| |
| |||||||
Log-Analyse und Auswertung: Firefox öffnet neue Tabs mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.04.2010, 11:00
| #1 |
 |  Firefox öffnet neue Tabs mit Werbung Meine Firefox öffnet in unregelmässigen Abständen neue Tabs, allerdings kann ich den Verursacher einfach nicht entdecken. Daher brauch ich eure Hilfe. Hier die Logs, zudem läuft Antivir und findet auch nix. Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-30 11:55:19
Windows 6.1.7600
Running: esfh6oir.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uglcypod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C293F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C11FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C296F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C29F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C7B8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C9B3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\rpbnl.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\spde.sys Das System kann den angegebenen Pfad nicht finden. !
.rsrc C:\Windows\System32\drivers\volmgrx.sys entry point in ".rsrc" section [0x8C858014]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93804000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 93E56CA0 5 Bytes JMP 86BDE1D8
.text a1yn3bha.SYS 93EE1000 12 Bytes [44, 48, C1, 82, EE, 46, C1, ...]
.text a1yn3bha.SYS 93EE100D 9 Bytes [27, C1, 82, 48, 4B, C1, 82, ...]
.text a1yn3bha.SYS 93EE1017 170 Bytes [00, DE, 47, 74, 8C, E6, 45, ...]
.text a1yn3bha.SYS 93EE10C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a1yn3bha.SYS 93EE10CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9A564C9D 28 Bytes [D5, EC, F5, E3, 86, 19, DC, ...]
.text peauth.sys 9A564CC1 28 Bytes [D5, EC, F5, E3, 86, 19, DC, ...]
PAGE peauth.sys 9A56AB9B 72 Bytes [C9, CF, 29, 08, 4C, AC, A9, ...]
PAGE peauth.sys 9A56ABEC 111 Bytes [19, 9B, 65, 93, D0, 87, FC, ...]
PAGE peauth.sys 9A56AE20 101 Bytes [0B, 5C, 86, FA, F9, C0, A9, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!NtProtectVirtualMemory 772A5360 5 Bytes JMP 0044000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!NtWriteVirtualMemory 772A5EE0 5 Bytes JMP 0045000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!KiUserExceptionDispatcher 772A6448 5 Bytes JMP 0042000A
.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory 772A5360 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 772A5EE0 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher 772A6448 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance 760A57FC 5 Bytes JMP 00D6000A
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos 7706C198 5 Bytes JMP 00D7000A
.text C:\Windows\Explorer.EXE[2544] ntdll.dll!NtProtectVirtualMemory 772A5360 5 Bytes JMP 002A000A
.text C:\Windows\Explorer.EXE[2544] ntdll.dll!NtWriteVirtualMemory 772A5EE0 3 Bytes JMP 002B000A
.text C:\Windows\Explorer.EXE[2544] ntdll.dll!NtWriteVirtualMemory + 4 772A5EE4 1 Byte [89]
.text C:\Windows\Explorer.EXE[2544] ntdll.dll!KiUserExceptionDispatcher 772A6448 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[2544] SHELL32.dll!SHFileOperationW 76399708 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [8C672DDC] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8C672E30] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C648042] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C6486D6] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C648800] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C64813E] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
IAT \SystemRoot\System32\Drivers\a1yn3bha.SYS[NTOSKRNL.exe!KeTickCount] 78801875
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 858031F8
Device \FileSystem\fastfat \FatCdrom 861BF500
Device \Driver\NetBT \Device\NetBT_Tcpip_{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977} 869FA1F8
Device \Driver\volmgr \Device\VolMgrControl 857FF1F8
Device \Driver\PCI_PNP1892 \Device\00000050 spde.sys
Device \Driver\usbuhci \Device\USBPDO-0 86BDF1F8
Device \Driver\usbuhci \Device\USBPDO-1 86BDF1F8
Device \Driver\usbehci \Device\USBPDO-2 8699C500
Device \Driver\usbuhci \Device\USBPDO-3 86BDF1F8
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 86BDF1F8
Device \Driver\usbuhci \Device\USBPDO-5 86BDF1F8
Device \Driver\usbuhci \Device\USBPDO-6 86BDF1F8
Device \Driver\volmgr \Device\HarddiskVolume1 857FF1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 8699C500
Device \Driver\volmgr \Device\HarddiskVolume2 857FF1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 867611F8
Device \Driver\cdrom \Device\CdRom1 867611F8
Device \Driver\atapi \Device\Ide\IdePort0 858011F8
Device \Driver\atapi \Device\Ide\IdePort1 858011F8
Device \Driver\atapi \Device\Ide\IdePort2 858011F8
Device \Driver\atapi \Device\Ide\IdePort3 858011F8
Device \Driver\atapi \Device\Ide\IdePort4 858011F8
Device \Driver\atapi \Device\Ide\IdePort5 858011F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 858011F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 858011F8
Device \Driver\sptd \Device\445630642 spde.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 869FA1F8
Device \Driver\usbuhci \Device\USBFDO-0 86BDF1F8
Device \Driver\usbuhci \Device\USBFDO-1 86BDF1F8
Device \Driver\usbehci \Device\USBFDO-2 8699C500
Device \Driver\NetBT \Device\NetBT_Tcpip_{90CD409F-4B02-4458-AEF5-9A1D58AC1267} 869FA1F8
Device \Driver\usbuhci \Device\USBFDO-3 86BDF1F8
Device \Driver\usbuhci \Device\USBFDO-4 86BDF1F8
Device \Driver\usbuhci \Device\USBFDO-5 86BDF1F8
Device \Driver\usbuhci \Device\USBFDO-6 86BDF1F8
Device \Driver\usbehci \Device\USBFDO-7 8699C500
Device \Driver\a1yn3bha \Device\Scsi\a1yn3bha1 86C131F8
Device \Driver\a1yn3bha \Device\Scsi\a1yn3bha1Port6Path0Target0Lun0 86C131F8
Device \FileSystem\fastfat \Fat 861BF500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 872D2500
Device -> \Driver\atapi \Device\Harddisk0\DR0 865CAEE4
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}"?"{10A19763-DD68-4591-A1FB-9D453A2DB415}"?"{BC8E02EB-F09F-4B82-93F7-7018E9217252}"?"{C4E288D5-8521-4920-9292-2D30DAE4634C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\TCPIP6TUNNEL_{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\TCPIP6TUNNEL_{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\TCPIP6TUNNEL_{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2273
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x6F 0x91 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x17 0x16 0x19 0xDF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@LeaseObtainedTime 1272620807
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@T1 1272620837
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@T2 1272620859
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90CD409F-4B02-4458-AEF5-9A1D58AC1267}@LeaseTerminatesTime 1272620867
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF4 0x6F 0x91 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x17 0x16 0x19 0xDF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 06CD48B22DF6FA5CF2C020EDA912256D8D096951455A2FF4156D54C2F47D7FF9C442383BC6631CB31938A69869A4404810FD88433ED808568BAFCCA1F7AB9CD5B598A65DD0C383C002C35A79CCFDF212305B20B20977368EEDD70D3924DE27E77B8497AFA8A4B1A3E94D9F8318F0EB56655F1412756A3E390C1A9997EF501479DDCE517B0EE3AAF0B2521FDF739EE11B48DD0E04B53B2364583EBDFEB710D8C5C8D2DF4126B5F532E0E3C3686F800BD217BCFBE15F476E93699D0864BBFE6F7C4C0211B2F79F1EE49CA7BEACFA61A6E9B3F40F376C3EAF3DFB2A49F19C5257C11C5FF9B6F07DB479B35583F06C6174BCA495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC793337395FC060B9B8CA946D55454998C526EA5A4C18E45D4A00AF0C44BD131B52BC8A16018798D08C72DB65838F359A118762E1A70048443B2963E93EAA87249680EF1242F2C84B594EADB91F045179EA463970795C46F3033D8F2C9EA41A19543113CA6A5618D1C1911767D33AF7CDAEE5FB0078A8898F57B8E16945AA64C7385E639320D8B2811080671EB49D06A1E081FCBB40B7BFAF922ACC6A751384F5192D9372EFF4476CAF753340B66E5AF025C8D184CC2C195E343586AC57091E5
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\drivers\volmgrx.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:49, on 30.04.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Mario\Desktop\esfh6oir.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}: NameServer = 217.0.43.33 217.0.43.17 O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe -- End of file - 3635 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4053
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30.04.2010 11:58:43
mbam-log-2010-04-30 (11-58-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112301
Laufzeit: 2 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
30.04.2010, 15:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox öffnet neue Tabs mit Werbung Hallo und
__________________ Da wurden zwei Dateien modifiziert, bitte CF anwenden: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
30.04.2010, 22:29
| #3 |
| | Firefox öffnet neue Tabs mit WerbungCode:
ATTFilter ComboFix 10-04-29.05 - Mario 30.04.2010 23:20:13.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3327.2563 [GMT 2:00]
ausgeführt von:: c:\users\Mario\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\uZQEtNDuIS.dll
c:\windows\Wwygaa.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-28 bis 2010-04-30 ))))))))))))))))))))))))))))))
.
2010-04-30 21:25 . 2010-04-30 21:25 -------- d-----w- c:\users\Mario\AppData\Local\temp
2010-04-30 21:25 . 2010-04-30 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-30 21:11 . 2010-04-30 21:11 -------- d-----w- c:\program files\CCleaner
2010-04-30 08:57 . 2010-04-30 08:57 -------- d-----w- c:\users\Mario\AppData\Roaming\Malwarebytes
2010-04-30 08:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 08:55 . 2010-04-30 08:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 08:55 . 2010-04-30 08:55 -------- d-----w- c:\programdata\Malwarebytes
2010-04-30 08:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 23:38 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 23:38 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 23:38 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 23:38 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-29 23:38 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-29 23:38 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-29 23:38 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-29 23:38 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-29 23:38 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-29 23:38 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-29 23:38 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-29 18:10 . 2010-04-29 18:10 -------- d-----w- c:\windows\Sun
2010-04-29 16:16 . 2010-04-29 16:16 -------- d-----w- c:\program files\Trend Micro
2010-04-29 10:00 . 2010-04-29 10:00 96761 ----a-w- c:\windows\system32\16a56fa3.exe
2010-04-29 10:00 . 2010-04-29 10:00 50994 ----a-w- c:\windows\system32\tikbfnlwtiiqdhxak.exe
2010-04-28 14:01 . 2010-04-28 14:01 -------- d-----w- c:\programdata\eBay
2010-04-28 14:01 . 2010-04-28 14:01 -------- d-----w- c:\program files\eBay
2010-04-28 11:00 . 2010-04-28 11:00 -------- d-----w- c:\users\Mario\AppData\Local\ElevatedDiagnostics
2010-04-28 10:58 . 2010-04-28 10:58 -------- d-----w- c:\programdata\OPPU
2010-04-28 10:56 . 2010-04-28 10:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 10:56 . 2010-04-28 10:56 -------- d-----w- c:\program files\Okidata
2010-04-28 10:56 . 2007-11-14 13:18 43656 ----a-w- c:\windows\system32\drivers\OkiPar.sys
2010-04-28 10:56 . 2001-01-15 13:17 808 ----a-w- c:\windows\system32\OKIPAR.DAT
2010-04-28 10:55 . 2010-04-28 10:55 -------- d-----w- c:\users\Mario\AppData\Roaming\InstallShield
2010-04-28 10:55 . 2008-03-27 17:24 31232 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\OPPUPP3.DLL
2010-04-28 10:55 . 2007-11-05 08:35 131072 ----a-w- c:\windows\system32\OPDMN094.DLL
2010-04-28 10:55 . 2007-07-19 11:00 61440 ----a-w- c:\windows\system32\OPUSBEXT.DLL
2010-04-28 10:55 . 2007-03-14 21:57 65536 ----a-w- c:\windows\system32\OPEXTUAC.DLL
2010-04-28 09:16 . 2010-04-28 09:16 -------- d-----w- c:\windows\ehome
2010-04-28 09:16 . 2010-04-28 09:16 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2010-04-28 09:12 . 2010-04-29 23:15 -------- d-sh--w- c:\users\Mario\AppData\Roaming\lowsec
2010-04-25 08:53 . 2010-04-30 10:17 -------- d-----w- C:\Huvers
2010-04-23 23:41 . 2010-04-23 23:46 -------- d-----w- c:\users\Mario\AppData\Roaming\XnView
2010-04-23 23:41 . 2010-04-23 23:41 -------- d-----w- c:\program files\XnView
2010-04-23 21:24 . 2010-04-23 21:24 -------- d-----w- c:\program files\Photo Collage Maker
2010-04-23 14:59 . 2010-04-23 14:59 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-04-14 08:42 . 2010-04-30 10:24 -------- d-----w- c:\users\Mario\AppData\Roaming\DeepBurner
2010-04-14 08:41 . 2010-04-14 08:41 -------- d-----w- c:\program files\Astonsoft
2010-04-14 01:05 . 2010-04-15 11:45 -------- d-----w- c:\program files\AmoK
2010-04-13 23:39 . 2010-04-14 10:57 -------- d-----w- c:\program files\GiPo@Utilities
2010-04-13 23:38 . 2010-04-13 23:38 -------- d-----w- c:\windows\Downloaded Installations
2010-04-13 23:20 . 2010-04-13 23:38 -------- d-----w- c:\users\Mario\AppData\Roaming\GHISLER
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-04-13 14:38 . 2010-04-15 11:40 -------- d-----w- c:\program files\Unlocker
2010-04-12 17:16 . 2010-04-22 00:28 -------- d-----w- c:\users\Mario\AppData\Roaming\dvdcss
2010-04-08 00:05 . 2010-04-10 01:14 -------- d-----w- c:\users\Mario\AppData\Local\Google
2010-04-08 00:05 . 2010-04-10 01:14 -------- d-----w- c:\program files\Google
2010-04-08 00:00 . 2010-04-23 23:47 -------- d-----w- c:\program files\IrfanView
2010-04-08 00:00 . 2010-04-08 00:00 -------- d-----w- c:\users\Mario\AppData\Roaming\IrfanView
2010-04-05 23:54 . 2010-04-05 23:54 -------- d-----w- c:\program files\Easy Video Splitter
2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- c:\programdata\BioWare
2010-04-04 17:49 . 2010-04-24 23:18 -------- d-----w- C:\Dragon Age
2010-04-04 17:49 . 2010-04-04 17:57 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-04 13:19 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-04-04 13:13 . 2010-04-04 13:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-04 13:13 . 2010-04-04 13:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-04 13:12 . 2010-04-04 13:19 -------- d-----w- c:\users\Mario\AppData\Roaming\DAEMON Tools Lite
2010-04-04 13:12 . 2010-04-04 13:12 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-04-02 16:06 . 2010-04-13 14:54 -------- d-----w- c:\windows\system32\oodag
2010-04-02 16:05 . 2010-04-02 16:05 -------- d-----w- c:\users\Mario\AppData\Local\O&O
2010-04-02 16:04 . 2010-04-02 16:04 -------- d-----w- c:\program files\OO Software
2010-04-02 15:04 . 2010-04-02 15:04 -------- d-----w- c:\users\Mario\AppData\Local\Adobe
2010-04-02 14:52 . 2010-04-02 14:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 13:14 . 2010-04-02 13:15 -------- d-----w- c:\users\Mario\AppData\Roaming\TrueCrypt
2010-04-02 13:14 . 2010-04-02 13:14 -------- d-----w- c:\programdata\TrueCrypt
2010-04-02 13:13 . 2010-04-02 13:13 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-04-02 13:13 . 2010-04-02 13:15 -------- d-----w- c:\program files\TrueCrypt
2010-04-01 21:36 . 2010-04-18 18:01 -------- d-----w- C:\HattrickOrganizer
2010-03-31 23:35 . 2010-04-30 10:24 -------- d-----w- c:\users\Mario\AppData\Roaming\vlc
2010-03-31 23:35 . 2010-03-31 23:35 -------- d-----w- c:\program files\VideoLAN
2010-03-31 23:32 . 2010-03-31 23:32 -------- d-----w- c:\windows\system32\Macromed
2010-03-31 22:56 . 2010-03-31 22:56 -------- d-----w- c:\users\Mario\AppData\Local\Apps
2010-03-31 22:43 . 2010-03-31 22:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-31 22:43 . 2010-03-31 22:43 -------- d-----w- c:\program files\Java
2010-03-31 22:15 . 2010-03-31 22:15 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2010-03-31 22:15 . 2010-03-31 22:15 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-03-31 21:35 . 2010-03-31 21:45 -------- d-----w- c:\users\Mario\AppData\Local\Thunderbird
2010-03-31 21:35 . 2010-03-31 21:35 -------- d-----w- c:\users\Mario\AppData\Roaming\Thunderbird
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 21:07 . 2010-03-31 21:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-30 11:16 . 2010-03-31 13:46 1 ----a-w- c:\users\Mario\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-30 10:16 . 2009-07-14 08:47 618822 ----a-w- c:\windows\system32\perfh007.dat
2010-04-30 10:16 . 2009-07-14 08:47 116382 ----a-w- c:\windows\system32\perfc007.dat
2010-04-29 10:49 . 2010-04-29 10:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-04-28 09:16 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-04-13 11:03 . 2010-04-13 11:03 8 ----a-w- c:\users\Mario\AppData\Roaming\ypgmjw.dat
2010-04-04 17:57 . 2010-04-04 17:12 -------- d-----w- c:\programdata\Media Center Programs
2010-04-04 17:13 . 2010-04-04 17:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-04 17:12 . 2010-04-04 17:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 16:57 . 2010-04-04 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-04 13:19 . 2010-04-04 13:19 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-04 13:19 . 2010-04-04 13:19 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-03-31 21:22 . 2010-03-31 13:15 62952 ----a-w- c:\users\Mario\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\users\Mario\AppData\Roaming\OpenOffice.org
2010-03-31 13:45 . 2010-03-31 13:45 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-31 13:06 . 2010-03-31 13:06 -------- d-----w- c:\users\Mario\AppData\Roaming\Avira
2010-03-31 13:03 . 2010-03-31 13:03 -------- d-----w- c:\programdata\Avira
2010-03-31 13:03 . 2010-03-31 13:03 -------- d-----w- c:\program files\Avira
2010-03-31 11:18 . 2010-03-31 11:18 -------- d--h--w- c:\programdata\CanonBJ
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Vorlagen
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Startmenü
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Favoriten
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Dokumente
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Desktop
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Anwendungsdaten
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\program files\Gemeinsame Dateien
2010-03-31 09:58 . 2010-03-31 09:58 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-01 07:05 . 2010-03-31 13:03 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-24 08:16 . 2009-10-14 02:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-03-31 11:11 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 11:24 . 2010-03-31 13:03 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-11 07:10 . 2010-03-31 14:01 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-02 07:45 . 2010-03-31 11:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
R0 ijrrq;ijrrq; [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-04 691696]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 136176]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Inhalt des "geplante Tasks" Ordners
2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 18:54]
2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 18:54]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4889p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{e00b2305-c0ee-3b70-614a-b4954d224e5f}\components\f439b5a1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-04-30 23:27:35
ComboFix-quarantined-files.txt 2010-04-30 21:27
Vor Suchlauf: 9 Verzeichnis(se), 168.984.023.040 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 168.658.939.904 Bytes frei
- - End Of File - - 0F8A4C51D07FB2918F0860B315AE9E6F
|
|
01.05.2010, 13:14
| #4 |
| | Firefox öffnet neue Tabs mit Werbung Problem ist scheinbar doch noch da..... Anti Malware sagt: Code:
ATTFilter 14:00:51 Mario IP-BLOCK 213.163.89.106
14:00:51 Mario IP-BLOCK 213.163.89.106
14:00:51 Mario IP-BLOCK 213.163.89.107
14:00:51 Mario IP-BLOCK 213.163.89.107
14:00:51 Mario IP-BLOCK 213.163.89.105
14:01:31 Mario IP-BLOCK 213.163.89.106
14:01:31 Mario IP-BLOCK 213.163.89.106
14:01:31 Mario IP-BLOCK 213.163.89.106
14:01:31 Mario IP-BLOCK 213.163.89.106
14:01:31 Mario IP-BLOCK 213.163.89.107
14:01:31 Mario IP-BLOCK 213.163.89.107
14:01:31 Mario IP-BLOCK 213.163.89.107
14:01:31 Mario IP-BLOCK 213.163.89.105
14:01:31 Mario IP-BLOCK 213.163.89.107
14:01:31 Mario IP-BLOCK 213.163.89.105
14:04:12 Mario IP-BLOCK 91.212.226.33
14:05:32 Mario IP-BLOCK 213.163.89.106
14:05:32 Mario IP-BLOCK 213.163.89.106
14:05:32 Mario IP-BLOCK 213.163.89.106
14:05:32 Mario IP-BLOCK 213.163.89.107
14:05:32 Mario IP-BLOCK 213.163.89.106
14:05:32 Mario IP-BLOCK 213.163.89.107
14:05:32 Mario IP-BLOCK 213.163.89.105
14:05:32 Mario IP-BLOCK 213.163.89.107
14:05:32 Mario IP-BLOCK 213.163.89.107
14:05:32 Mario IP-BLOCK 213.163.89.105
14:06:28 Mario IP-BLOCK 213.163.89.106
14:06:28 Mario IP-BLOCK 213.163.89.106
14:06:28 Mario IP-BLOCK 213.163.89.106
14:06:28 Mario IP-BLOCK 213.163.89.107
14:06:28 Mario IP-BLOCK 213.163.89.106
14:06:28 Mario IP-BLOCK 213.163.89.107
14:06:28 Mario IP-BLOCK 213.163.89.107
14:06:28 Mario IP-BLOCK 213.163.89.107
14:06:28 Mario IP-BLOCK 213.163.89.105
14:06:28 Mario IP-BLOCK 213.163.89.105
14:09:08 Mario IP-BLOCK 91.212.226.33
14:09:16 Mario IP-BLOCK 213.163.89.106
14:09:16 Mario IP-BLOCK 213.163.89.106
14:09:16 Mario IP-BLOCK 213.163.89.106
14:09:16 Mario IP-BLOCK 213.163.89.107
14:09:16 Mario IP-BLOCK 213.163.89.106
14:09:16 Mario IP-BLOCK 213.163.89.107
14:09:16 Mario IP-BLOCK 213.163.89.105
14:09:16 Mario IP-BLOCK 213.163.89.107
14:09:16 Mario IP-BLOCK 213.163.89.107
14:09:16 Mario IP-BLOCK 213.163.89.105
14:12:45 Mario IP-BLOCK 213.163.89.104
14:14:13 Mario IP-BLOCK 91.212.226.33
|
|
01.05.2010, 14:49
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Hm, CF hat das nicht erkannt. Hast Du eine Win7-DVD zur hand?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.05.2010, 17:59
| #6 |
| | Firefox öffnet neue Tabs mit Werbung Hab ne Win7 DVD, würd aber gerne Format C: vermeiden! |
|
01.05.2010, 18:45
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Das meinte ich nicht. Leg die Win7-DVD mal ein und such auf der DVD nach der Datei volmgrx.sys - sie kann auch volmgrx.sy_ heißen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2010, 19:47
| #8 |
| | Firefox öffnet neue Tabs mit Werbung Hab ne Win7 Ultimate DVD hier, kann allerdings die Datei nicht finden... Und nun? Noch ne Idee? |
|
01.05.2010, 20:10
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Wir müssen die Datei mit einem Original ersetzen. Durchsuch mal Deine Festplatte nach dieser Datei, achte darauf, dass auch versteckte und geschützte Systemdateien in die Suche mit einbezogen werden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2010, 21:51
| #10 |
| | Firefox öffnet neue Tabs mit Werbung Was genau bringt und bewirkt das? Möchte deinen Tipp nicht hinterfragen, sondern verstehen. |
|
01.05.2010, 21:53
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Ein Rootkit hat diese Datei (volmgrx.sys) manipuliert. Deswegen ist das jetzt der erste Schritt, die jetzige Datei mit einer Originalversion zu überschreiben.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2010, 12:46
| #12 |
| | Firefox öffnet neue Tabs mit Werbung Ich kann auf meiner Win7 DVD definitiv die Datei nicht finden. Nur Lokal auf der Festplatte system32/drivers |
|
03.05.2010, 08:05
| #13 |
| | Firefox öffnet neue Tabs mit WerbungCode:
ATTFilter ComboFix 10-05-02.01 - Mario 03.05.2010 1:12.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3327.2519 [GMT 2:00]
ausgeführt von:: c:\users\Mario\Desktop\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-02 bis 2010-05-02 ))))))))))))))))))))))))))))))
.
2010-05-02 23:17 . 2010-05-02 23:17 -------- d-----w- c:\users\Mario\AppData\Local\temp
2010-05-02 23:17 . 2010-05-02 23:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-02 23:17 . 2010-05-02 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 21:38 . 2010-05-02 21:38 -------- d-----w- c:\program files\Conduit
2010-05-02 21:38 . 2010-05-02 21:40 -------- d-----w- c:\program files\Sophos
2010-05-02 14:29 . 2010-05-02 14:41 -------- d-----w- c:\program files\UnderCoverXP
2010-05-02 02:59 . 2010-05-02 02:59 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-01 18:44 . 2010-05-01 18:44 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-01 18:44 . 2010-05-01 18:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-01 12:25 . 2010-05-01 12:25 -------- d-----w- c:\programdata\Alwil Software
2010-05-01 12:25 . 2010-05-01 12:25 -------- d-----w- c:\program files\Alwil Software
2010-05-01 08:29 . 2010-05-01 10:12 -------- d-----w- c:\users\Mario\AppData\Local\wjfdsrsqr
2010-04-30 21:11 . 2010-04-30 21:11 -------- d-----w- c:\program files\CCleaner
2010-04-30 08:57 . 2010-04-30 08:57 -------- d-----w- c:\users\Mario\AppData\Roaming\Malwarebytes
2010-04-30 08:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 08:55 . 2010-04-30 08:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 08:55 . 2010-04-30 08:55 -------- d-----w- c:\programdata\Malwarebytes
2010-04-30 08:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 23:38 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 23:38 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 23:38 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 23:38 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-29 23:38 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-29 23:38 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-29 23:38 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-29 23:38 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-29 23:38 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-29 23:38 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-29 23:38 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-29 18:10 . 2010-04-29 18:10 -------- d-----w- c:\windows\Sun
2010-04-29 16:16 . 2010-04-29 16:16 -------- d-----w- c:\program files\Trend Micro
2010-04-28 14:01 . 2010-04-28 14:01 -------- d-----w- c:\programdata\eBay
2010-04-28 14:01 . 2010-04-28 14:01 -------- d-----w- c:\program files\eBay
2010-04-28 11:00 . 2010-04-28 11:00 -------- d-----w- c:\users\Mario\AppData\Local\ElevatedDiagnostics
2010-04-28 10:58 . 2010-04-28 10:58 -------- d-----w- c:\programdata\OPPU
2010-04-28 10:56 . 2010-04-28 10:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 10:56 . 2010-04-28 10:56 -------- d-----w- c:\program files\Okidata
2010-04-28 10:56 . 2007-11-14 13:18 43656 ----a-w- c:\windows\system32\drivers\OkiPar.sys
2010-04-28 10:56 . 2001-01-15 13:17 808 ----a-w- c:\windows\system32\OKIPAR.DAT
2010-04-28 10:55 . 2010-04-28 10:55 -------- d-----w- c:\users\Mario\AppData\Roaming\InstallShield
2010-04-28 10:55 . 2008-03-27 17:24 31232 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\OPPUPP3.DLL
2010-04-28 10:55 . 2007-11-05 08:35 131072 ----a-w- c:\windows\system32\OPDMN094.DLL
2010-04-28 10:55 . 2007-07-19 11:00 61440 ----a-w- c:\windows\system32\OPUSBEXT.DLL
2010-04-28 10:55 . 2007-03-14 21:57 65536 ----a-w- c:\windows\system32\OPEXTUAC.DLL
2010-04-28 09:16 . 2010-04-28 09:16 -------- d-----w- c:\windows\ehome
2010-04-28 09:16 . 2010-04-28 09:16 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2010-04-28 09:12 . 2010-04-29 23:15 -------- d-sh--w- c:\users\Mario\AppData\Roaming\lowsec
2010-04-25 08:53 . 2010-04-30 10:17 -------- d-----w- C:\Huvers
2010-04-23 23:41 . 2010-04-23 23:46 -------- d-----w- c:\users\Mario\AppData\Roaming\XnView
2010-04-23 23:41 . 2010-04-23 23:41 -------- d-----w- c:\program files\XnView
2010-04-23 21:24 . 2010-04-23 21:24 -------- d-----w- c:\program files\Photo Collage Maker
2010-04-23 14:59 . 2010-04-23 14:59 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-04-14 08:42 . 2010-04-30 10:24 -------- d-----w- c:\users\Mario\AppData\Roaming\DeepBurner
2010-04-14 08:41 . 2010-04-14 08:41 -------- d-----w- c:\program files\Astonsoft
2010-04-14 01:05 . 2010-04-15 11:45 -------- d-----w- c:\program files\AmoK
2010-04-13 23:39 . 2010-04-14 10:57 -------- d-----w- c:\program files\GiPo@Utilities
2010-04-13 23:38 . 2010-04-13 23:38 -------- d-----w- c:\windows\Downloaded Installations
2010-04-13 23:20 . 2010-04-13 23:38 -------- d-----w- c:\users\Mario\AppData\Roaming\GHISLER
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-04-13 23:20 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-04-13 14:38 . 2010-04-15 11:40 -------- d-----w- c:\program files\Unlocker
2010-04-12 17:16 . 2010-04-22 00:28 -------- d-----w- c:\users\Mario\AppData\Roaming\dvdcss
2010-04-08 00:05 . 2010-04-10 01:14 -------- d-----w- c:\users\Mario\AppData\Local\Google
2010-04-08 00:05 . 2010-04-10 01:14 -------- d-----w- c:\program files\Google
2010-04-08 00:00 . 2010-04-23 23:47 -------- d-----w- c:\program files\IrfanView
2010-04-08 00:00 . 2010-04-08 00:00 -------- d-----w- c:\users\Mario\AppData\Roaming\IrfanView
2010-04-05 23:54 . 2010-04-05 23:54 -------- d-----w- c:\program files\Easy Video Splitter
2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- c:\programdata\BioWare
2010-04-04 17:49 . 2010-04-24 23:18 -------- d-----w- C:\Dragon Age
2010-04-04 17:49 . 2010-04-04 17:57 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-04 13:19 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-04-04 13:12 . 2010-04-04 13:12 -------- d-----w- c:\programdata\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 22:40 . 2010-03-31 13:46 1 ----a-w- c:\users\Mario\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-02 22:30 . 2010-03-31 21:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-02 21:30 . 2010-03-31 23:35 -------- d-----w- c:\users\Mario\AppData\Roaming\vlc
2010-05-02 11:29 . 2009-07-14 08:47 643628 ----a-w- c:\windows\system32\perfh007.dat
2010-05-02 11:29 . 2009-07-14 08:47 126188 ----a-w- c:\windows\system32\perfc007.dat
2010-04-29 10:49 . 2010-04-29 10:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-04-28 09:16 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-04-13 11:03 . 2010-04-13 11:03 8 ----a-w- c:\users\Mario\AppData\Roaming\ypgmjw.dat
2010-04-04 17:57 . 2010-04-04 17:12 -------- d-----w- c:\programdata\Media Center Programs
2010-04-04 17:13 . 2010-04-04 17:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-04 17:12 . 2010-04-04 17:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 16:57 . 2010-04-04 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-04 13:19 . 2010-04-04 13:19 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-04 13:19 . 2010-04-04 13:19 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-04 13:19 . 2010-04-04 13:12 -------- d-----w- c:\users\Mario\AppData\Roaming\DAEMON Tools Lite
2010-04-02 16:04 . 2010-04-02 16:04 -------- d-----w- c:\program files\OO Software
2010-04-02 14:52 . 2010-04-02 14:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 13:15 . 2010-04-02 13:14 -------- d-----w- c:\users\Mario\AppData\Roaming\TrueCrypt
2010-04-02 13:15 . 2010-04-02 13:13 -------- d-----w- c:\program files\TrueCrypt
2010-04-02 13:14 . 2010-04-02 13:14 -------- d-----w- c:\programdata\TrueCrypt
2010-04-02 13:13 . 2010-04-02 13:13 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-03-31 23:35 . 2010-03-31 23:35 -------- d-----w- c:\program files\VideoLAN
2010-03-31 22:43 . 2010-03-31 22:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-31 22:43 . 2010-03-31 22:43 -------- d-----w- c:\program files\Java
2010-03-31 22:15 . 2010-03-31 22:15 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2010-03-31 22:15 . 2010-03-31 22:15 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-03-31 21:35 . 2010-03-31 21:35 -------- d-----w- c:\users\Mario\AppData\Roaming\Thunderbird
2010-03-31 21:22 . 2010-03-31 13:15 62952 ----a-w- c:\users\Mario\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\users\Mario\AppData\Roaming\OpenOffice.org
2010-03-31 13:45 . 2010-03-31 13:45 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-31 13:06 . 2010-03-31 13:06 -------- d-----w- c:\users\Mario\AppData\Roaming\Avira
2010-03-31 13:03 . 2010-03-31 13:03 -------- d-----w- c:\programdata\Avira
2010-03-31 13:03 . 2010-03-31 13:03 -------- d-----w- c:\program files\Avira
2010-03-31 11:18 . 2010-03-31 11:18 -------- d--h--w- c:\programdata\CanonBJ
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Vorlagen
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Startmenü
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Favoriten
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Dokumente
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Desktop
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\programdata\Anwendungsdaten
2010-03-31 10:53 . 2010-03-31 10:53 -------- d-sh--we c:\program files\Gemeinsame Dateien
2010-03-31 09:58 . 2010-03-31 09:58 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-25 09:27 . 2010-03-25 09:27 1107264 ----a-w- c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4889p.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-01 07:05 . 2010-03-31 13:03 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-24 08:16 . 2009-10-14 02:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-03-31 11:11 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 11:24 . 2010-03-31 13:03 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-11 07:10 . 2010-03-31 14:01 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-02 07:45 . 2010-03-31 11:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-04-30_21.25.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 00:13 . 2009-07-14 01:16 27136 c:\windows\System32\wsepno.dll
+ 2010-03-31 22:18 . 2010-05-02 23:12 23814 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-05-02 23:12 38418 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 00:13 . 2009-07-14 01:14 86528 c:\windows\System32\SearchFilterHost.exe
+ 2009-07-14 00:13 . 2009-07-14 01:15 35328 c:\windows\System32\mssprxy.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15 10240 c:\windows\System32\msshooks.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15 59392 c:\windows\System32\msscntrs.dll
+ 2009-07-14 00:13 . 2009-07-14 01:16 57344 c:\windows\System32\migration\WSearchMigPlugin.dll
+ 2010-03-31 09:59 . 2010-05-02 23:10 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-31 09:59 . 2010-04-30 21:18 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-28 12:52 . 2010-04-30 21:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-04-28 12:52 . 2010-05-02 19:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-05-01 03:52 . 2010-05-01 03:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050120100502\index.dat
- 2009-07-14 04:41 . 2010-04-30 21:18 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-02 23:10 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-31 10:57 . 2010-05-02 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-31 10:57 . 2010-04-30 21:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-05-02 11:29 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-31 10:57 . 2010-05-02 23:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-31 10:57 . 2010-04-30 21:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-31 10:57 . 2010-05-02 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-31 10:57 . 2010-04-30 21:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-31 10:57 . 2010-05-02 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-31 10:57 . 2010-04-30 21:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-31 13:09 . 2010-05-02 23:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-31 13:09 . 2010-04-30 21:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-31 13:09 . 2010-05-02 23:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-03-31 13:09 . 2010-04-30 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-03-31 13:09 . 2010-05-02 23:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-03-31 13:09 . 2010-04-30 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-03-31 10:57 . 2010-05-02 23:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-31 10:57 . 2010-04-30 21:19 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-31 10:57 . 2010-05-02 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-31 10:57 . 2010-04-30 21:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-13 23:19 . 2009-07-14 01:04 80896 c:\windows\diagnostics\system\Search\DiagPackage.dll
+ 2010-03-31 10:57 . 2010-05-02 23:12 5700 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-449993848-2859783819-828539771-1001_UserData.bin
+ 2010-05-02 23:10 . 2010-05-02 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-30 21:18 . 2010-04-30 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-30 21:18 . 2010-04-30 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-02 23:10 . 2010-05-02 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:41 . 2009-07-14 01:16 301568 c:\windows\System32\srchadmin.dll
+ 2009-07-14 00:14 . 2009-07-14 01:14 164352 c:\windows\System32\SearchProtocolHost.exe
+ 2009-07-14 00:14 . 2009-07-14 01:14 428032 c:\windows\System32\SearchIndexer.exe
+ 2009-07-14 02:05 . 2010-05-02 11:29 606992 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-05-02 11:29 103370 c:\windows\System32\perfc009.dat
+ 2009-07-14 00:13 . 2009-07-14 01:15 666624 c:\windows\System32\mssvp.dll
+ 2009-07-14 00:14 . 2009-07-14 01:15 197120 c:\windows\System32\mssphtb.dll
+ 2009-07-14 00:13 . 2009-07-14 01:15 337408 c:\windows\System32\mssph.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15 104448 c:\windows\System32\mssitlb.dll
+ 2009-10-14 02:20 . 2010-05-02 19:32 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-10-14 02:20 . 2010-04-30 21:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-31 09:59 . 2010-05-02 23:10 671744 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 00:17 . 2009-07-14 01:16 1553408 c:\windows\System32\tquery.dll
+ 2009-07-14 02:03 . 2010-05-02 16:04 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-04-30 09:18 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 00:13 . 2009-07-14 01:15 1401856 c:\windows\System32\mssrch.dll
+ 2009-07-14 04:34 . 2010-05-02 11:29 3607242 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-04-29 06:02 . 2010-04-30 03:58 134252032 c:\windows\System32\config\systemprofile\AppData\LocalLow\Google\GoogleEarth\dbCache1.dat
+ 2010-04-29 06:02 . 2010-05-01 06:49 134252032 c:\windows\System32\config\systemprofile\AppData\LocalLow\Google\GoogleEarth\dbCache1.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 08:28 282792 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
R0 ijrrq;ijrrq; [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-02 697328]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 136176]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 N;N;c:\users\Mario\AppData\Local\Temp\N.exe [x]
R3 OZAMLPV;OZAMLPV;c:\users\Mario\AppData\Local\Temp\OZAMLPV.exe [x]
R3 QSIQQP;QSIQQP;c:\users\Mario\AppData\Local\Temp\QSIQQP.exe [x]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Inhalt des "geplante Tasks" Ordners
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 18:54]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 18:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4889p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - component: c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4889p.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-05-03 01:19:38
ComboFix-quarantined-files.txt 2010-05-02 23:19
ComboFix2.txt 2010-04-30 21:27
Vor Suchlauf: 12 Verzeichnis(se), 166.363.029.504 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 166.174.613.504 Bytes frei
- - End Of File - - C7F54ED74A6BD5E9F1A04D6A0C9A638E
|
|
03.05.2010, 08:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neue Tabs mit Werbung Lad Dir bitte von hier eine saubere volmgrx.sys am besten direkt auf c: herunter, danach: PartedMagic 1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 90 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn oder Nero per Imagebrennfunktion unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist  4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken 5. Mounte die Partition wo Windows installiert ist, meistens ist das /dev/sda1 6. Benenne auf sda1 die Datei ../windows/system32/drivers/volmgrx.sys um in volmgrx.bad 7. Kopiere die saubere volmgrx.sys in den Pfad hinein (/windows/system32/drivers) (müsste eigentlich alles ganz easy über den graphischen Dateibowser in Linux gehen) 8. Starte den Rechner neu und boote Windows 9. Die in Linux umbenannte Datei (volmgrx.bad in system32\drivers) bei Virustotal.com auswerten lassen und Ergebnislink posten 10. Einen neuen Durchlauf mit GMER machen und Log posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2010, 11:47
| #15 |
| | Firefox öffnet neue Tabs mit WerbungCode:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.03 Rootkit.Win32.TDSS!IK
AhnLab-V3 2010.05.02.00 2010.05.01 -
AntiVir 8.2.1.224 2010.05.03 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.04.30 -
Authentium 5.2.0.5 2010.05.03 W32/SYStroj.AB2.gen!Eldorado
Avast 4.8.1351.0 2010.05.03 Win32:Alureon-FZ
Avast5 5.0.332.0 2010.05.03 Win32:Alureon-FZ
AVG 9.0.0.787 2010.05.03 Win32/Patched.DP
BitDefender 7.2 2010.05.03 Rootkit.Patched.TDSS.Gen
CAT-QuickHeal 10.00 2010.05.01 -
ClamAV 0.96.0.3-git 2010.05.03 -
Comodo 4746 2010.05.03 TrojWare.Win32.Rootkit.TDL3.gen
DrWeb 5.0.2.03300 2010.05.03 BackDoor.Tdss.2459
eSafe 7.0.17.0 2010.05.02 -
eTrust-Vet 35.2.7465 2010.05.03 Win32/Alureon.A!generic
F-Prot 4.5.1.85 2010.05.03 W32/SYStroj.AB2.gen!Eldorado
F-Secure 9.0.15370.0 2010.05.03 Rootkit.Patched.TDSS.Gen
Fortinet 4.0.14.0 2010.05.02 -
GData 21 2010.05.03 Rootkit.Patched.TDSS.Gen
Ikarus T3.1.1.80.0 2010.05.03 Rootkit.Win32.TDSS
Jiangmin 13.0.900 2010.05.03 Rootkit.TDSS.dgu
Kaspersky 7.0.0.125 2010.05.03 Rootkit.Win32.TDSS.ap
McAfee 5.400.0.1158 2010.05.03 -
McAfee-GW-Edition 6.8.5 2010.05.03 Trojan.Patched.Gen
Microsoft 1.5703 2010.05.03 Virus:Win32/Alureon.H
NOD32 5081 2010.05.03 Win32/Patched.EQ
Norman 6.04.12 2010.05.03 W32/tdss.drv.gen8
nProtect 2010-05-03.01 2010.05.03 -
Panda 10.0.2.7 2010.05.02 -
PCTools 7.0.3.5 2010.05.03 -
Prevx 3.0 2010.05.03 -
Rising 22.45.04.03 2010.04.30 RootKit.Win32.TDSS.c
Sophos 4.53.0 2010.05.03 Mal/TDSSRt-A
Sunbelt 6250 2010.05.02 LooksLike.Win32.PatchedDriver!A (v)
Symantec 20091.2.0.41 2010.05.03 Backdoor.Tidserv!inf
TheHacker 6.5.2.0.275 2010.05.02 -
TrendMicro 9.120.0.1004 2010.05.03 Mal_TIDIES-12
TrendMicro-HouseCall 9.120.0.1004 2010.05.03 Mal_TIDIES-12
VBA32 3.12.12.4 2010.05.03 Rootkit.Win32.TDSL.b
ViRobot 2010.5.1.2299 2010.05.03 -
VirusBuster 5.0.27.0 2010.05.02 Rootkit.TDSS.Gen.3
weitere Informationen
File size: 297040 bytes
MD5...: 8aa67814482d57105feef4fd0677547a
SHA1..: 26fffc5a9829a70292ee004c4bece4efef8fa9a5
SHA256: 8e5a15827b00bfe79e865d8c29c6c380e8f08434bf6ac848ab448d5083ca763a
ssdeep: 6144:NdF5ilGCHNKgx4V9pfj5h/gmSuDzRWd7+9TlOvSCiNG7cWh0XMRW:N/sfCg
iDzR2aTlkSCdSXF
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x46014
timedatestamp.....: 0x4a5bbf2d (Mon Jul 13 23:11:41 2009)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x136cf 0x13800 6.47 6abc7d382ba96ae2b739ccd0a3edbf0c
.rdata 0x15000 0x918 0xa00 5.21 5f4ddf158f72905816c0005fd16b557e
.data 0x16000 0x879 0xa00 1.60 4c8bf658934b2686bf9aba8b3684f436
PAGE 0x17000 0x2d110 0x2d200 6.49 d035b8f153fe7da5e9d0a9b49b14c0c9
INIT 0x45000 0xdec 0xe00 6.10 6066b923575900f38fe671158a1f2e3b
.rsrc 0x46000 0x6b0 0x800 5.34 76c9ff9f944a53b978a6f0a4712c7d3d
.reloc 0x47000 0x322c 0x3400 6.59 9a3bd78fa017b4e24d741615e6964faf
( 2 imports )
> ntoskrnl.exe: ObfDereferenceObject, IoWMIWriteEvent, ExAllocatePoolWithTag, memcpy, MmGetSystemRoutineAddress, RtlInitUnicodeString, RtlCompareMemory, IoWMIRegistrationControl, IofCompleteRequest, IofCallDriver, KeDelayExecutionThread, KeWaitForSingleObject, IoBuildDeviceIoControlRequest, KeInitializeEvent, RtlStringFromGUID, IoGetDeviceObjectPointer, RtlQueryRegistryValues, ZwClose, ZwFlushKey, ZwOpenKey, RtlGUIDFromString, RtlFreeUnicodeString, RtlWriteRegistryValue, RtlDeleteRegistryValue, ZwQueryLicenseValue, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, _allmul, IoGetAttachedDeviceReference, ExUuidCreate, KeQuerySystemTime, _aulldiv, IoForwardIrpSynchronously, IoGetDevicePropertyData, KdDebuggerNotPresent, KdDebuggerEnabled, IoGetDeviceInterfaces, ExQueueWorkItem, RtlEqualUnicodeString, _vsnprintf, ExFreePoolWithTag, isspace, RtlCharToInteger, RtlInt64ToUnicodeString, _stricmp, IoBuildSynchronousFsdRequest, _aullrem, InterlockedPopEntrySList, InterlockedPushEntrySList, ExInitializeNPagedLookasideList, IoFreeMdl, KeClearEvent, IoFreeIrp, IoReuseIrp, IoAllocateIrp, ObfReferenceObject, _allshl, _aulldvrm, _aullshr, MmFreeMappingAddress, IoBuildPartialMdl, MmUnmapLockedPages, FsRtlIsTotalDeviceFailure, KeSetEvent, IoRaiseInformationalHardError, IoAllocateMdl, MmBuildMdlForNonPagedPool, IoCreateSymbolicLink, IoDeleteSymbolicLink, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, MmUnmapReservedMapping, MmMapLockedPagesWithReservedMapping, MmMapLockedPagesSpecifyCache, KeInitializeSemaphore, KeReleaseSemaphore, MmUnlockPages, IoBuildAsynchronousFsdRequest, KeBugCheckEx, MmAllocateMappingAddress, KeTickCount, memset, _purecall, _vsnwprintf, EtwWrite, EtwUnregister, EtwEventEnabled, EtwProviderEnabled, EtwRegister
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-03 12:47:04
Windows 6.1.7600
Running: y5cmvqwg.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uglcypod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830203F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830092D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830201DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830206F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830211A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C3B8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C5B3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spvk.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE PCIIDEX.SYS!DllUnload 8C475606 5 Bytes JMP 854011D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9302E000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 93680CA0 5 Bytes JMP 866681D8
.text peauth.sys 9A168C9D 28 Bytes JMP 0692B869
.text peauth.sys 9A168CC1 28 Bytes JMP 0692B88D
PAGE peauth.sys 9A16EB9B 72 Bytes [4E, C1, 35, 30, 3C, 4C, C0, ...]
PAGE peauth.sys 9A16EBEC 60 Bytes [27, 4E, 38, 29, 53, 28, 55, ...]
PAGE peauth.sys 9A16EC29 50 Bytes [38, D4, 20, 59, 47, 67, 31, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1812] SHELL32.dll!SHFileOperationW 760B9708 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ntdll.dll!LdrLoadDll 775EF585 5 Bytes JMP 002C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [8C266ECE] \SystemRoot\System32\Drivers\spvk.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8C266F22] \SystemRoot\System32\Drivers\spvk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C23990E] \SystemRoot\System32\Drivers\spvk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C239F9C] \SystemRoot\System32\Drivers\spvk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8C2393E6] \SystemRoot\System32\Drivers\spvk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C23A178] \SystemRoot\System32\Drivers\spvk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C2391D4] \SystemRoot\System32\Drivers\spvk.sys
IAT \SystemRoot\system32\DRIVERS\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 853FE5B8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 854051F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977} 865DD470
Device \Driver\volmgr \Device\VolMgrControl 854001F8
Device \Driver\usbuhci \Device\USBPDO-0 8665F1F8
Device \Driver\PCI_PNP4852 \Device\00000051 spvk.sys
Device \Driver\usbuhci \Device\USBPDO-1 8665F1F8
Device \Driver\usbehci \Device\USBPDO-2 86648470
Device \Driver\usbuhci \Device\USBPDO-3 8665F1F8
Device \Driver\usbuhci \Device\USBPDO-4 8665F1F8
Device \Driver\usbuhci \Device\USBPDO-5 8665F1F8
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-6 8665F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 854001F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86648470
Device \Driver\volmgr \Device\HarddiskVolume2 854001F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 8652E1F8
Device \Driver\cdrom \Device\CdRom1 8652E1F8
Device \Driver\atapi \Device\Ide\IdePort0 854031F8
Device \Driver\atapi \Device\Ide\IdePort1 854031F8
Device \Driver\atapi \Device\Ide\IdePort2 854031F8
Device \Driver\atapi \Device\Ide\IdePort3 854031F8
Device \Driver\atapi \Device\Ide\IdePort4 854031F8
Device \Driver\atapi \Device\Ide\IdePort5 854031F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854031F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6 854031F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 854031F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 865DD470
Device \Driver\sptd \Device\3231993602 spvk.sys
Device \Driver\usbuhci \Device\USBFDO-0 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8665F1F8
Device \Driver\usbehci \Device\USBFDO-2 86648470
Device \Driver\NetBT \Device\NetBT_Tcpip_{90CD409F-4B02-4458-AEF5-9A1D58AC1267} 865DD470
Device \Driver\usbuhci \Device\USBFDO-3 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-4 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-6 8665F1F8
Device \Driver\usbehci \Device\USBFDO-7 86648470
Device \Driver\abxfku6p \Device\Scsi\abxfku6p1 866DB1F8
Device \Driver\abxfku6p \Device\Scsi\abxfku6p1Port6Path0Target0Lun0 866DB1F8
Device \FileSystem\cdfs \Cdfs 86E6E1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{32C17511-1BC4-49D3-A99D-7A78BB541D10}\Connection@Name isatap.{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{32C17511-1BC4-49D3-A99D-7A78BB541D10}?\Device\{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{32C17511-1BC4-49D3-A99D-7A78BB541D10}"?"{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}"?"{10A19763-DD68-4591-A1FB-9D453A2DB415}"?"{BC8E02EB-F09F-4B82-93F7-7018E9217252}"?"{C4E288D5-8521-4920-9292-2D30DAE4634C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{32C17511-1BC4-49D3-A99D-7A78BB541D10}?\Device\TCPIP6TUNNEL_{32E49564-6E3D-4E37-8B8B-89BBBD8D3A1B}?\Device\TCPIP6TUNNEL_{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\TCPIP6TUNNEL_{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\TCPIP6TUNNEL_{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{32C17511-1BC4-49D3-A99D-7A78BB541D10}@InterfaceName isatap.{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{32C17511-1BC4-49D3-A99D-7A78BB541D10}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 5176
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2535
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0x65 0x8D 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x0C 0xFC 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0x65 0x8D 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x0C 0xFC 0x93 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 06CD48B22DF6FA5CF2C020EDA912256D8D096951455A2FF4156D54C2F47D7FF9C442383BC6631CB31938A69869A4404810FD88433ED808568BAFCCA1F7AB9CD5B598A65DD0C383C002C35A79CCFDF212305B20B20977368EEDD70D3924DE27E77B8497AFA8A4B1A3E94D9F8318F0EB56655F1412756A3E390C1A9997EF501479DDCE517B0EE3AAF0B2521FDF739EE11B48DD0E04B53B2364583EBDFEB710D8C5C8D2DF4126B5F532E0E3C3686F800BD217BCFBE15F476E93699D0864BBFE6F7C4C0211B2F79F1EE49CA7BEACFA61A6E9B3F40F376C3EAF3DFB2A49F19C5257C11C5FF9B6F07DB479B35583F06C6174BCA495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC793337395FC060B9B8CA946D55454998C526EA5A4C18E45D4A00AF0C44BD131B52BC8A16018798D08C72DB65838F359A118762E1A70048443B2963E93EAA87249680EF1242F2C84B594EADB91F045179EA463970795C46F3033D8F2C9EA41A19543113CA6A5618D1C1911767D33AF7CDAEE5FB0078A8898F57B8E16945AA64C7385E639320D8B2811080671EB49D06A1E081FCBB40B7BFAF922ACC6A751384F5192D9372EFF4476CAF753340B66E5AF025C8D184CC2C195E343586AC57091E5
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu Firefox öffnet neue Tabs mit Werbung |
| 0 bytes, adobe, antivir, antivir guard, avg, avira, bho, controlset002, desktop, firefox, firefox.exe, google, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, locker, logfile, malwarebytes, malwarebytes' anti-malware, mozilla, mozilla thunderbird, neue tabs, neue tabs mit werbung, notification, ntdll.dll, object, plug-in, registry, scan, shell32.dll, software, svchost.exe, system, tabs mit werbung, temp, tunnel, usbport.sys, werbung, öffnet |
Linear-Darstellung
