Firefox öffnet neue Tabs mit Werbung

sting@tna · 30.04.2010, 11:00

Meine Firefox öffnet in unregelmässigen Abständen neue Tabs, allerdings kann ich den Verursacher einfach nicht entdecken. Daher brauch ich eure Hilfe.
Hier die Logs, zudem läuft Antivir und findet auch nix.

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-30 11:55:19
Windows 6.1.7600 
Running: esfh6oir.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uglcypod.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C29AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C29104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C293F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C11FB4
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C291DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C29958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C296F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C29F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                    82C2A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                             82C7B8E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                      82C9B3D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\drivers\rpbnl.sys                                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
?               System32\Drivers\spde.sys                                                                                                                   Das System kann den angegebenen Pfad nicht finden. !
.rsrc           C:\Windows\System32\drivers\volmgrx.sys                                                                                                     entry point in ".rsrc" section [0x8C858014]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                    section is writeable [0x93804000, 0x2D5378, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                       93E56CA0 5 Bytes  JMP 86BDE1D8 
.text           a1yn3bha.SYS                                                                                                                                93EE1000 12 Bytes  [44, 48, C1, 82, EE, 46, C1, ...]
.text           a1yn3bha.SYS                                                                                                                                93EE100D 9 Bytes  [27, C1, 82, 48, 4B, C1, 82, ...]
.text           a1yn3bha.SYS                                                                                                                                93EE1017 170 Bytes  [00, DE, 47, 74, 8C, E6, 45, ...]
.text           a1yn3bha.SYS                                                                                                                                93EE10C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           a1yn3bha.SYS                                                                                                                                93EE10CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                                         
.text           peauth.sys                                                                                                                                  9A564C9D 28 Bytes  [D5, EC, F5, E3, 86, 19, DC, ...]
.text           peauth.sys                                                                                                                                  9A564CC1 28 Bytes  [D5, EC, F5, E3, 86, 19, DC, ...]
PAGE            peauth.sys                                                                                                                                  9A56AB9B 72 Bytes  [C9, CF, 29, 08, 4C, AC, A9, ...]
PAGE            peauth.sys                                                                                                                                  9A56ABEC 111 Bytes  [19, 9B, 65, 93, D0, 87, FC, ...]
PAGE            peauth.sys                                                                                                                                  9A56AE20 101 Bytes  [0B, 5C, 86, FA, F9, C0, A9, ...]
PAGE            ...                                                                                                                                         

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!NtProtectVirtualMemory                                                          772A5360 5 Bytes  JMP 0044000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!NtWriteVirtualMemory                                                            772A5EE0 5 Bytes  JMP 0045000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!KiUserExceptionDispatcher                                                       772A6448 5 Bytes  JMP 0042000A 
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory                                                                      772A5360 5 Bytes  JMP 0023000A 
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory                                                                        772A5EE0 5 Bytes  JMP 0024000A 
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher                                                                   772A6448 5 Bytes  JMP 0022000A 
.text           C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance                                                                            760A57FC 5 Bytes  JMP 00D6000A 
.text           C:\Windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos                                                                               7706C198 5 Bytes  JMP 00D7000A 
.text           C:\Windows\Explorer.EXE[2544] ntdll.dll!NtProtectVirtualMemory                                                                              772A5360 5 Bytes  JMP 002A000A 
.text           C:\Windows\Explorer.EXE[2544] ntdll.dll!NtWriteVirtualMemory                                                                                772A5EE0 3 Bytes  JMP 002B000A 
.text           C:\Windows\Explorer.EXE[2544] ntdll.dll!NtWriteVirtualMemory + 4                                                                            772A5EE4 1 Byte  [89]
.text           C:\Windows\Explorer.EXE[2544] ntdll.dll!KiUserExceptionDispatcher                                                                           772A6448 5 Bytes  JMP 0029000A 
.text           C:\Windows\Explorer.EXE[2544] SHELL32.dll!SHFileOperationW                                                                                  76399708 5 Bytes  JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                           [8C672DDC] \SystemRoot\System32\Drivers\spde.sys
IAT             \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                              [8C672E30] \SystemRoot\System32\Drivers\spde.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                    [8C648042] \SystemRoot\System32\Drivers\spde.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                   [8C6486D6] \SystemRoot\System32\Drivers\spde.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                            [8C648800] \SystemRoot\System32\Drivers\spde.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                             [8C64813E] \SystemRoot\System32\Drivers\spde.sys
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortNotification]                                                                  00147880
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                               78800C75
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                 06750015
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortStallExecution]                                                                C25DC033
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                458B0008
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                6A006A08
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                            50056A24
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                 005AB7E8
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                          0001B800
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetParentBusType]                                                              C25D0000
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortRequestCallback]                                                               CCCC0008
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                         CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                          CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCompleteRequest]                                                               CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCopyMemory]                                                                    53EC8B55
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                                   800C5D8B
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                     7500117B
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                        127B806A
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                          80647500
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                          7500137B
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortInitialize]                                                                    157B805E
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                 56587500
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                             8008758B
IAT             \SystemRoot\System32\Drivers\a1yn3bha.SYS[NTOSKRNL.exe!KeTickCount]                                                                         78801875

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                      858031F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                               861BF500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}                                                                    869FA1F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                        857FF1F8
Device          \Driver\PCI_PNP1892 \Device\00000050                                                                                                        spde.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                            86BDF1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                            86BDF1F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                            8699C500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                            86BDF1F8
Device          \Driver\ACPI_HAL \Device\00000048                                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                            86BDF1F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                            86BDF1F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                            86BDF1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                      857FF1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                                            8699C500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                      857FF1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                                                867611F8
Device          \Driver\cdrom \Device\CdRom1                                                                                                                867611F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                          858011F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                          858011F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                          858011F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                          858011F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                                          858011F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                                          858011F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                                                 858011F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5                                                                                                 858011F8
Device          \Driver\sptd \Device\445630642                                                                                                              spde.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                     869FA1F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                            86BDF1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                            86BDF1F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                            8699C500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{90CD409F-4B02-4458-AEF5-9A1D58AC1267}                                                                    869FA1F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                                            86BDF1F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                            86BDF1F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                            86BDF1F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                            86BDF1F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                            8699C500
Device          \Driver\a1yn3bha \Device\Scsi\a1yn3bha1                                                                                                     86C131F8
Device          \Driver\a1yn3bha \Device\Scsi\a1yn3bha1Port6Path0Target0Lun0                                                                                86C131F8
Device          \FileSystem\fastfat \Fat                                                                                                                    861BF500

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                                                      872D2500
Device           -> \Driver\atapi \Device\Harddisk0\DR0                                                                                                     865CAEE4

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind    \Device\{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route   "{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}"?"{10A19763-DD68-4591-A1FB-9D453A2DB415}"?"{BC8E02EB-F09F-4B82-93F7-7018E9217252}"?"{C4E288D5-8521-4920-9292-2D30DAE4634C}"?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export  \Device\TCPIP6TUNNEL_{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\TCPIP6TUNNEL_{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\TCPIP6TUNNEL_{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\TCPIP6TUNNEL_{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg             HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                            2273
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                          771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                          285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                          1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                            
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                         0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                         0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                      0xF4 0x6F 0x91 0xD6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                             0x99 0xE5 0x38 0xF1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                              
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                        0x17 0x16 0x19 0xDF ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@LeaseObtainedTime                 1272620807
Reg             HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@T1                                1272620837
Reg             HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@T2                                1272620859
Reg             HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@LeaseTerminatesTime               1272620867
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                        
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                             C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                             0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                             0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                          0xF4 0x6F 0x91 0xD6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                               
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                    0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                 0x99 0xE5 0x38 0xF1 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                          
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                            0x17 0x16 0x19 0xDF ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                       
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL                                                       06CD48B22DF6FA5CF2C020EDA912256D8D096951455A2FF4156D54C2F47D7FF9C442383BC6631CB31938A69869A4404810FD88433ED808568BAFCCA1F7AB9CD5B598A65DD0C383C002C35A79CCFDF212305B20B20977368EEDD70D3924DE27E77B8497AFA8A4B1A3E94D9F8318F0EB56655F1412756A3E390C1A9997EF501479DDCE517B0EE3AAF0B2521FDF739EE11B48DD0E04B53B2364583EBDFEB710D8C5C8D2DF4126B5F532E0E3C3686F800BD217BCFBE15F476E93699D0864BBFE6F7C4C0211B2F79F1EE49CA7BEACFA61A6E9B3F40F376C3EAF3DFB2A49F19C5257C11C5FF9B6F07DB479B35583F06C6174BCA495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC793337395FC060B9B8CA946D55454998C526EA5A4C18E45D4A00AF0C44BD131B52BC8A16018798D08C72DB65838F359A118762E1A70048443B2963E93EAA87249680EF1242F2C84B594EADB91F045179EA463970795C46F3033D8F2C9EA41A19543113CA6A5618D1C1911767D33AF7CDAEE5FB0078A8898F57B8E16945AA64C7385E639320D8B2811080671EB49D06A1E081FCBB40B7BFAF922ACC6A751384F5192D9372EFF4476CAF753340B66E5AF025C8D184CC2C195E343586AC57091E5

---- Files - GMER 1.0.15 ----

File            C:\Windows\System32\drivers\volmgrx.sys                                                                                                     suspicious modification
File            C:\Windows\system32\drivers\atapi.sys                                                                                                       suspicious modification

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:49, on 30.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mario\Desktop\esfh6oir.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}: NameServer = 217.0.43.33 217.0.43.17
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

--
End of file - 3635 bytes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4053

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.04.2010 11:58:43
mbam-log-2010-04-30 (11-58-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112301
Laufzeit: 2 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Firefox öffnet neue Tabs mit Werbung

Log-Analyse und Auswertung: Firefox öffnet neue Tabs mit Werbung

Firefox öffnet neue Tabs mit Werbung

Ähnliche Themen: Firefox öffnet neue Tabs mit Werbung