Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-27 19:49:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00
Running: nb7c7458.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys


---- System - GMER 1.0.15 ----

SSDT            BA70320E                                                                                                                                                               ZwCreateKey
SSDT            BA703204                                                                                                                                                               ZwCreateThread
SSDT            BA703213                                                                                                                                                               ZwDeleteKey
SSDT            BA70321D                                                                                                                                                               ZwDeleteValueKey
SSDT            BA703222                                                                                                                                                               ZwLoadKey
SSDT            BA7031F0                                                                                                                                                               ZwOpenProcess
SSDT            BA7031F5                                                                                                                                                               ZwOpenThread
SSDT            BA70322C                                                                                                                                                               ZwReplaceKey
SSDT            BA703227                                                                                                                                                               ZwRestoreKey
SSDT            BA703218                                                                                                                                                               ZwSetValueKey
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                              ZwTerminateProcess [0xA8549620]

---- Kernel code sections - GMER 1.0.15 ----

?               C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys                                                                                                                             Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssdsp.flt                          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\msseax.flt                          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssmp3.asi                          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn        1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn       1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn      1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn        1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn          1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn                   1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn         1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn  1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn      1

---- EOF - GMER 1.0.15 ----
         

.DDS Logfile:

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_21
Run by Administrator at 22:07:21 on 2012-05-27
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1332 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Eraser\Eraser.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: &Recherchieren: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [SUPERAntiSpyware] c:\programme\superantispyware\SUPERAntiSpyware.exe
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\dropbox.lnk - c:\dokumente und einstellungen\administrator\anwendungsdaten\dropbox\bin\Dropbox.exe
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\programme\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8} : NameServer = 192.168.100.1
TCP: Interfaces\{242BB936-621A-480D-8324-497D6BCE33DA} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4EA54FBD-BD02-4751-8F66-1F53BAA8A94F} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: !SASWinLogon - c:\programme\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programme\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\9oes8frx.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-7-15 11608]
R1 SASDIFSV;SASDIFSV;c:\programme\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-15 60936]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-7-15 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-7-15 267432]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\admini~1\lokale~1\temp\ylo5.tmp --> c:\dokume~1\admini~1\lokale~1\temp\YLO5.tmp [?]
.
=============== Created Last 30 ================
.
2012-05-06 16:48:41	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2012-05-06 16:48:41	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51:24	2029056	------w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51:18	2150912	------w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51:18	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-04-04 13:56:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00:09	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:00:08	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:00:08	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:09:48	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:09:48	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40	385024	----a-w-	c:\windows\system32\html.iec
.
============= FINISH: 22:07:36,10 ===============
         
 
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28.06.2006 11:42:48
System Uptime: 27.05.2012 13:46:10 (9 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | MS-7187
Processor:               Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2799/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 0 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 97,101 GiB free.
E: is FIXED (NTFS) - 120 GiB total, 119,555 GiB free.
F: is Removable
G: is Removable
H: is Removable
J: is Removable
O: is CDROM ()
U: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
6
.
==== End Of File ===========================