| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AV-Meldung beim Öffnen von IE - Virus HEUR/HTMLWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
15.07.2010, 17:42
| #1 |
| |  AV-Meldung beim Öffnen von IE - Virus HEUR/HTML Hilfe !!! ich habe seit einpaar Tage eine AV-Virus-Meldung, sobald ich den Internet Explorer öffne. Ich habe mich in euren Foren hier schon etwas schlau gemacht und schon mal eine Combofix Log Datei erstellt. Die Datei ist 9 Seiten groß - braucht ihr was bestimmtes damit ich nicht alles rein kopieren muss?? Was für Informationen benötigt ihr noch von mir? Also ich hab Windows Vista. Bitte um Hilfe...  Danke im Voraus. Susi |
|
15.07.2010, 17:44
| #2 |
| | AV-Meldung beim Öffnen von IE - Virus HEUR/HTML Ich setzt halt doch mal alles rein...viel Spass beim stöbern...
__________________Combofix Logfile: Code:
ATTFilter ComboFix 10-07-14.04 - Susi 15.07.2010 18:12:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.967 [GMT 2:00]
ausgeführt von:: c:\users\Susi\Downloads\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\Msjint35.dll
c:\windows\system\olepro32.dll
c:\windows\system\Tx_wmf32.flt
c:\windows\system\Vb5db.dll
c:\windows\tetris.exe
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-15 bis 2010-07-15 ))))))))))))))))))))))))))))))
.
2010-07-15 16:23 . 2010-07-15 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-12 10:42 . 2010-07-01 11:52 1496064 ----a-w- c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-12 10:42 . 2010-07-01 11:51 43008 ----a-w- c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-12 10:42 . 2010-07-01 11:51 338944 ----a-w- c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-12 10:42 . 2010-07-01 11:51 346112 ----a-w- c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-10 11:46 . 2010-07-10 11:47 -------- d-----w- c:\users\Susi\Kreta 2010
2010-07-08 18:31 . 2010-07-08 18:31 -------- d-----w- c:\users\Susi\AppData\Roaming\Malwarebytes
2010-07-08 18:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 18:31 . 2010-07-08 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 18:31 . 2010-07-08 18:31 -------- d-----w- c:\programdata\Malwarebytes
2010-07-08 18:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 11:44 . 2010-06-25 11:44 -------- d-----w- C:\d93f66d01c95167d7a7a
2010-06-23 16:04 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:04 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:04 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:04 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:04 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 13:30 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 13:30 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 13:26 . 2010-06-23 13:26 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb69FC.tmp.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 16:03 . 2008-02-23 21:22 -------- d-----w- c:\users\Susi\AppData\Roaming\ICQ
2010-07-15 14:09 . 2008-02-23 18:49 -------- d-----w- c:\programdata\Google Updater
2010-07-14 13:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 13:02 . 2008-02-18 09:39 -------- d-----w- c:\program files\Microsoft.NET
2010-07-07 15:11 . 2008-02-09 00:01 -------- d-----w- c:\programdata\Roxio
2010-06-30 07:41 . 2008-12-26 10:13 -------- d-----w- c:\programdata\CanonIJPLM
2010-06-25 11:46 . 2006-11-02 15:33 626780 ----a-w- c:\windows\system32\perfh007.dat
2010-06-25 11:46 . 2006-11-02 15:33 126202 ----a-w- c:\windows\system32\perfc007.dat
2010-06-10 11:12 . 2010-05-02 10:08 -------- d-----w- c:\program files\ICQ7.1
2010-06-10 11:08 . 2008-04-20 11:32 -------- d-----w- c:\program files\SUPER
2010-05-27 11:21 . 2009-03-03 23:05 7592 ----a-w- c:\users\Susi\AppData\Local\d3d9caps.dat
2010-05-26 17:06 . 2010-06-18 12:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-18 12:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 18:03 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-18 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-18 12:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-18 12:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-18 12:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-18 12:51 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 15:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 13:30 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 13:30 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 13:30 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 13:30 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-03-27 16:43 . 2005-07-04 15:35 4820 ----a-w- c:\program files\audiograbber.ini
2009-03-11 11:03 . 2009-03-11 11:03 11641489 ----a-w- c:\program files\TVersitySetup_1_0_0_11_RC7.exe
2009-03-08 17:21 . 2009-03-08 17:20 3559856 ----a-w- c:\program files\Audiograbber setup.exe
2009-01-22 14:15 . 2009-01-22 14:15 19333112 ----a-w- c:\program files\DivXInstaller7.exe
2008-05-25 14:47 . 2008-02-27 17:00 4151 ----a-w- c:\program files\config.cfg
2005-07-01 10:55 . 2005-07-04 15:35 242915 ----a-w- c:\program files\German.hlp
2005-07-01 10:55 . 2005-07-04 15:35 242915 ----a-w- c:\program files\Audiograbber.hlp
2005-06-23 15:47 . 2005-07-04 15:35 178412 ----a-w- c:\program files\Erste_Schritte.pdf
2005-06-22 12:13 . 2005-07-04 15:35 1865 ----a-w- c:\program files\german.cnt
2005-06-22 12:13 . 2005-07-04 15:35 1865 ----a-w- c:\program files\audiograbber.cnt
2005-06-13 07:41 . 2005-07-04 15:35 1309668 ----a-w- c:\program files\Line-In.pdf
2005-05-16 06:20 . 2005-07-04 15:35 760 ----a-w- c:\program files\audiograbber.apr
2005-04-12 13:00 . 2005-07-04 15:35 386 ----a-w- c:\program files\Auto.Nam
2004-02-09 03:48 . 2005-07-04 15:35 899072 ----a-w- c:\program files\audiograbber.exe
2003-02-09 10:04 . 2005-07-04 15:35 46092 ----a-w- c:\program files\French.lng
2003-02-08 16:56 . 2005-07-04 15:35 44863 ----a-w- c:\program files\German.lng
2002-01-03 20:50 . 2005-07-04 15:35 155648 ----a-w- c:\program files\WMA8Connect.dll
2001-12-20 22:15 . 2005-07-04 15:35 43771 ----a-w- c:\program files\Italian.lng
2001-12-20 13:11 . 2005-07-04 15:35 42533 ----a-w- c:\program files\Spanish.lng
2009-11-28 18:34 . 2009-11-28 18:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-02-08 23:52 . 2008-02-08 23:52 76 --sh--r- c:\windows\CT4CET.bin
2006-05-03 09:06 . 2008-04-20 11:32 163328 --sh--r- c:\windows\System32\flvDX.dll
2009-08-25 12:52 . 2008-02-27 16:41 952 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-04-20 11:32 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 . 2008-04-20 11:32 27648 --sh--w- c:\windows\System32\Smab0.dll
2008-02-09 07:30 . 2008-02-09 07:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 21:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-09 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-28 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe [2008-2-18 794624]
Monitor.lnk - c:\users\Susi\Digi Cam\MCC Monitor.exe [2008-2-19 110592]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
2000-06-14 14:23 20480 ----a-w- c:\windows\wt\wcmdmgrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,f6,9c,ed,40,48,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1315832033-446891078-4000323035-1000]
"EnableNotificationsRef"=dword:00000001
R2 gupdate1c9857387d57acd;Google Update Service (gupdate1c9857387d57acd);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-28 30192]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-09 08:40]
2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:19]
2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:19]
2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{8C35F91D-530D-4CAF-B969-C50C3140E45D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-18 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {056EF094-86AF-492B-8D23-E08D4346922E} = 192.168.2.1
FF - ProfilePath - c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\svna4cdn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
AddRemove-DX-Ball 2 - c:\users\SUSI\SPIELE\DATEIN F_R SPIELE\Uninstal.exe
AddRemove-SuperTux_is1 - c:\users\Susi\Spiele\SuperTux\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-15 18:23
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2010-07-15 18:28:31
ComboFix-quarantined-files.txt 2010-07-15 16:28
Vor Suchlauf: 13 Verzeichnis(se), 25.940.504.576 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 35.319.300.096 Bytes frei
- - End Of File - - 3B081AE3462C47120B80F84EF51C1937
|
|
17.07.2010, 09:38
| #3 |
| | AV-Meldung beim Öffnen von IE - Virus HEUR/HTML Kann mir bitte jemand helfen????
__________________Liebe Grüße Susi  |
|
| Themen zu AV-Meldung beim Öffnen von IE - Virus HEUR/HTML |
| benötigt, brauch, combofix, datei, erstell, euren, explorer, foren, informationen, inter, interne, internet, internet explorer, kopieren, log, log datei, schlau, seite, seiten, sobald, virus, windows |
Hybrid-Darstellung
