Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: hidden data, veränderte iexplore.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.06.2008, 20:59   #1
permeator
 
hidden data, veränderte iexplore.exe - Standard

hidden data, veränderte iexplore.exe



Hallo,
mein Rechner fährt seit einiger Zeit manchmal, wenn ich den Internet Explorer (, so hätte ich es beobachtet) geöffnet habe, ohne Vorankündigung runter.
Ich hatte im April folgende Meldungen von Kaspersky Internet Security 7.0:
"Prozess C:\Programme\Internet Explorer\iexplore.exe, gefunden: potentiell gefährliche Software 'Hidden data sending' (Modifikation)." und mehrfach die Meldung die iexplore.exe wurde verändert.
Kann dafür ein Schädling verantwortlich sein?
Vielleicht kann mir jemand erklären, wie ich mit den Veränderungen von der iexplore.exe umgehen muß. Ich habe beim Suchen im Netz auch gelesen, daß könne auch mit einem Windowsupdate passieren?

Vielen Dank für Eure Bemühungen im Voraus! Ich bin auf diesem Gebiet mit einer gewissen Ahnungslosigkeit geschlagen!

Es folgt der HijackThis Log-File und das Ergebnis des Silentrunners:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:57, on 22.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Progra~1\TBridge\Flatbed.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\anvshell.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Programme\TEXTware\BOOKcase40\BC40CASE.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\Progra~1\TBridge\Flatbed.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-73586283-920026266-1060284298-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gast')
O4 - HKUS\S-1-5-21-73586283-920026266-1060284298-501\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background (User 'Gast')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [HP CLJ2550 Install] E:\hpinst.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [HP CLJ2550 Install] E:\hpinst.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: BOOKcase 4.0.lnk = C:\Programme\TEXTware\BOOKcase40\BC40CASE.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8792 bytes





"Silent Runners.vbs", revision 58, h**p://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"AdobeUpdater" = "C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Programme\ahead\InCD\InCD.exe" ["Copyright (C) ahead software gmbh and its licensors"]
"IntelliType" = ""C:\Programme\Microsoft Hardware\Keyboard\type32.exe"" [MS]
"POINTER" = "point32.exe" [MS]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"anvshell" = "anvshell.exe" ["AsusTeK Computer Inc."]
"DataLayer" = "C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE" [empty string]
"StatusClient 2.6" = "C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto" ["Hewlett-Packard"]
"TomcatStartup 2.5" = "C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe" ["Hewlett-Packard"]
"HP Software Update" = ""C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe"" ["Adobe Systems Incorporated"]
"AVMWlanClient" = "C:\Programme\avmwlanstick\wlangui.exe" ["AVM Berlin"]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"Adobe Reader Speed Launcher" = ""C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"AVP" = ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"Start" = dword:0x00000000

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für Web-Anti-Virus"
-> {HKLM...CLSID} = "Statistik für Web-Anti-Virus"
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" = "Eudora's Shell Extension"
-> {HKLM...CLSID} = "Eudora's Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Qualcomm\Eudora\EuShlExt.dll" ["Qualcomm Inc."]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\s* alias Püppi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePhotoshopElements5ShowPicturesOnArrival\
"Provider" = "Adobe Photoshop Elements 5.0"
"InvokeProgID" = "PhotoshopElements.Application.5"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\PhotoshopElements.Application.5\shell\launch\command\(Default) = ""C:\Programme\Adobe\Photoshop Elements 5.0\PseProxy.exe" -v "%1"" ["Adobe Systems Incorporated"]

CanonZB4PicturesOnArrival\
"Provider" = "Canon ZoomBrowser EX"
"InvokeProgID" = "Zb.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Programme\Canon\ZoomBrowser EX MCU\MCULauncher.exe" [null data]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Programme\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Computer, Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Programme\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Computer, Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Programme\iTunes\iTunes.exe" /playCD "%L"" ["Apple Computer, Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Programme\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Computer, Inc."]


Startup items in "s* alias p*" & "All Users" startup folders:
--------------------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Acrobat Assistant" -> shortcut to: "C:\Programme\Adobe\Acrobat 4.0\Distillr\AcroTray.exe" [null data]
"BOOKcase 4.0" -> shortcut to: "C:\Programme\TEXTware\BOOKcase40\BC40CASE.exe" ["Company"]
"BTTray" -> shortcut to: "C:\Programme\Sitecom\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"OnlineControl" -> shortcut to: "C:\Programme\OnlineControl\ocontrol.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für Web-Anti-Virus"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistik für Web-Anti-Virus"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AAV UpdateService, AAV UpdateService, "C:\Programme\Gemeinsame Dateien\AAV\aavus.exe" [null data]
Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, "C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe" [null data]
ASUS Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
AVM WLAN Connection Service, AVM WLAN Connection Service, "C:\Programme\avmwlanstick\WlanNetService.exe" ["AVM Berlin"]
Bluetooth Service, btwdins, "C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Canon Camera Access Library 8, CCALib8, "C:\Programme\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Kaspersky Internet Security 7.0, AVP, ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Bluetooth-Druckeranschluss\Driver = "bthcrp.dll" ["WIDCOMM, Inc."]
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
PDF Port\Driver = "C:\WINDOWS\System32\pdfports.dll" [null data]


---------- (launch time: 2008-06-22 20:38:00)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 66 seconds, including 5 seconds for message boxes)

Antwort

Themen zu hidden data, veränderte iexplore.exe
bho, browser, computer, desktop, downloader, einstellungen, eudora, excel, finds, google, hijack, hijackthis, hkus\s-1-5-18, iexplore.exe, internet, internet explorer, internet security, kaspersky, malware, modifikation, prozess, registry, rundll, saver, schädling, security, senden, shortcut, shut down, software, stick, system, windows xp



Ähnliche Themen: hidden data, veränderte iexplore.exe


  1. G Data blockierte Download, lud G Data-Update und läßt jetzt kein Java-Download zu
    Plagegeister aller Art und deren Bekämpfung - 18.01.2016 (6)
  2. Win 7 64 bit, Google Chrome, veränderte Startseite
    Log-Analyse und Auswertung - 26.04.2014 (13)
  3. Werbefenster, veränderte Startseiten, unbekannte Software
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (5)
  4. 4 Trojaner & veränderte Systemdatei (ATRAPS.Gen & Gen2, Dropper.BCMiner, ZAccess.H)
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (9)
  5. Veränderte Google-Startseite
    Alles rund um Windows - 08.05.2010 (1)
  6. Kaspersky meldet verschlüsselte Verbindung /PDM INVADER /PDM Hidden data sending
    Log-Analyse und Auswertung - 30.03.2010 (1)
  7. hidden data, veränderte iexplore.exe - 2. Versuch
    Log-Analyse und Auswertung - 07.07.2008 (1)
  8. Hidden Data Sending bei ICQ.exe
    Plagegeister aller Art und deren Bekämpfung - 26.09.2007 (3)
  9. Nur neue und veränderte Dateien scannen - Kaspersky
    Antiviren-, Firewall- und andere Schutzprogramme - 23.04.2007 (2)
  10. gefunden: potentiell gefährliche Software Hidden object iexplore.exe
    Log-Analyse und Auswertung - 17.04.2007 (9)
  11. iexplore.exe als Hidden process - Rootkit?
    Plagegeister aller Art und deren Bekämpfung - 12.04.2007 (15)
  12. Veränderte shell32.dll
    Alles rund um Windows - 18.02.2007 (3)
  13. veränderte Startseite im IE
    Log-Analyse und Auswertung - 10.04.2005 (6)
  14. Veränderte Startseite
    Plagegeister aller Art und deren Bekämpfung - 07.01.2005 (4)
  15. Wer kann helfen? Veränderte Schriftgrößen im Browser.
    Alles rund um Windows - 28.12.2004 (3)
  16. Veränderte Startseite www.heterofind.com
    Plagegeister aller Art und deren Bekämpfung - 28.08.2004 (12)
  17. Veränderte Startseite
    Plagegeister aller Art und deren Bekämpfung - 13.07.2004 (1)

Zum Thema hidden data, veränderte iexplore.exe - Hallo, mein Rechner fährt seit einiger Zeit manchmal, wenn ich den Internet Explorer (, so hätte ich es beobachtet) geöffnet habe, ohne Vorankündigung runter. Ich hatte im April folgende Meldungen - hidden data, veränderte iexplore.exe...
Archiv
Du betrachtest: hidden data, veränderte iexplore.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.