![]() |
|
Log-Analyse und Auswertung: Firefox öffnet neue Tabs mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Firefox öffnet neue Tabs mit Werbung Meine Firefox öffnet in unregelmässigen Abständen neue Tabs, allerdings kann ich den Verursacher einfach nicht entdecken. Daher brauch ich eure Hilfe. Hier die Logs, zudem läuft Antivir und findet auch nix. Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-04-30 11:55:19 Windows 6.1.7600 Running: esfh6oir.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uglcypod.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C293F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C11FB4 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C296F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C7B8E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C9B3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\drivers\rpbnl.sys Das System kann den angegebenen Pfad nicht finden. ! ? System32\Drivers\spde.sys Das System kann den angegebenen Pfad nicht finden. ! .rsrc C:\Windows\System32\drivers\volmgrx.sys entry point in ".rsrc" section [0x8C858014] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93804000, 0x2D5378, 0xE8000020] .text USBPORT.SYS!DllUnload 93E56CA0 5 Bytes JMP 86BDE1D8 .text a1yn3bha.SYS 93EE1000 12 Bytes [44, 48, C1, 82, EE, 46, C1, ...] .text a1yn3bha.SYS 93EE100D 9 Bytes [27, C1, 82, 48, 4B, C1, 82, ...] .text a1yn3bha.SYS 93EE1017 170 Bytes [00, DE, 47, 74, 8C, E6, 45, ...] .text a1yn3bha.SYS 93EE10C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text a1yn3bha.SYS 93EE10CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL} .text ... .text peauth.sys 9A564C9D 28 Bytes [D5, EC, F5, E3, 86, 19, DC, ...] .text peauth.sys 9A564CC1 28 Bytes [D5, EC, F5, E3, 86, 19, DC, ...] PAGE peauth.sys 9A56AB9B 72 Bytes [C9, CF, 29, 08, 4C, AC, A9, ...] PAGE peauth.sys 9A56ABEC 111 Bytes [19, 9B, 65, 93, D0, 87, FC, ...] PAGE peauth.sys 9A56AE20 101 Bytes [0B, 5C, 86, FA, F9, C0, A9, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!NtProtectVirtualMemory 772A5360 5 Bytes JMP 0044000A .text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!NtWriteVirtualMemory 772A5EE0 5 Bytes JMP 0045000A .text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!KiUserExceptionDispatcher 772A6448 5 Bytes JMP 0042000A .text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory 772A5360 5 Bytes JMP 0023000A .text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 772A5EE0 5 Bytes JMP 0024000A .text C:\Windows\system32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher 772A6448 5 Bytes JMP 0022000A .text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance 760A57FC 5 Bytes JMP 00D6000A .text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos 7706C198 5 Bytes JMP 00D7000A .text C:\Windows\Explorer.EXE[2544] ntdll.dll!NtProtectVirtualMemory 772A5360 5 Bytes JMP 002A000A .text C:\Windows\Explorer.EXE[2544] ntdll.dll!NtWriteVirtualMemory 772A5EE0 3 Bytes JMP 002B000A .text C:\Windows\Explorer.EXE[2544] ntdll.dll!NtWriteVirtualMemory + 4 772A5EE4 1 Byte [89] .text C:\Windows\Explorer.EXE[2544] ntdll.dll!KiUserExceptionDispatcher 772A6448 5 Bytes JMP 0029000A .text C:\Windows\Explorer.EXE[2544] SHELL32.dll!SHFileOperationW 76399708 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [8C672DDC] \SystemRoot\System32\Drivers\spde.sys IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8C672E30] \SystemRoot\System32\Drivers\spde.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C648042] \SystemRoot\System32\Drivers\spde.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C6486D6] \SystemRoot\System32\Drivers\spde.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C648800] \SystemRoot\System32\Drivers\spde.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C64813E] \SystemRoot\System32\Drivers\spde.sys IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[NTOSKRNL.exe!KeTickCount] 78801875 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 858031F8 Device \FileSystem\fastfat \FatCdrom 861BF500 Device \Driver\NetBT \Device\NetBT_Tcpip_{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977} 869FA1F8 Device \Driver\volmgr \Device\VolMgrControl 857FF1F8 Device \Driver\PCI_PNP1892 \Device\00000050 spde.sys Device \Driver\usbuhci \Device\USBPDO-0 86BDF1F8 Device \Driver\usbuhci \Device\USBPDO-1 86BDF1F8 Device \Driver\usbehci \Device\USBPDO-2 8699C500 Device \Driver\usbuhci \Device\USBPDO-3 86BDF1F8 Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-4 86BDF1F8 Device \Driver\usbuhci \Device\USBPDO-5 86BDF1F8 Device \Driver\usbuhci \Device\USBPDO-6 86BDF1F8 Device \Driver\volmgr \Device\HarddiskVolume1 857FF1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 8699C500 Device \Driver\volmgr \Device\HarddiskVolume2 857FF1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 867611F8 Device \Driver\cdrom \Device\CdRom1 867611F8 Device \Driver\atapi \Device\Ide\IdePort0 858011F8 Device \Driver\atapi \Device\Ide\IdePort1 858011F8 Device \Driver\atapi \Device\Ide\IdePort2 858011F8 Device \Driver\atapi \Device\Ide\IdePort3 858011F8 Device \Driver\atapi \Device\Ide\IdePort4 858011F8 Device \Driver\atapi \Device\Ide\IdePort5 858011F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 858011F8 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 858011F8 Device \Driver\sptd \Device\445630642 spde.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 869FA1F8 Device \Driver\usbuhci \Device\USBFDO-0 86BDF1F8 Device \Driver\usbuhci \Device\USBFDO-1 86BDF1F8 Device \Driver\usbehci \Device\USBFDO-2 8699C500 Device \Driver\NetBT \Device\NetBT_Tcpip_{90CD409F-4B02-4458-AEF5-9A1D58AC1267} 869FA1F8 Device \Driver\usbuhci \Device\USBFDO-3 86BDF1F8 Device \Driver\usbuhci \Device\USBFDO-4 86BDF1F8 Device \Driver\usbuhci \Device\USBFDO-5 86BDF1F8 Device \Driver\usbuhci \Device\USBFDO-6 86BDF1F8 Device \Driver\usbehci \Device\USBFDO-7 8699C500 Device \Driver\a1yn3bha \Device\Scsi\a1yn3bha1 86C131F8 Device \Driver\a1yn3bha \Device\Scsi\a1yn3bha1Port6Path0Target0Lun0 86C131F8 Device \FileSystem\fastfat \Fat 861BF500 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 872D2500 Device -> \Driver\atapi \Device\Harddisk0\DR0 865CAEE4 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\{C4E288D5-8521-4920-9292-2D30DAE4634C}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}"?"{10A19763-DD68-4591-A1FB-9D453A2DB415}"?"{BC8E02EB-F09F-4B82-93F7-7018E9217252}"?"{C4E288D5-8521-4920-9292-2D30DAE4634C}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\TCPIP6TUNNEL_{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\TCPIP6TUNNEL_{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\TCPIP6TUNNEL_{C4E288D5-8521-4920-9292-2D30DAE4634C}? Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2273 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x6F 0x91 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x17 0x16 0x19 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@LeaseObtainedTime 1272620807 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@T1 1272620837 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@T2 1272620859 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@LeaseTerminatesTime 1272620867 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x6F 0x91 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x17 0x16 0x19 0xDF ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 06CD48B22DF6FA5CF2C020EDA912256D8D096951455A2FF4156D54C2F47D7FF9C442383BC6631CB31938A69869A4404810FD88433ED808568BAFCCA1F7AB9CD5B598A65DD0C383C002C35A79CCFDF212305B20B20977368EEDD70D3924DE27E77B8497AFA8A4B1A3E94D9F8318F0EB56655F1412756A3E390C1A9997EF501479DDCE517B0EE3AAF0B2521FDF739EE11B48DD0E04B53B2364583EBDFEB710D8C5C8D2DF4126B5F532E0E3C3686F800BD217BCFBE15F476E93699D0864BBFE6F7C4C0211B2F79F1EE49CA7BEACFA61A6E9B3F40F376C3EAF3DFB2A49F19C5257C11C5FF9B6F07DB479B35583F06C6174BCA495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC793337395FC060B9B8CA946D55454998C526EA5A4C18E45D4A00AF0C44BD131B52BC8A16018798D08C72DB65838F359A118762E1A70048443B2963E93EAA87249680EF1242F2C84B594EADB91F045179EA463970795C46F3033D8F2C9EA41A19543113CA6A5618D1C1911767D33AF7CDAEE5FB0078A8898F57B8E16945AA64C7385E639320D8B2811080671EB49D06A1E081FCBB40B7BFAF922ACC6A751384F5192D9372EFF4476CAF753340B66E5AF025C8D184CC2C195E343586AC57091E5 ---- Files - GMER 1.0.15 ---- File C:\Windows\System32\drivers\volmgrx.sys suspicious modification File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:49, on 30.04.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Mario\Desktop\esfh6oir.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}: NameServer = 217.0.43.33 217.0.43.17 O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe -- End of file - 3635 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4053 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 30.04.2010 11:58:43 mbam-log-2010-04-30 (11-58-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 112301 Laufzeit: 2 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Themen zu Firefox öffnet neue Tabs mit Werbung |
0 bytes, adobe, antivir, antivir guard, avg, avira, bho, controlset002, desktop, firefox, firefox.exe, google, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, locker, logfile, malwarebytes, malwarebytes' anti-malware, mozilla, mozilla thunderbird, neue tabs, neue tabs mit werbung, notification, ntdll.dll, object, plug-in, registry, scan, shell32.dll, software, svchost.exe, system, tabs mit werbung, temp, tunnel, usbport.sys, werbung, öffnet |