| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.08.2010, 14:34
| #16 |
 |  Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Here it is: Code:
ATTFilter ComboFix 10-08-06.03 - Thomas 07.08.2010 15:18:37.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3003.1999 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\system32\Temp
c:\windows\system32\Temp\zup\Comct332.ocx
c:\windows\system32\Thumbs.db
G:\Autorun.inf
Infizierte Kopie von c:\windows\system32\DRIVERS\DMICall.sys wurde gefunden und desinfiziert
Kopie von - Kitty ate it :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-07 bis 2010-08-07 ))))))))))))))))))))))))))))))
.
2010-08-07 13:26 . 2010-08-07 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-07 13:26 . 2010-08-07 13:28 -------- d-----w- c:\users\Thomas\AppData\Local\temp
2010-08-07 12:55 . 2010-08-07 12:55 -------- d-----w- C:\_OTL
2010-08-06 15:34 . 2010-07-21 17:50 81920 ----a-w- c:\windows\system32\remover.exe
2010-08-06 15:23 . 2010-08-05 19:59 80384 ----a-w- c:\windows\system32\MBRCheck.exe
2010-08-05 22:04 . 2010-08-05 22:04 -------- d-----w- c:\program files\CCleaner
2010-08-05 22:01 . 2010-08-05 22:01 -------- d-----w- c:\users\Thomas\AppData\Local\Diagnostics
2010-08-05 20:08 . 2010-08-07 10:20 63488 ----a-w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 20:08 . 2010-08-05 20:08 52224 ----a-w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-05 20:08 . 2010-08-07 10:20 117760 ----a-w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-05 20:08 . 2010-08-05 20:08 -------- d-----w- c:\users\Thomas\AppData\Roaming\SUPERAntiSpyware.com
2010-08-05 20:08 . 2010-08-05 20:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-05 20:08 . 2010-08-05 20:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-04 21:12 . 2010-08-04 21:12 -------- d-----w- c:\program files\ESET
2010-08-04 20:57 . 2010-08-04 20:57 10216 ----a-w- c:\windows\system32\drivers\whvfuace.sys
2010-08-04 20:56 . 2010-08-04 20:56 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes
2010-08-04 20:56 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 20:56 . 2010-08-04 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 20:56 . 2010-08-04 20:56 -------- d-----w- c:\programdata\Malwarebytes
2010-08-04 20:56 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 20:45 . 2010-08-04 20:59 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-04 16:07 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-29 15:37 . 2010-07-29 15:37 -------- d-----w- c:\users\Thomas\AppData\Roaming\Foxit Software
2010-07-26 18:22 . 2010-08-03 19:39 -------- d-----w- c:\program files\Ask.com
2010-07-26 18:21 . 2010-07-26 18:21 -------- d-----w- c:\program files\Foxit Software
2010-07-22 18:52 . 2010-06-20 02:21 214016 ----a-w- c:\users\Thomas\AppData\Roaming\Thunderbird\Profiles\mwdflitn.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 13:25 . 2009-07-14 08:47 700836 ----a-w- c:\windows\system32\perfh007.dat
2010-08-07 13:25 . 2009-07-14 08:47 149920 ----a-w- c:\windows\system32\perfc007.dat
2010-08-07 11:09 . 2010-03-13 12:54 71323 ----a-w- c:\users\Thomas\AppData\Roaming\Thunderbird\Profiles\mwdflitn.default\Mail\RSS-News & Weblogs\xkcd.com
2010-08-07 11:05 . 2009-12-16 10:20 -------- d-----w- c:\users\Thomas\AppData\Roaming\vlc
2010-08-05 21:34 . 2008-11-04 18:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-05 19:13 . 2008-11-11 16:26 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent
2010-08-04 21:31 . 2009-02-24 19:29 -------- d-----w- c:\program files\PPStream
2010-08-04 20:11 . 2008-12-09 16:58 -------- d-----w- c:\program files\Steam
2010-08-04 16:07 . 2008-09-01 11:11 -------- d-----w- c:\program files\Java
2010-08-03 19:39 . 2008-10-03 06:03 -------- d-----w- c:\program files\Google BAE
2010-08-01 17:57 . 2008-12-13 01:28 -------- d-----w- c:\users\Thomas\AppData\Roaming\dvdcss
2010-07-14 15:48 . 2010-05-04 03:37 -------- d-----w- c:\users\Thomas\AppData\Roaming\Qofib
2010-07-02 16:09 . 2008-09-01 11:10 -------- d-----w- c:\programdata\FLEXnet
2010-06-16 17:02 . 2009-06-26 20:02 -------- d-----r- c:\program files\iLove
2010-05-27 07:24 . 2010-06-11 06:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 06:13 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 15:50 . 2010-06-11 09:37 73216 ----a-w- c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-21 12:14 . 2009-10-03 09:11 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-11 06:13 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-14 20:53 . 2009-02-25 22:05 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-14 20:53 . 2009-02-25 22:05 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-06-06 122880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6295552]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-03 24576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-02 151064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-22 13797920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-21 768552]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-1-4 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 722288]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2008-06-26 22944]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-23 104992]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-04-01 9344]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2008-04-01 14720]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{3BDC22CA-F1E2-47F9-BD4B0368F8B265BB}
.
Inhalt des "geplante Tasks" Ordners
2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:12]
2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Thomas\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll
FF - plugin: c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Thomas\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(3488)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-07 15:32:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-07 13:32
Vor Suchlauf: 6.210.265.088 Bytes frei
Nach Suchlauf: 5.977.825.280 Bytes frei
- - End Of File - - AC58BB2823FAA791BE1AA4A2BA57FE27
Soll ich auch probieren, ob Windows Updates wieder funktionieren? |
|
07.08.2010, 14:54
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________
__________________ |
|
07.08.2010, 16:02
| #18 |
| | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Gmer hab ich gemacht, OSAM folgt:
__________________Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-07 17:00:23
Windows 6.1.7600
Running: 6bxsmonm.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwryipoc.sys
---- System - GMER 1.0.15 ----
SSDT 979B39B4 ZwCreateThread
SSDT 979B39A0 ZwOpenProcess
SSDT 979B39A5 ZwOpenThread
SSDT 979B39AF ZwTerminateProcess
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83015634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83015898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 830B985C 4 Bytes [B4, 39, 9B, 97] {MOV AH, 0x39; WAIT ; XCHG EDI, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 830B99F8 4 Bytes [A0, 39, 9B, 97]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 830B9A18 4 Bytes [A5, 39, 9B, 97]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 830B9CC8 4 Bytes [AF, 39, 9B, 97]
.text peauth.sys B0023C9D 28 Bytes [C4, 89, 97, 27, 45, 88, B5, ...]
.text peauth.sys B0023CC1 28 Bytes [C4, 89, 97, 27, 45, 88, B5, ...]
PAGE peauth.sys B0029B9B 72 Bytes [09, 1F, 88, BD, 8F, DD, 4B, ...]
PAGE peauth.sys B0029BEC 111 Bytes [D9, 4B, 9A, C4, 7E, 72, E1, ...]
PAGE peauth.sys B0029E20 101 Bytes [C9, 88, 2B, 75, 4A, 73, 62, ...]
PAGE ...
? C:\Users\Thomas\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74612494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [745F5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [745F56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [7461250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74608573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74604D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [746050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [746051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74608819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7460907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7460E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3488] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74604C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f5015db
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214f5015db (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Thomas |
|
07.08.2010, 16:21
| #19 |
| | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:04:51 on 07.08.2010 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Thomas\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "mbr" (mbr) - ? - C:\Users\Thomas\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "uwryipoc" (uwryipoc) - ? - C:\Users\Thomas\AppData\Local\Temp\uwryipoc.sys (Hidden registry entry, rootkit activity | File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "MarketingTools" - "Sony Corporation" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "BJ Language Monitor3_2" - "CANON INC." - C:\Windows\system32\CNBLM3_2.DLL "PCL hpz3llhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3llhn.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Realtek Audio Service" (RtkAudioService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
07.08.2010, 16:36
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.08.2010, 18:31
| #21 |
| | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exeCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4402
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
07.08.2010 19:30:22
mbam-log-2010-08-07 (19-30-22).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|H:\|)
Durchsuchte Objekte: 325058
Laufzeit: 1 Stunde(n), 49 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
08.08.2010, 01:32
| #22 |
| | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exeCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/07/2010 at 10:32 PM
Application Version : 4.41.1000
Core Rules Database Version : 5331
Trace Rules Database Version: 3143
Scan type : Complete Scan
Total Scan Time : 02:58:22
Memory items scanned : 508
Memory threats detected : 0
Registry items scanned : 9795
Registry threats detected : 0
File items scanned : 178842
File threats detected : 5
Adware.Tracking Cookie
statse.webtrendslive.com [ C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\cookies.sqlite ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.topdaofinder[2].txt
|
|
08.08.2010, 11:24
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.08.2010, 11:28
| #24 |
| | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Keine weiteren Funde, und bisher auch keine obskuren Browserfenster ;-) Windowsupdate hat gestern 3 von 4 Updates gemacht, das 4. Update lässt sich jetzt aber wieder nicht mehr machen. Firefox Update geht auch nicht, weder automatisch noch manuell. Fragt immer, ob man als aktueller Benutzer oder als Administrator fortfahren will, wenn ich als normaler Benutzer fortfahre passiert genau nichts. Danke schonmal für die Mühe, Thomas |
|
08.08.2010, 11:35
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Firefox musst Du mal über Rechtsklick => als Administrator ausführen starten und dann das Update machen. Notfalls eben ganz manuell über ein aktuelles Setupfile von mozilla.com hier noch mein Leitfaden zu den Updates: Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.08.2010, 17:25
| #26 |
| | Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe Windows Update versuche ich wie oben beschrieben. Wie gesagt, 3 der 4 Updates konnte er jetzt einspielen, das 4. nicht. Ist allerdings ein optionales Update, also erstmal nicht kritisch... Wenn ich versuche das Update zu installieren bekomme ich die Fehlermeldung Code 8020000E: Unbekannter Fehler bei Windows Update. Nicht sehr hilfreich die Fehlermeldung ;-) Ich habe das Update jetzt manuell heruntergeladen und installiert. Bin mal gespannt, ob ich die nächsten (wichtigen?) Updates direkt installieren kann... Also, Danke nochmal für die Hilfe und hoffentlich nicht bis bald :-) |
|
| Themen zu Sich oeffnende Browserfenster, kein Windowsupdate, sdra64.exe |
| .com, 0x00000001, ad.ad-srv, ad.yieldmanager, adfarm, antivir, antivir guard, ask toolbar, ask.com, avira, bho, black, black internet, cdburnerxp, codes, computer, continue, desktop, error, firefox, flash player, google, internet, internet explorer, local\temp, logfile, mozilla, mozilla thunderbird, plug-in, programm, realtek, registry, software, system, trojan.agent.u, trojaner, trojaner gefunden, updates, virus, whistler, windows, windows updates, write |
Linear-Darstellung
