Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AV-Meldung beim Öffnen von IE - Virus HEUR/HTML (https://www.trojaner-board.de/88239-av-meldung-beim-offnen-ie-virus-heur-html.html)

Susi700 15.07.2010 17:42
AV-Meldung beim Öffnen von IE - Virus HEUR/HTML
 
Hilfe !!!

ich habe seit einpaar Tage eine AV-Virus-Meldung, sobald ich den Internet Explorer öffne.
Ich habe mich in euren Foren hier schon etwas schlau gemacht und schon mal eine Combofix Log Datei erstellt.
Die Datei ist 9 Seiten groß - braucht ihr was bestimmtes damit ich nicht alles rein kopieren muss??

Was für Informationen benötigt ihr noch von mir?

Also ich hab Windows Vista.

Bitte um Hilfe...:heulen:
Danke im Voraus.

Susi

Susi700 15.07.2010 17:44
Ich setzt halt doch mal alles rein...viel Spass beim stöbern...

Combofix Logfile:
Code:
ComboFix 10-07-14.04 - Susi 15.07.2010  18:12:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.967 [GMT 2:00]
ausgeführt von:: c:\users\Susi\Downloads\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\Msjint35.dll
c:\windows\system\olepro32.dll
c:\windows\system\Tx_wmf32.flt
c:\windows\system\Vb5db.dll
c:\windows\tetris.exe
c:\windows\xpsp1hfm.log

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-15 bis 2010-07-15  ))))))))))))))))))))))))))))))
.

2010-07-15 16:23 . 2010-07-15 16:23        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-12 10:42 . 2010-07-01 11:52        1496064        ----a-w-        c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-12 10:42 . 2010-07-01 11:51        43008        ----a-w-        c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-12 10:42 . 2010-07-01 11:51        338944        ----a-w-        c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-12 10:42 . 2010-07-01 11:51        346112        ----a-w-        c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-10 11:46 . 2010-07-10 11:47        --------        d-----w-        c:\users\Susi\Kreta 2010
2010-07-08 18:31 . 2010-07-08 18:31        --------        d-----w-        c:\users\Susi\AppData\Roaming\Malwarebytes
2010-07-08 18:31 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 18:31 . 2010-07-08 18:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-08 18:31 . 2010-07-08 18:31        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-08 18:31 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-06-25 11:44 . 2010-06-25 11:44        --------        d-----w-        C:\d93f66d01c95167d7a7a
2010-06-23 16:04 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:04 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-06-23 16:04 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-06-23 16:04 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-06-23 16:04 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-06-23 13:30 . 2010-04-16 16:43        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2010-06-23 13:30 . 2010-04-16 14:39        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 13:26 . 2010-06-23 13:26        501936        ----a-w-        c:\programdata\Google\Google Toolbar\Update\gtb69FC.tmp.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 16:03 . 2008-02-23 21:22        --------        d-----w-        c:\users\Susi\AppData\Roaming\ICQ
2010-07-15 14:09 . 2008-02-23 18:49        --------        d-----w-        c:\programdata\Google Updater
2010-07-14 13:05 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-07-14 13:02 . 2008-02-18 09:39        --------        d-----w-        c:\program files\Microsoft.NET
2010-07-07 15:11 . 2008-02-09 00:01        --------        d-----w-        c:\programdata\Roxio
2010-06-30 07:41 . 2008-12-26 10:13        --------        d-----w-        c:\programdata\CanonIJPLM
2010-06-25 11:46 . 2006-11-02 15:33        626780        ----a-w-        c:\windows\system32\perfh007.dat
2010-06-25 11:46 . 2006-11-02 15:33        126202        ----a-w-        c:\windows\system32\perfc007.dat
2010-06-10 11:12 . 2010-05-02 10:08        --------        d-----w-        c:\program files\ICQ7.1
2010-06-10 11:08 . 2008-04-20 11:32        --------        d-----w-        c:\program files\SUPER
2010-05-27 11:21 . 2009-03-03 23:05        7592        ----a-w-        c:\users\Susi\AppData\Local\d3d9caps.dat
2010-05-26 17:06 . 2010-06-18 12:51        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-18 12:51        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 18:03        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-18 12:51        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-18 12:51        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-18 12:51        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-18 12:51        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-18 12:51        2037248        ----a-w-        c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 15:01        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 13:30        173056        ----a-w-        c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 13:30        458752        ----a-w-        c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 13:30        542720        ----a-w-        c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 13:30        2159616        ----a-w-        c:\windows\AppPatch\AcGenral.dll
2010-03-27 16:43 . 2005-07-04 15:35        4820        ----a-w-        c:\program files\audiograbber.ini
2009-03-11 11:03 . 2009-03-11 11:03        11641489        ----a-w-        c:\program files\TVersitySetup_1_0_0_11_RC7.exe
2009-03-08 17:21 . 2009-03-08 17:20        3559856        ----a-w-        c:\program files\Audiograbber setup.exe
2009-01-22 14:15 . 2009-01-22 14:15        19333112        ----a-w-        c:\program files\DivXInstaller7.exe
2008-05-25 14:47 . 2008-02-27 17:00        4151        ----a-w-        c:\program files\config.cfg
2005-07-01 10:55 . 2005-07-04 15:35        242915        ----a-w-        c:\program files\German.hlp
2005-07-01 10:55 . 2005-07-04 15:35        242915        ----a-w-        c:\program files\Audiograbber.hlp
2005-06-23 15:47 . 2005-07-04 15:35        178412        ----a-w-        c:\program files\Erste_Schritte.pdf
2005-06-22 12:13 . 2005-07-04 15:35        1865        ----a-w-        c:\program files\german.cnt
2005-06-22 12:13 . 2005-07-04 15:35        1865        ----a-w-        c:\program files\audiograbber.cnt
2005-06-13 07:41 . 2005-07-04 15:35        1309668        ----a-w-        c:\program files\Line-In.pdf
2005-05-16 06:20 . 2005-07-04 15:35        760        ----a-w-        c:\program files\audiograbber.apr
2005-04-12 13:00 . 2005-07-04 15:35        386        ----a-w-        c:\program files\Auto.Nam
2004-02-09 03:48 . 2005-07-04 15:35        899072        ----a-w-        c:\program files\audiograbber.exe
2003-02-09 10:04 . 2005-07-04 15:35        46092        ----a-w-        c:\program files\French.lng
2003-02-08 16:56 . 2005-07-04 15:35        44863        ----a-w-        c:\program files\German.lng
2002-01-03 20:50 . 2005-07-04 15:35        155648        ----a-w-        c:\program files\WMA8Connect.dll
2001-12-20 22:15 . 2005-07-04 15:35        43771        ----a-w-        c:\program files\Italian.lng
2001-12-20 13:11 . 2005-07-04 15:35        42533        ----a-w-        c:\program files\Spanish.lng
2009-11-28 18:34 . 2009-11-28 18:34        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-02-08 23:52 . 2008-02-08 23:52        76        --sh--r-        c:\windows\CT4CET.bin
2006-05-03 09:06 . 2008-04-20 11:32        163328        --sh--r-        c:\windows\System32\flvDX.dll
2009-08-25 12:52 . 2008-02-27 16:41        952        --sha-w-        c:\windows\System32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-04-20 11:32        31232        --sh--r-        c:\windows\System32\msfDX.dll
2007-12-17 12:43 . 2008-04-20 11:32        27648        --sh--w-        c:\windows\System32\Smab0.dll
2008-02-09 07:30 . 2008-02-09 07:16        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 21:08        279944        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15        1345336        ----a-w-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-09 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-28 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe [2008-2-18 794624]
Monitor.lnk - c:\users\Susi\Digi Cam\MCC Monitor.exe [2008-2-19 110592]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46        90112        ----a-w-        c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
2000-06-14 14:23        20480        ----a-w-        c:\windows\wt\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,f6,9c,ed,40,48,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1315832033-446891078-4000323035-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9857387d57acd;Google Update Service (gupdate1c9857387d57acd);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-28 30192]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-09 08:40]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:19]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:19]

2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{8C35F91D-530D-4CAF-B969-C50C3140E45D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-18 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {056EF094-86AF-492B-8D23-E08D4346922E} = 192.168.2.1
FF - ProfilePath - c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
AddRemove-DX-Ball 2 - c:\users\SUSI\SPIELE\DATEIN F_R SPIELE\Uninstal.exe
AddRemove-SuperTux_is1 - c:\users\Susi\Spiele\SuperTux\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-15 18:23
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2010-07-15  18:28:31
ComboFix-quarantined-files.txt  2010-07-15 16:28

Vor Suchlauf: 13 Verzeichnis(se), 25.940.504.576 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 35.319.300.096 Bytes frei

- - End Of File - - 3B081AE3462C47120B80F84EF51C1937
--- --- ---

Susi700 17.07.2010 09:38
Kann mir bitte jemand helfen????

Liebe Grüße
Susi:nixda:


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131