|
Plagegeister aller Art und deren Bekämpfung: Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2010, 14:34 | #16 |
| Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Here it is: Code:
ATTFilter ComboFix 10-08-06.03 - Thomas 07.08.2010 15:18:37.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3003.1999 [GMT 2:00] ausgeführt von:: c:\users\Thomas\Desktop\cofi.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\windows\system32\Temp c:\windows\system32\Temp\zup\Comct332.ocx c:\windows\system32\Thumbs.db G:\Autorun.inf Infizierte Kopie von c:\windows\system32\DRIVERS\DMICall.sys wurde gefunden und desinfiziert Kopie von - Kitty ate it :p wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2010-07-07 bis 2010-08-07 )))))))))))))))))))))))))))))) . 2010-08-07 13:26 . 2010-08-07 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-07 13:26 . 2010-08-07 13:28 -------- d-----w- c:\users\Thomas\AppData\Local\temp 2010-08-07 12:55 . 2010-08-07 12:55 -------- d-----w- C:\_OTL 2010-08-06 15:34 . 2010-07-21 17:50 81920 ----a-w- c:\windows\system32\remover.exe 2010-08-06 15:23 . 2010-08-05 19:59 80384 ----a-w- c:\windows\system32\MBRCheck.exe 2010-08-05 22:04 . 2010-08-05 22:04 -------- d-----w- c:\program files\CCleaner 2010-08-05 22:01 . 2010-08-05 22:01 -------- d-----w- c:\users\Thomas\AppData\Local\Diagnostics 2010-08-05 20:08 . 2010-08-07 10:20 63488 ----a-w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-08-05 20:08 . 2010-08-05 20:08 52224 ----a-w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-08-05 20:08 . 2010-08-07 10:20 117760 ----a-w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-08-05 20:08 . 2010-08-05 20:08 -------- d-----w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com 2010-08-05 20:08 . 2010-08-05 20:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-08-05 20:08 . 2010-08-05 20:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-08-04 21:12 . 2010-08-04 21:12 -------- d-----w- c:\program files\ESET 2010-08-04 20:57 . 2010-08-04 20:57 10216 ----a-w- c:\windows\system32\drivers\whvfuace.sys 2010-08-04 20:56 . 2010-08-04 20:56 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes 2010-08-04 20:56 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-04 20:56 . 2010-08-04 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-04 20:56 . 2010-08-04 20:56 -------- d-----w- c:\programdata\Malwarebytes 2010-08-04 20:56 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-04 20:45 . 2010-08-04 20:59 -------- d-----w- c:\windows\system32\MpEngineStore 2010-08-04 16:07 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-29 15:37 . 2010-07-29 15:37 -------- d-----w- c:\users\Thomas\AppData\Roaming\Foxit Software 2010-07-26 18:22 . 2010-08-03 19:39 -------- d-----w- c:\program files\Ask.com 2010-07-26 18:21 . 2010-07-26 18:21 -------- d-----w- c:\program files\Foxit Software 2010-07-22 18:52 . 2010-06-20 02:21 214016 ----a-w- c:\users\Thomas\AppData\Roaming\Thunderbird\Profiles\mwdflitn.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-07 13:25 . 2009-07-14 08:47 700836 ----a-w- c:\windows\system32\perfh007.dat 2010-08-07 13:25 . 2009-07-14 08:47 149920 ----a-w- c:\windows\system32\perfc007.dat 2010-08-07 11:09 . 2010-03-13 12:54 71323 ----a-w- c:\users\Thomas\AppData\Roaming\Thunderbird\Profiles\mwdflitn.default\Mail\RSS-News & Weblogs\xkcd.com 2010-08-07 11:05 . 2009-12-16 10:20 -------- d-----w- c:\users\Thomas\AppData\Roaming\vlc 2010-08-05 21:34 . 2008-11-04 18:38 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-08-05 19:13 . 2008-11-11 16:26 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent 2010-08-04 21:31 . 2009-02-24 19:29 -------- d-----w- c:\program files\PPStream 2010-08-04 20:11 . 2008-12-09 16:58 -------- d-----w- c:\program files\Steam 2010-08-04 16:07 . 2008-09-01 11:11 -------- d-----w- c:\program files\Java 2010-08-03 19:39 . 2008-10-03 06:03 -------- d-----w- c:\program files\Google BAE 2010-08-01 17:57 . 2008-12-13 01:28 -------- d-----w- c:\users\Thomas\AppData\Roaming\dvdcss 2010-07-14 15:48 . 2010-05-04 03:37 -------- d-----w- c:\users\Thomas\AppData\Roaming\Qofib 2010-07-02 16:09 . 2008-09-01 11:10 -------- d-----w- c:\programdata\FLEXnet 2010-06-16 17:02 . 2009-06-26 20:02 -------- d-----r- c:\program files\iLove 2010-05-27 07:24 . 2010-06-11 06:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-11 06:13 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-23 15:50 . 2010-06-11 09:37 73216 ----a-w- c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll 2010-05-21 12:14 . 2009-10-03 09:11 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18 . 2010-06-11 06:13 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-14 20:53 . 2009-02-25 22:05 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-05-14 20:53 . 2009-02-25 22:05 214720 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-06-06 122880] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6295552] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-03 24576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-02 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-02 151064] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-22 13797920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-21 768552] VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-1-4 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 135664] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 722288] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2008-06-26 22944] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-23 104992] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488] S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-04-01 9344] S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2008-04-01 14720] S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs {3BDC22CA-F1E2-47F9-BD4B0368F8B265BB} . Inhalt des "geplante Tasks" Ordners 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:12] 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:12] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.com IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll FF - component: c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - component: c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\users\Thomas\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll FF - plugin: c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\users\Thomas\AppData\Roaming\Mozilla\plugins\npoctoshape.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - SafeBoot-dmboot.sys SafeBoot-dmio.sys SafeBoot-dmload.sys SafeBoot-dmadmin SafeBoot-dmserver SafeBoot-SRService . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(3488) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\program files\WinSCP\DragExt.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\windows\System32\rundll32.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Apoint\Apntex.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Zeit der Fertigstellung: 2010-08-07 15:32:40 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-08-07 13:32 Vor Suchlauf: 6.210.265.088 Bytes frei Nach Suchlauf: 5.977.825.280 Bytes frei - - End Of File - - AC58BB2823FAA791BE1AA4A2BA57FE27 Soll ich auch probieren, ob Windows Updates wieder funktionieren? |
07.08.2010, 14:54 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________
__________________ |
07.08.2010, 16:02 | #18 |
| Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Gmer hab ich gemacht, OSAM folgt:
__________________Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-08-07 17:00:23 Windows 6.1.7600 Running: 6bxsmonm.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwryipoc.sys ---- System - GMER 1.0.15 ---- SSDT 979B39B4 ZwCreateThread SSDT 979B39A0 ZwOpenProcess SSDT 979B39A5 ZwOpenThread SSDT 979B39AF ZwTerminateProcess INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302DAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83015634 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83015898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302DF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308D599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 34C 830B985C 4 Bytes [B4, 39, 9B, 97] {MOV AH, 0x39; WAIT ; XCHG EDI, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 830B99F8 4 Bytes [A0, 39, 9B, 97] .text ntkrnlpa.exe!RtlSidHashLookup + 508 830B9A18 4 Bytes [A5, 39, 9B, 97] .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 830B9CC8 4 Bytes [AF, 39, 9B, 97] .text peauth.sys B0023C9D 28 Bytes [C4, 89, 97, 27, 45, 88, B5, ...] .text peauth.sys B0023CC1 28 Bytes [C4, 89, 97, 27, 45, 88, B5, ...] PAGE peauth.sys B0029B9B 72 Bytes [09, 1F, 88, BD, 8F, DD, 4B, ...] PAGE peauth.sys B0029BEC 111 Bytes [D9, 4B, 9A, C4, 7E, 72, E1, ...] PAGE peauth.sys B0029E20 101 Bytes [C9, 88, 2B, 75, 4A, 73, 62, ...] PAGE ... ? C:\Users\Thomas\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74612494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [745F5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [745F56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [7461250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74608573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74604D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [746050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [746051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74608819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7460907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7460E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74604C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f5015db Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214f5015db (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Thomas |
07.08.2010, 16:21 | #19 |
| Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:04:51 on 07.08.2010 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Thomas\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "mbr" (mbr) - ? - C:\Users\Thomas\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "uwryipoc" (uwryipoc) - ? - C:\Users\Thomas\AppData\Local\Temp\uwryipoc.sys (Hidden registry entry, rootkit activity | File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "MarketingTools" - "Sony Corporation" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "BJ Language Monitor3_2" - "CANON INC." - C:\Windows\system32\CNBLM3_2.DLL "PCL hpz3llhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3llhn.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Realtek Audio Service" (RtkAudioService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
07.08.2010, 16:36 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.08.2010, 18:31 | #21 |
| Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exeCode:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4402 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 07.08.2010 19:30:22 mbam-log-2010-08-07 (19-30-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|H:\|) Durchsuchte Objekte: 325058 Laufzeit: 1 Stunde(n), 49 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
08.08.2010, 01:32 | #22 |
| Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exeCode:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 08/07/2010 at 10:32 PM Application Version : 4.41.1000 Core Rules Database Version : 5331 Trace Rules Database Version: 3143 Scan type : Complete Scan Total Scan Time : 02:58:22 Memory items scanned : 508 Memory threats detected : 0 Registry items scanned : 9795 Registry threats detected : 0 File items scanned : 178842 File threats detected : 5 Adware.Tracking Cookie statse.webtrendslive.com [ C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\cookies.sqlite ] .doubleclick.net [ C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\cookies.sqlite ] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.topdaofinder[2].txt |
08.08.2010, 11:24 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
08.08.2010, 11:28 | #24 |
| Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Keine weiteren Funde, und bisher auch keine obskuren Browserfenster ;-) Windowsupdate hat gestern 3 von 4 Updates gemacht, das 4. Update lässt sich jetzt aber wieder nicht mehr machen. Firefox Update geht auch nicht, weder automatisch noch manuell. Fragt immer, ob man als aktueller Benutzer oder als Administrator fortfahren will, wenn ich als normaler Benutzer fortfahre passiert genau nichts. Danke schonmal für die Mühe, Thomas |
08.08.2010, 11:35 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Firefox musst Du mal über Rechtsklick => als Administrator ausführen starten und dann das Update machen. Notfalls eben ganz manuell über ein aktuelles Setupfile von mozilla.com hier noch mein Leitfaden zu den Updates: Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.08.2010, 17:25 | #26 |
| Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Windows Update versuche ich wie oben beschrieben. Wie gesagt, 3 der 4 Updates konnte er jetzt einspielen, das 4. nicht. Ist allerdings ein optionales Update, also erstmal nicht kritisch... Wenn ich versuche das Update zu installieren bekomme ich die Fehlermeldung Code 8020000E: Unbekannter Fehler bei Windows Update. Nicht sehr hilfreich die Fehlermeldung ;-) Ich habe das Update jetzt manuell heruntergeladen und installiert. Bin mal gespannt, ob ich die nächsten (wichtigen?) Updates direkt installieren kann... Also, Danke nochmal für die Hilfe und hoffentlich nicht bis bald :-) |
Themen zu Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe |
.com, 0x00000001, ad.ad-srv, ad.yieldmanager, adfarm, antivir, antivir guard, ask toolbar, ask.com, avira, bho, black, black internet, cdburnerxp, codes, computer, continue, desktop, error, firefox, flash player, google, internet, internet explorer, local\temp, logfile, mozilla, mozilla thunderbird, plug-in, programm, realtek, registry, rojaner gefunden, software, system, trojan.agent.u, trojaner, trojaner gefunden, updates, virus, whistler, windows, windows updates, write |