [administrator]

14.04.2013 10:07:19
mbar-log-2013-04-14 (10-07-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29003
Time elapsed: 32 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aharonov · 14.04.2013, 12:21

Ok, sieht gut aus.
Bitte noch ein frisches OTL-Log:

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

schnipschnap · 14.04.2013, 15:04

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.04.2013 15:03:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schabnam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 50,52% Memory free
3,73 Gb Paging File | 2,10 Gb Available in Paging File | 56,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296,92 Gb Total Space | 208,33 Gb Free Space | 70,17% Space Free | Partition Type: NTFS
 
Computer Name: SCHABNAM-THINK | User Name: Schabnam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schabnam\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Users\Schabnam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll ()
MOD - C:\Program Files (x86)\Secure Banking\funcs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{7CC6A5B1-01A3-4659-A1F8-81D8CD2F45EA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{B6C24954-AB3C-4FEF-BB6C-33C1245611FE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo laptops - ThinkPads & IdeaPad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "hxxp://yahoo.de/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 12:28:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.12 19:03:01 | 000,000,000 | ---D | M]
 
[2011.02.26 14:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schabnam\AppData\Roaming\mozilla\Extensions
[2013.04.12 11:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schabnam\AppData\Roaming\mozilla\Firefox\Profiles\rdzoxdod.default\extensions
[2013.04.12 11:35:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Schabnam\AppData\Roaming\mozilla\Firefox\Profiles\rdzoxdod.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.03 17:36:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Schabnam\AppData\Roaming\mozilla\Firefox\Profiles\rdzoxdod.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.27 14:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.27 14:12:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.12 12:28:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.18 21:32:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 17:24:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.18 21:32:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.18 21:32:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.18 21:32:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.18 21:32:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013.04.13 15:20:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EXT_InstallerReboot_9C09BACFA01147D181EB8103D9BF4735] "C:\Users\Schabnam\AppData\Local\Temp\SetupTemp0\Starter.exe" /reboot File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Schabnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Schabnam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Schabnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://asa05.lrz.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A80DA137-0373-4549-826D-FD7B19E52A5A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.14 14:35:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schabnam\Desktop\OTL(1).exe
[2013.04.14 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Schabnam\Desktop\mbar-1.05.0.1001
[2013.04.13 22:34:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.13 22:20:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.13 21:51:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.13 14:54:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.13 14:54:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.13 14:53:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.13 14:52:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.13 14:15:02 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\Schabnam\Desktop\ComboFix.exe
[2013.04.09 10:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.15 21:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.03.15 21:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.03.15 21:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt
[2013.03.15 20:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dm
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.14 15:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.14 15:06:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.14 14:35:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schabnam\Desktop\OTL(1).exe
[2013.04.14 14:35:17 | 001,532,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.14 14:35:17 | 000,666,340 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.14 14:35:17 | 000,626,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.14 14:35:17 | 000,136,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.14 14:35:17 | 000,111,602 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.14 14:32:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.14 09:33:39 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 09:33:39 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 09:27:30 | 012,917,756 | ---- | M] () -- C:\Users\Schabnam\Desktop\mbar-1.05.0.1001.zip
[2013.04.13 22:34:28 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.13 22:33:44 | 1500,942,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 16:49:41 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.04.13 15:20:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.13 14:15:14 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\Schabnam\Desktop\ComboFix.exe
[2013.04.13 14:13:55 | 000,001,070 | ---- | M] () -- C:\Users\Schabnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.13 14:12:52 | 000,001,044 | ---- | M] () -- C:\Users\Schabnam\Desktop\Dropbox.lnk
[2013.04.13 13:57:54 | 000,613,083 | ---- | M] () -- C:\Users\Schabnam\Desktop\adwcleaner.exe
[2013.04.12 19:16:19 | 000,377,856 | ---- | M] () -- C:\Users\Schabnam\Desktop\gmer_2.1.19163.exe
[2013.04.12 17:45:24 | 000,000,000 | ---- | M] () -- C:\Users\Schabnam\defogger_reenable
[2013.04.12 11:38:36 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 15:36:26 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 08:38:16 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.09 21:24:20 | 000,001,534 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.04.09 21:23:48 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.31 18:58:46 | 006,827,520 | ---- | M] () -- C:\Users\Schabnam\FrhlingsWalzer.pps
[2013.03.22 10:23:13 | 000,135,713 | ---- | M] () -- C:\Users\Schabnam\Documents\LMUSS13.Schabnam.Plieninger.pdf
[2013.03.22 10:23:13 | 000,135,713 | ---- | M] () -- C:\Users\Schabnam\Documents\ImmatrikulationSS13LMU.pdf
[2013.03.19 15:13:26 | 000,827,521 | ---- | M] () -- C:\Users\Schabnam\AOK-Plieninger.pdf
[2013.03.18 12:17:17 | 000,475,352 | ---- | M] () -- C:\Users\Schabnam\OnlineTicket.pdf
[2013.03.17 21:07:52 | 000,064,277 | ---- | M] () -- C:\Users\Schabnam\Gewissensspiegel.pdf
[2013.03.17 21:05:34 | 000,021,129 | ---- | M] () -- C:\Users\Schabnam\Gewissensspiegel.odt
[2013.03.17 20:02:44 | 000,002,035 | ---- | M] () -- C:\Users\Schabnam\Desktop\Mozilla Firefox.lnk
[2013.03.16 10:26:12 | 000,081,938 | ---- | M] () -- C:\Users\Schabnam\Kreuzwegandacht.pdf
[2013.03.16 10:25:46 | 000,024,098 | ---- | M] () -- C:\Users\Schabnam\Kreuzwegandacht.odt
[2013.03.15 21:09:08 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2013.03.15 21:09:08 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.14 09:24:56 | 012,917,756 | ---- | C] () -- C:\Users\Schabnam\Desktop\mbar-1.05.0.1001.zip
[2013.04.13 14:54:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.13 14:54:48 | 000,060,416 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2013.04.13 14:54:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.13 14:54:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.13 14:54:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.13 14:54:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.13 13:56:55 | 000,613,083 | ---- | C] () -- C:\Users\Schabnam\Desktop\adwcleaner.exe
[2013.04.12 19:16:03 | 000,377,856 | ---- | C] () -- C:\Users\Schabnam\Desktop\gmer_2.1.19163.exe
[2013.04.12 17:45:24 | 000,000,000 | ---- | C] () -- C:\Users\Schabnam\defogger_reenable
[2013.03.31 18:58:26 | 006,827,520 | ---- | C] () -- C:\Users\Schabnam\FrhlingsWalzer.pps
[2013.03.22 10:25:13 | 000,135,713 | ---- | C] () -- C:\Users\Schabnam\Documents\LMUSS13.Schabnam.Plieninger.pdf
[2013.03.22 10:23:00 | 000,135,713 | ---- | C] () -- C:\Users\Schabnam\Documents\ImmatrikulationSS13LMU.pdf
[2013.03.19 15:13:26 | 000,827,521 | ---- | C] () -- C:\Users\Schabnam\AOK-Plieninger.pdf
[2013.03.18 12:16:20 | 000,475,352 | ---- | C] () -- C:\Users\Schabnam\OnlineTicket.pdf
[2013.03.17 21:07:49 | 000,064,277 | ---- | C] () -- C:\Users\Schabnam\Gewissensspiegel.pdf
[2013.03.17 21:05:31 | 000,021,129 | ---- | C] () -- C:\Users\Schabnam\Gewissensspiegel.odt
[2013.03.17 20:02:44 | 000,002,035 | ---- | C] () -- C:\Users\Schabnam\Desktop\Mozilla Firefox.lnk
[2013.03.16 10:22:39 | 000,081,938 | ---- | C] () -- C:\Users\Schabnam\Kreuzwegandacht.pdf
[2013.03.16 10:15:52 | 000,024,098 | ---- | C] () -- C:\Users\Schabnam\Kreuzwegandacht.odt
[2013.03.15 21:09:08 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2013.03.15 21:09:08 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
[2013.03.10 12:57:45 | 000,001,534 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.03.05 23:32:21 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2013.02.24 17:37:36 | 000,717,900 | R--- | C] () -- C:\Users\Schabnam\Schabnam am 17.2. im Dom 1.jpg
[2013.02.23 19:58:50 | 002,333,061 | ---- | C] () -- C:\Users\Schabnam\Taufkerze.JPG
[2013.02.23 19:57:48 | 002,710,362 | ---- | C] () -- C:\Users\Schabnam\IMG_1841.JPG
[2013.02.10 21:00:55 | 371,257,398 | ---- | C] () -- C:\Users\Schabnam\img421.bmp
[2013.02.10 20:57:03 | 026,850,922 | ---- | C] () -- C:\Users\Schabnam\img420.bmp
[2013.02.10 20:55:30 | 000,211,797 | ---- | C] () -- C:\Users\Schabnam\img419.pdf
[2013.02.08 17:48:13 | 000,074,487 | R--- | C] () -- C:\Users\Schabnam\NER Tabelle.pdf
[2013.01.23 21:22:49 | 000,053,657 | ---- | C] () -- C:\Users\Schabnam\Gebet Josefmaria.pdf
[2013.01.22 18:37:58 | 006,241,555 | ---- | C] () -- C:\Users\Schabnam\Indisch Rezepte.pdf
[2013.01.06 00:35:13 | 000,036,589 | ---- | C] () -- C:\Users\Schabnam\Komm herab o heilger Geist.pdf
[2013.01.05 13:59:32 | 001,042,606 | R--- | C] () -- C:\Users\Schabnam\Gesten - Guter Gott, du bist immer da.pdf
[2012.12.26 17:14:05 | 000,036,969 | ---- | C] () -- C:\Users\Schabnam\Brief an Mama.odt
[2012.12.22 22:46:45 | 001,069,402 | ---- | C] () -- C:\Users\Schabnam\Hoffmann - Homosexualität.pdf
[2012.12.19 19:32:50 | 000,096,160 | ---- | C] () -- C:\Users\Schabnam\weihnachten-02_01.jpg
[2012.12.02 17:55:15 | 000,014,429 | ---- | C] () -- C:\Users\Schabnam\meineZeichnung.odg
[2012.11.06 11:16:06 | 087,815,178 | ---- | C] () -- C:\Users\Schabnam\VL Leuze 6.11.12.MP3
[2012.11.06 09:37:20 | 046,898,646 | ---- | C] () -- C:\Users\Schabnam\VL Kreiner 6.11.12.MP3
[2012.10.31 16:37:47 | 000,000,062 | R--- | C] () -- C:\Users\Schabnam\listen.pls
[2012.09.20 15:55:28 | 000,095,972 | ---- | C] () -- C:\Users\Schabnam\Preisliste_Weltbild_Mobil_All-in_M_Samsung_Galaxy_Y_O_20120901.pdf
[2012.09.09 12:52:08 | 007,388,292 | ---- | C] () -- C:\Users\Schabnam\GT-I9100_UM_DTM_Gingerbread_Ger_Rev.1.3_111212_Screen.pdf
[2012.07.22 14:21:26 | 000,026,151 | -HS- | C] () -- C:\Users\Schabnam\Folder.jpg
[2012.07.22 14:21:26 | 000,007,160 | -HS- | C] () -- C:\Users\Schabnam\AlbumArtSmall.jpg
[2012.05.17 23:03:52 | 000,001,367 | ---- | C] () -- C:\Users\Schabnam\AppData\Local\recently-used.xbel
[2012.04.10 17:05:26 | 400,113,571 | ---- | C] () -- C:\Users\Schabnam\Kursskripte.zip
[2012.02.06 11:55:15 | 000,000,116 | -H-- | C] () -- C:\Users\Schabnam\.~lock.Gliederung zur Zula.odt#
[2011.05.03 20:13:58 | 000,000,600 | ---- | C] () -- C:\Users\Schabnam\AppData\Roaming\winscp.rnd
[2011.02.27 23:21:25 | 000,003,584 | ---- | C] () -- C:\Users\Schabnam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.26 14:18:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.05 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\Bubble
[2013.04.13 22:35:15 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\Dropbox
[2012.05.21 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\EPSON
[2011.03.11 21:56:53 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\OpenOffice.org
[2013.03.05 23:32:39 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\Opera
[2011.06.13 13:10:05 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\PCDr
[2011.05.21 18:31:47 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\PureBasic
[2011.03.04 21:31:12 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\Subversion
[2011.02.27 20:12:56 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\TeamViewer
[2012.11.09 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\TrueCrypt
[2011.05.29 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Schabnam\AppData\Roaming\Update
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

aharonov · 14.04.2013, 15:16

Gut, dann noch eine letzte Kontrolle:

Schritt 1

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 2

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 3

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von MBAM
Log von ESET
Log von SecurityCheck

schnipschnap · 14.04.2013, 15:44

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.04.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Schabnam :: SCHABNAM-THINK [Administrator]

14.04.2013 16:33:14
mbam-log-2013-04-14 (16-33-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210380
Laufzeit: 11 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Den Rest muss ich leider auf morgen verschieben. Meine externe Festplatte ist noch im Umzugskarton, die müsst ich auch erst noch suchen.

aharonov · 14.04.2013, 18:00

Zitat:

Den Rest muss ich leider auf morgen verschieben.

Jep, alles klar. Melde dich einfach wieder hier, sobald alles erledigt ist.

schnipschnap · 17.04.2013, 10:46

Damit ich den download fuer ESET machen kann (ich glaub, das ist der dritte punkt) soll ich trotz deaktivierter Antivirensoftware das Internet einschalten?

13.04.2013, 19:44	#17
aharonov /// TB-Ausbilder	Win32/Small.CA-Virus Abbrechen, die Combofix.exe umbenennen in NoMBR.exe und nochmals versuchen. __________________ __________________

13.04.2013, 20:26	#19
aharonov /// TB-Ausbilder	Win32/Small.CA-Virus Heieiei, letzter Versuch: Wieder umbenennen in Combofix.exe und im abgesicherten Modus ausführen. __________________ cheers, Leo

13.04.2013, 20:33	#21
aharonov /// TB-Ausbilder	Win32/Small.CA-Virus Starte in den abgesicherten Modus (Anleitung) und führe Combofix ganz normal aus wie sonst auch. __________________ --> Win32/Small.CA-Virus

14.04.2013, 12:21	#25
aharonov /// TB-Ausbilder	Win32/Small.CA-Virus Ok, sieht gut aus. Bitte noch ein frisches OTL-Log: Starte bitte die OTL.exe. Setze den Haken bei Scan all Users. Drücke auf den Quick Scan Button. Poste den Inhalt von OTL.txt hier in den Thread. __________________ cheers, Leo

Win32/Small.CA-Virus

Plagegeister aller Art und deren Bekämpfung: Win32/Small.CA-Virus