| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetexplorer Scriptfehler automatisches starten von AudiodateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.05.2011, 21:19
| #16 |
 |  Internetexplorer Scriptfehler automatisches starten von Audiodateien Hallo Arne, hier sind die Logs von GMR, OSAM und MBR. Grüße, Markus GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-12 22:03:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwtcqpoc.sys
---- System - GMER 1.0.15 ----
SSDT F7AC5836 ZwCreateKey
SSDT F7AC582C ZwCreateThread
SSDT F7AC583B ZwDeleteKey
SSDT F7AC5845 ZwDeleteValueKey
SSDT F7AC584A ZwLoadKey
SSDT F7AC5818 ZwOpenProcess
SSDT F7AC581D ZwOpenThread
SSDT F7AC5854 ZwReplaceKey
SSDT F7AC584F ZwRestoreKey
SSDT F7AC5840 ZwSetValueKey
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEDE50620]
Code F7AC1C9C ZwRequestPort
Code F7AC1D3C ZwRequestWaitReplyPort
Code F7AC1BFC ZwTraceEvent
Code F7AC1C9B NtRequestPort
Code F7AC1D3B NtRequestWaitReplyPort
Code F7AC1BFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF67C0EBF]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 155): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80701000 \WINDOWS\system32\hal.dll 0xF7996000 \WINDOWS\system32\KDCOM.DLL 0xF78A6000 \WINDOWS\system32\BOOTVID.dll 0xF7446000 ACPI.sys 0xF7998000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7435000 pci.sys 0xF7496000 isapnp.sys 0xF74A6000 ohci1394.sys 0xF74B6000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF78AA000 compbatt.sys 0xF78AE000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7A5E000 pciide.sys 0xF7716000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7417000 pcmcia.sys 0xF74C6000 MountMgr.sys 0xF73F8000 ftdisk.sys 0xF799A000 dmload.sys 0xF73D2000 dmio.sys 0xF78B2000 ACPIEC.sys 0xF7A5F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF771E000 PartMgr.sys 0xF74D6000 VolSnap.sys 0xF73BA000 atapi.sys 0xF74E6000 disk.sys 0xF74F6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF739A000 fltmgr.sys 0xF7388000 sr.sys 0xF7372000 DRVMCDB.SYS 0xF7726000 PxHelp20.sys 0xF735B000 KSecDD.sys 0xF72CE000 Ntfs.sys 0xF72A1000 NDIS.sys 0xF7287000 Mup.sys 0xF7676000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7962000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF6981000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF696D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6945000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF67E8000 \SystemRoot\system32\DRIVERS\w39n51.sys 0xF77FE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF67C4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7806000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7686000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF679C000 \SystemRoot\system32\drivers\tifm21.sys 0xF6788000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xF6760000 \SystemRoot\system32\DRIVERS\e100b325.sys 0xF7696000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF780E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF6731000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF79C2000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7816000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF76A6000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF79C4000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xF76B6000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76C6000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF670E000 \SystemRoot\system32\DRIVERS\ks.sys 0xF79C6000 \SystemRoot\System32\Drivers\x10hid.sys 0xF76D6000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0xF781E000 \SystemRoot\System32\Drivers\HIDPARSE.SYS 0xF7BB4000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7596000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF797A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF66F7000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF75A6000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF75B6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7896000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF66E6000 \SystemRoot\system32\DRIVERS\psched.sys 0xF75C6000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF789E000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7736000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF66B6000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF75D6000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79D0000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF6658000 \SystemRoot\system32\DRIVERS\update.sys 0xF7263000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF79D4000 \SystemRoot\system32\DRIVERS\NBSMI.sys 0xF725B000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF75E6000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xEE163000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xEE13F000 \SystemRoot\system32\drivers\portcls.sys 0xF7616000 \SystemRoot\system32\drivers\drmk.sys 0xF7626000 \SystemRoot\system32\DRIVERS\Tvs.sys 0xF775E000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys 0xF776E000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys 0xF7636000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys 0xEE02C000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0xF777E000 \SystemRoot\System32\Drivers\Modem.SYS 0xF76F6000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A18000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7ABA000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A1A000 \SystemRoot\System32\Drivers\Beep.SYS 0xF77CE000 \SystemRoot\System32\Drivers\DLARTL_N.SYS 0xF77D6000 \SystemRoot\System32\drivers\vga.sys 0xF7A1C000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF65B4000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xEDFD1000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xEDF78000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xEDF50000 \SystemRoot\system32\DRIVERS\netbt.sys 0xEDF2A000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xEDF08000 \SystemRoot\System32\drivers\afd.sys 0xF7526000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF7536000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF77EE000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xEDE46000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 0xF7546000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF77F6000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 0xEDE1B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xEDD83000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF7556000 \SystemRoot\System32\Drivers\Fips.SYS 0xEDD5D000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7A22000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xF7586000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF6B18000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF6B14000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xEDD45000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7A24000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xEE01C000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7836000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B01000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF46A000 \SystemRoot\System32\ATMFD.DLL 0xEBBF0000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xEDEA8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xF7B51000 \SystemRoot\System32\DLA\DLADResN.SYS 0xEBBB2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xEBC61000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xF7A56000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xF7866000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0xEBB9A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0xEBB84000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0xEBA4B000 \??\C:\Programme\Sandboxie\SbieDrv.sys 0xF7886000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xEBB78000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xEBAB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xEBAB0000 \SystemRoot\system32\DRIVERS\netdevio.sys 0xEB7EE000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xEB5F5000 \SystemRoot\System32\Drivers\HTTP.sys 0xEB575000 \SystemRoot\system32\DRIVERS\srv.sys 0xF7756000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xF6C2F000 \SystemRoot\system32\drivers\wdmaud.sys 0xEB485000 \SystemRoot\system32\drivers\sysaudio.sys 0xBFF50000 \SystemRoot\System32\TSDDD.dll 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF055000 \SystemRoot\System32\ati2cqag.dll 0xBF094000 \SystemRoot\System32\atikvmag.dll 0xBF0CA000 \SystemRoot\System32\ati3duag.dll 0xBF355000 \SystemRoot\System32\ativvaxx.dll 0xB760F000 \??\C:\DOKUME~1\Markus\LOKALE~1\Temp\kwtcqpoc.sys 0xB7569000 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 94): 0 System Idle Process 4 System 796 C:\WINDOWS\system32\smss.exe 844 csrss.exe 876 C:\WINDOWS\system32\winlogon.exe 924 C:\WINDOWS\system32\services.exe 936 C:\WINDOWS\system32\lsass.exe 1140 C:\WINDOWS\system32\ati2evxx.exe 1156 C:\WINDOWS\system32\svchost.exe 1236 svchost.exe 1276 C:\Programme\Sandboxie\SbieSvc.exe 1296 C:\WINDOWS\system32\svchost.exe 1384 C:\Programme\Intel\Wireless\Bin\EvtEng.exe 1416 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 1456 svchost.exe 1636 svchost.exe 1936 C:\WINDOWS\system32\spoolsv.exe 1996 C:\Programme\Avira\AntiVir Desktop\sched.exe 188 svchost.exe 580 C:\Programme\Avira\AntiVir Desktop\avguard.exe 672 C:\Programme\Toshiba\ConfigFree\CFSvcs.exe 772 C:\WINDOWS\ehome\ehrecvr.exe 816 C:\WINDOWS\ehome\ehSched.exe 1516 C:\Programme\Java\jre6\bin\jqs.exe 1712 C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe 1732 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 244 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 372 svchost.exe 488 C:\WINDOWS\system32\svchost.exe 1056 C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe 704 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 840 mcrdsvc.exe 3456 C:\WINDOWS\system32\dllhost.exe 3732 C:\WINDOWS\system32\ati2evxx.exe 3852 explorer.exe 3992 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2084 alg.exe 3624 ehtray.exe 3652 CLI.exe 3356 ehmsas.exe 1324 SynTPEnh.exe 3788 THotkey.exe 3888 SmoothView.exe 4004 Toshiba.exe 3860 TvsTray.exe 4064 DLACTRLW.EXE 3808 ZCfgSvc.exe 2428 iFrmewrk.exe 2484 avgnt.exe 1772 LWS.exe 600 ctfmon.exe 2748 TOSCDSPD.exe 2904 psi_tray.exe 276 COCIManager.exe 3968 Dot1XCfg.exe 644 CLI.exe 620 CLI.exe 1260 SbieCtrl.exe 3628 SUPERAntiSpyware.exe 3288 igfxsrvc.exe 3576 csrss.exe 3744 C:\WINDOWS\system32\winlogon.exe 520 C:\WINDOWS\system32\ati2evxx.exe 1904 C:\WINDOWS\explorer.exe 1788 C:\WINDOWS\ehome\ehtray.exe 1792 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe 2652 C:\Programme\Synaptics\SynTP\SynTPEnh.exe 324 C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe 1952 C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe 3096 C:\Programme\Toshiba\Tvs\TvsTray.exe 1892 C:\WINDOWS\system32\DLA\DLACTRLW.EXE 2676 C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe 784 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe 2476 C:\Programme\Synaptics\SynTP\Toshiba.exe 2716 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 3712 C:\WINDOWS\ehome\ehmsas.exe 3536 C:\Programme\Logitech\Logitech WebCam Software\LWS.exe 2840 C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe 3044 C:\WINDOWS\system32\wuauclt.exe 728 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe 3208 C:\Programme\Logitech\Logitech Vid\Vid.exe 536 C:\Programme\Sandboxie\SbieCtrl.exe 2936 C:\Programme\Secunia\PSI\psi_tray.exe 5748 C:\Programme\Gemeinsame Dateien\logishrd\LQCVFX\COCIManager.exe 5868 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe 4892 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe 3048 C:\Programme\Sandboxie\SandboxieRpcSs.exe 2896 C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe 1224 C:\Programme\Sandboxie\SandboxieDcomLaunch.exe 5524 C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe 5848 C:\Programme\Sandboxie\SandboxieCrypto.exe 3144 C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe 4312 C:\WINDOWS\system32\igfxsrvc.exe 3184 C:\Dokumente und Einstellungen\Markus\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS021G Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done! OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:10:01 on 12.05.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.2180 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - ? - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "HWSETUP.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\HWSETUP.cpl "inetcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcpl.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl "TOSCDSPD.cpl" - ? - C:\WINDOWS\system32\TOSCDSPD.cpl (File found, but it contains no detailed information) "TPwrSave.cpl" - "TOSHIBA Corporation" - C:\WINDOWS\system32\TPwrSave.cpl "xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Desktop Search" - ? - C:\Programme\Windows Desktop Search\ControlPanel.cpl (File found, but it contains no detailed information) "Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl "ToshSrv" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Bluetooth ACPI from TOSHIBA" (tosrfec) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosrfec.sys "catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS "DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS "DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kwtcqpoc" (kwtcqpoc) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\kwtcqpoc.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieDrv.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Toshiba Mobile PC Service" (TVALD) - "Toshiba Corporation" - C:\WINDOWS\System32\DRIVERS\NBSMI.sys "TOSHIBA Network Device Usermode I/O Protocol" (Netdevio) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\netdevio.sys "TOSHIBA Virtual Sound with SRS technologies" (Tvs) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\Tvs.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP {89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer 6" - "Microsoft Corporation" - %SystemRoot%\system32\ie4uinit.exe KB910393 "KB910393" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP {6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub {44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe {5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {88C6C381-2E85-11D0-94DE-444553540000} "ActiveX-Cacheordner" - "Microsoft Corporation" - C:\WINDOWS\system32\occache.dll {7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll {D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe {E91B2703-013E-4A99-AD33-2B6FB00AA356} "RecordNow! ContextMenuExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll {DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll {F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {97090E2F-3062-4459-855B-014F0D3CDBB1} "Windows Deskbar" - ? - (File not found | COM-object registry key not found) {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {D426CFD0-87FC-4906-98D9-A23F5D515D61} "Windows Desktop Search Outlook Express SearchProtocol Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\OEPH.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.5.0_04" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {2F85D76C-0569-466F-A488-493E6BD0E955} "dsWebAllowBHO Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\dsWebAllow.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Logitech Vid" - "Logitech Inc." - "C:\Programme\Logitech\Logitech Vid\vid.exe" -bootmode "SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Programme\Sandboxie\SbieCtrl.exe" "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe "TOSCDSPD" - "TOSHIBA" - C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ATICCC" - "ATI Technologies Inc." - "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide "SmoothView" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "THotkey" - "TOSHIBA" - C:\Programme\Toshiba\Toshiba Applet\thotkey.exe "Tvs" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\Tvs\TvsTray.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieSvc.exe "TOSHIBA Application Service" (TAPPSRV) - "TOSHIBA Corp." - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer-Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer-Zonenzuordnung" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
13.05.2011, 15:50
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internetexplorer Scriptfehler automatisches starten von Audiodateien Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
__________________Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
|
14.05.2011, 17:50
| #18 |
| | Internetexplorer Scriptfehler automatisches starten von Audiodateien Hallo Arne,
__________________Malwarebytes und SuperAnti finden nix mehr. Ich danke Dir sehr, dass du dir soviel Mühe gegeben hast. Ohne eure Hilfe hätte ich die Rootkits nicht entfernen können. Ihr liefert hier eine echt professionelle Arbeit ab. Weiter so! Grüße Markus |
|
14.05.2011, 17:55
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetexplorer Scriptfehler automatisches starten von Audiodateien Dann sollten wir durch sein!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Internetexplorer Scriptfehler automatisches starten von Audiodateien |
| beste, besten, besuch, eingefangen, explorer, fehler, folge, folgendes, forum, gen, google, infiziert, interne, internetexplorer, internetseite, meldungen, neustarten, nicht mehr, programme, recovery, seite, spiele, spielen, starten, windows, öffnen |
Linear-Darstellung
