| |
| |||||||
Log-Analyse und Auswertung: internet explover liefert falsche seiten (nach google suche)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
13.10.2008, 16:14
| #1 |
  |  internet explover liefert falsche seiten (nach google suche) Grafiken? Du kannst das ganze auch unten ueber "Anhaenge verwalten" anhaengen
__________________ MfG Ralf |
|
13.10.2008, 20:00
| #2 | |
| | internet explover liefert falsche seiten (nach google suche)Zitat:
ComboFix 08-10-12.01 - Moonwalker 2008-10-13 16:27:36.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1342 [GMT 2:00] ausgeführt von:: E:\stuff\install programme\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2008-09-13 bis 2008-10-13 )))))))))))))))))))))))))))))) . 2008-10-13 14:18 . 2008-10-13 14:18 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\Malwarebytes 2008-10-13 14:18 . 2008-10-13 14:18 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-13 14:18 . 2008-10-13 14:18 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-13 14:18 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-13 14:18 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-12 21:34 . 2008-10-12 21:35 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-10-12 21:34 . 2008-10-12 21:35 <DIR> d-------- C:\ProgramData\Lavasoft 2008-10-12 20:14 . 2008-10-13 11:44 3,542 --a------ C:\Windows\System32\ealregsnapshot1.reg 2008-10-12 19:23 . 2008-10-12 19:23 167,936 --a------ C:\Windows\System32\wb78027.dll 2008-10-11 23:18 . 2008-10-11 23:18 172,032 --a------ C:\Windows\System32\xwr15410.dll 2008-10-11 23:18 . 2008-10-11 23:18 172,032 --a------ C:\Windows\System32\wr15410.dll 2008-10-11 23:18 . 2008-10-11 23:18 65,536 --a------ C:\Windows\System32\xa35820107.exe 2008-10-11 23:18 . 2008-10-11 23:18 65,536 --a------ C:\Windows\System32\xa35819873.exe 2008-10-11 20:48 . 2008-10-11 20:48 66,872 --a------ C:\Windows\System32\PnkBstrA.exe 2008-10-11 13:17 . 2008-10-11 13:17 <DIR> d----c--- C:\Windows\System32\DRVSTORE 2008-10-11 13:17 . 2008-10-11 13:17 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-11 13:17 . 2008-10-11 13:17 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-11 13:17 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2008-10-11 13:17 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2008-10-11 13:10 . 2008-10-11 13:10 <DIR> d-------- C:\Users\All Users\Symantec Temporary Files 2008-10-11 13:10 . 2008-10-11 13:10 <DIR> d-------- C:\ProgramData\Symantec Temporary Files 2008-10-11 13:00 . 2008-10-11 13:04 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\Symantec 2008-10-11 12:56 . 2008-10-11 12:59 <DIR> d-------- C:\Program Files\Symantec 2008-10-11 12:56 . 2008-10-11 12:59 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS 2008-10-11 12:56 . 2008-10-11 12:59 10,563 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT 2008-10-11 12:56 . 2008-10-11 12:59 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF 2008-10-11 12:50 . 2008-10-11 13:18 <DIR> d-------- C:\Users\All Users\Symantec 2008-10-11 12:50 . 2008-10-11 13:18 <DIR> d-------- C:\ProgramData\Symantec 2008-10-11 12:50 . 2008-10-11 13:22 <DIR> d-------- C:\Program Files\norton 360 2008-10-11 12:50 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-10-05 21:19 . 2008-10-05 21:19 <DIR> d-------- C:\Program Files\Electronic Arts 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads 2008-10-05 21:18 . 2008-10-05 21:18 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents 2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\streamripper 2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d-------- C:\Program Files\Streamripper 2008-10-05 16:21 . 2008-10-05 16:21 279,712 --a------ C:\Windows\System32\drivers\atksgt.sys 2008-10-05 16:21 . 2008-10-05 16:21 25,888 --a------ C:\Windows\System32\drivers\lirsgt.sys 2008-10-03 15:09 . 2008-10-03 15:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-10-02 06:44 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll 2008-10-02 06:44 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll 2008-10-02 06:44 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll 2008-10-02 06:44 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe 2008-10-02 06:44 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx 2008-10-02 06:44 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe 2008-10-02 06:44 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll 2008-10-02 06:43 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-10-02 06:43 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-10-02 06:43 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-10-02 06:43 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-10-02 06:43 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-10-02 06:43 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-10-02 06:40 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-10-02 06:40 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-10-02 06:40 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-10-02 06:40 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll 2008-10-02 06:40 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys 2008-10-02 06:40 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll 2008-10-01 13:30 . 2008-10-01 13:30 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\XRay Engine 2008-10-01 12:35 . 2008-10-13 15:14 55,084 --a------ C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx 2008-10-01 12:35 . 2008-10-12 19:36 1,080 --a------ C:\Windows\System32\settingsbkup.sfm 2008-10-01 12:35 . 2008-10-12 19:36 1,080 --a------ C:\Windows\System32\settings.sfm 2008-10-01 12:35 . 2008-10-13 15:14 788 --a------ C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx 2008-10-01 12:33 . 2008-10-01 12:33 <DIR> d-------- C:\PerfLogs 2008-10-01 09:33 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe 2008-10-01 09:33 . 2008-01-19 09:33 2,091,520 --a------ C:\Windows\System32\dfsr.exe 2008-10-01 09:33 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll 2008-10-01 09:33 . 2008-01-19 09:36 1,107,968 --a------ C:\Windows\System32\pidgenx.dll 2008-10-01 09:33 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll 2008-10-01 09:33 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys 2008-10-01 09:33 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL 2008-10-01 09:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-09-30 23:33 . 2008-09-30 23:33 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\DAEMON Tools 2008-09-30 23:33 . 2008-09-30 23:33 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-09-30 15:57 . 2005-12-23 14:20 94,064 --a------ C:\Windows\System32\drivers\w810mdm.sys 2008-09-30 15:57 . 2005-12-23 14:20 85,408 --a------ C:\Windows\System32\drivers\w810mgmt.sys 2008-09-30 15:57 . 2005-12-23 14:20 58,288 --a------ C:\Windows\System32\drivers\w810bus.sys 2008-09-30 15:57 . 2005-12-23 14:20 8,336 --a------ C:\Windows\System32\drivers\w810mdfl.sys 2008-09-30 15:57 . 2005-12-23 14:20 6,176 --a------ C:\Windows\System32\drivers\w810cmnt.sys 2008-09-30 15:57 . 2005-12-23 14:20 6,176 --a------ C:\Windows\System32\drivers\w810cm.sys 2008-09-30 15:57 . 2005-12-23 14:20 5,808 --a------ C:\Windows\System32\drivers\w810whnt.sys 2008-09-30 15:57 . 2005-12-23 14:20 5,808 --a------ C:\Windows\System32\drivers\w810wh.sys 2008-09-30 15:03 . 2008-09-30 15:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-09-30 15:03 . 2008-09-30 15:03 269,312 --a------ C:\Windows\System32\es.dll 2008-09-30 09:40 . 2008-09-30 09:40 <DIR> d--h----- C:\Users\All Users\CanonBJ 2008-09-30 09:40 . 2008-09-30 09:40 <DIR> d--h----- C:\ProgramData\CanonBJ 2008-09-29 19:54 . 2008-09-29 20:13 <DIR> d-------- C:\Users\All Users\Media Center Programs 2008-09-29 19:54 . 2008-09-29 20:14 <DIR> d-------- C:\temp 2008-09-29 19:54 . 2008-09-29 20:13 <DIR> d-------- C:\ProgramData\Media Center Programs 2008-09-29 19:12 . 2008-09-29 20:46 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\CPUControl 2008-09-29 19:00 . 2008-09-29 19:00 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\vlc 2008-09-29 18:41 . 2008-10-05 20:17 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\Roxio 2008-09-29 18:20 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll 2008-09-29 18:19 . 2008-10-01 17:19 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\Winamp 2008-09-29 18:18 . 2008-09-29 18:18 <DIR> d-------- C:\Windows\System32\Macromed 2008-09-29 18:14 . 2008-10-13 16:26 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\uTorrent 2008-09-29 18:13 . 2008-09-29 18:13 <DIR> d-------- C:\Users\All Users\Uninstall 2008-09-29 18:13 . 2008-09-29 18:13 <DIR> d-------- C:\ProgramData\Uninstall 2008-09-29 18:11 . 2008-10-05 20:34 <DIR> d-------- C:\Users\All Users\Roxio 2008-09-29 18:11 . 2008-10-05 20:34 <DIR> d-------- C:\ProgramData\Roxio 2008-09-29 18:09 . 2008-09-29 18:09 <DIR> d-------- C:\Program Files\Roxio 2008-09-29 18:09 . 2008-09-29 18:09 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2008-09-29 18:07 . 2008-09-29 18:07 <DIR> d-------- C:\Users\All Users\Sonic 2008-09-29 18:07 . 2008-09-29 18:07 <DIR> d-------- C:\ProgramData\Sonic 2008-09-29 18:07 . 2008-09-29 18:13 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2008-09-29 18:07 . 2008-09-29 18:11 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-09-29 18:05 . 2008-09-29 19:36 <DIR> d-------- C:\Users\Moonwalker\AppData\Roaming\InstallShield 2008-09-29 18:05 . 2008-09-29 18:05 <DIR> d-------- C:\Users\All Users\InstallShield 2008-09-29 18:05 . 2008-09-29 18:05 <DIR> d-------- C:\ProgramData\InstallShield 2008-09-29 18:05 . 2008-09-29 18:11 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2008-09-29 17:59 . 2008-09-29 17:59 <DIR> d-------- C:\Program Files\Creative 2008-09-29 17:59 . 2008-09-29 17:59 <DIR> d-------- C:\Program Files\Common Files\Creative Labs Shared 2008-09-29 17:58 . 2008-09-29 17:58 <DIR> d-------- C:\Program Files\OpenAL 2008-09-29 17:58 . 2008-10-01 12:27 409,600 --a------ C:\Windows\System32\wrap_oal.dll 2008-09-29 17:58 . 2008-06-06 10:24 142,848 --a------ C:\Windows\System32\APOMngr.DLL 2008-09-29 17:58 . 2008-10-01 12:27 114,688 --a------ C:\Windows\System32\OpenAL32.dll 2008-09-29 17:58 . 2008-06-06 10:24 70,656 --a------ C:\Windows\System32\CmdRtr.DLL 2008-09-29 17:58 . 2008-10-01 12:27 87 -rah----- C:\Windows\ctfile.rfc 2008-09-29 17:57 . 2004-07-30 14:46 20,480 --a------ C:\Windows\INRESGER.DLL 2008-09-29 17:57 . 2006-06-09 15:20 3,072 --a------ C:\Windows\CTXFIGER.DLL . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-13 14:26 6,736 ----a-w C:\Windows\system32\drivers\PROCEXP90.SYS 2008-10-01 10:39 174 --sha-w C:\Program Files\desktop.ini 2008-10-01 10:34 --------- d-----w C:\Program Files\Windows Sidebar 2008-10-01 10:34 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-10-01 10:34 --------- d-----w C:\Program Files\Windows Mail 2008-10-01 10:34 --------- d-----w C:\Program Files\Windows Journal 2008-10-01 10:34 --------- d-----w C:\Program Files\Windows Defender 2008-10-01 10:34 --------- d-----w C:\Program Files\Windows Collaboration 2008-10-01 10:34 --------- d-----w C:\Program Files\Windows Calendar 2008-10-01 07:45 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-10-01 07:45 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-09-29 15:36 988,216 ----a-w C:\Windows\System32\winload.exe 2008-09-29 15:36 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-09-29 15:36 615,992 ----a-w C:\Windows\System32\ci.dll 2008-09-29 15:36 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-09-29 15:36 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-09-29 15:36 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-09-29 15:36 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-09-29 15:36 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-09-29 15:36 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-09-29 15:36 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-09-29 14:45 --------- d-sh--w C:\ProgramData\Vorlagen 2008-09-29 14:45 --------- d-sh--w C:\ProgramData\Startmenü 2008-09-29 14:45 --------- d-sh--w C:\ProgramData\Favoriten 2008-09-29 14:45 --------- d-sh--w C:\ProgramData\Dokumente 2008-09-29 14:45 --------- d-sh--w C:\ProgramData\Anwendungsdaten 2008-09-29 14:45 --------- d-sh--w C:\Program Files\Gemeinsame Dateien 2008-09-04 07:31 288,024 ----a-w C:\Windows\System32\PhysXCplUI.exe 2008-08-29 06:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll 2008-07-15 09:37 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL 2008-07-15 09:36 171,032 ----a-w C:\Windows\System32\CT20XUT.DLL 2008-07-15 09:36 1,324,056 ----a-w C:\Windows\System32\CTEXFIFX.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "CPU_Control"="D:\Programme\CPU-Control\CPU_Control.exe" [2008-09-04 1036800] "DAEMON Tools Lite"="D:\Programme\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048] "osCheck"="C:\Program Files\norton 360\osCheck.exe" [2008-02-27 988512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1255623849-2539970981-1898390397-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A2C6B35D-833C-4EC3-9B83-7727FBB214DB}"= UDP:D:\Programme\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{DDC85A66-6214-4ABB-BFD5-0BA237BCA372}"= TCP:D:\Programme\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{2041BC40-AECE-4408-8A0F-39A9F54C088E}"= UDP:D:\games\supreme commander\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{D95D2009-2C4D-4191-BF95-EE2EDF924F7D}"= TCP:D:\games\supreme commander\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{97D4F625-AA8E-44BB-9028-61DC7245852C}"= UDP:D:\games\supreme commander\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{C9601229-BD49-4F2F-930C-FC52F0F513FA}"= TCP:D:\games\supreme commander\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{2685A7E0-C503-4737-A3DF-5974B71EC39B}"= UDP:D:\games\supreme commander forged Aliance\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{246F724A-4297-46F0-AFCB-18E67C5FDD58}"= TCP:D:\games\supreme commander forged Aliance\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{F425948A-FFA9-4DBC-AFB2-FE545BDA3942}"= UDP:D:\games\supreme commander forged Aliance\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{E2CED500-8286-4F7A-8655-CB122400B2B5}"= TCP:D:\games\supreme commander forged Aliance\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{6620F1CC-963B-404C-AB16-F0449043CD17}"= UDP:D:\games\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (CLI) "{1811007B-C0E0-4342-8E98-68888D007ED9}"= TCP:D:\games\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (CLI) "{E2FBC5F0-400F-4EFF-8D70-9FAD87D39B13}"= UDP:D:\games\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (SRV) "{B6BC86E5-79A6-45BF-82EF-A7B8C8D72E0D}"= TCP:D:\games\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\bin\dedicated\xrEngine.exe:Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî (SRV) "{9EC80E72-D3C2-4886-92F3-F1F5AEFC55A6}"= UDP:D:\games\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{8AFC7A1C-B1DE-457B-AA6C-21C4DE7E80E5}"= TCP:D:\games\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{3EDCD6CB-EA27-4731-8ACC-0E46F2901F88}"= UDP:D:\games\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "{03A02889-C4FF-4AF3-97B5-81B7CBC846E5}"= TCP:D:\games\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "TCP Query User{D09A09D9-CEDD-4AA1-A65C-D5A92FC1843C}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{F8A44BC5-7817-44F4-9C5E-96B760B47A90}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager "TCP Query User{D2C3CAB1-CC01-4D48-87FD-20106B11D57F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C12C940A-4971-4F68-85DB-549B07B473B0}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{3F45B6D2-8302-47FE-9AEC-3E45F0E69ECC}"= UDP:D:\games\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{32035BAD-7030-462F-9C2D-6DECF3383A64}"= TCP:D:\games\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081010.001\IDSvix86.sys [2008-10-03 270384] R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1177624] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-09-10 38528] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-06 41008] S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04e0b198-8e34-11dd-8ff5-806e6f6e6963}] \shell\AutoRun\command - F:\Autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST *Newly Created Service* - MBAMSWISSARMY *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-13 16:34:13 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-10-13 16:35:23 ComboFix-quarantined-files.txt 2008-10-13 14:35:19 Vor Suchlauf: 3.611.222.016 Bytes frei Nach Suchlauf: 5,539,532,800 Bytes frei 258 --- E O F --- 2008-10-11 04:31:06 |
|
14.10.2008, 06:29
| #3 |
| | internet explover liefert falsche seiten (nach google suche) Ueberpruefe bitte C:\Windows\System32\xa35820107.exe bei virustotal.com und poste den Link zum Ergebnis.
__________________
__________________ |
|
14.10.2008, 09:11
| #4 | |
| | internet explover liefert falsche seiten (nach google suche)Zitat:
AhnLab-V3 2008.10.14.0 2008.10.13 - AntiVir 7.8.1.34 2008.10.13 - Authentium 5.1.0.4 2008.10.13 - Avast 4.8.1248.0 2008.10.14 - AVG 8.0.0.161 2008.10.13 - BitDefender 7.2 2008.10.14 - CAT-QuickHeal 9.50 2008.10.13 - ClamAV 0.93.1 2008.10.14 - DrWeb 4.44.0.09170 2008.10.14 - eSafe 7.0.17.0 2008.10.12 - eTrust-Vet 31.6.6146 2008.10.13 - Ewido 4.0 2008.10.13 - F-Prot 4.4.4.56 2008.10.12 - F-Secure 8.0.14332.0 2008.10.14 - Fortinet 3.113.0.0 2008.10.14 - GData 19 2008.10.14 - Ikarus T3.1.1.34.0 2008.10.14 - K7AntiVirus 7.10.492 2008.10.13 - Kaspersky 7.0.0.125 2008.10.14 - McAfee 5403 2008.10.11 - Microsoft 1.4005 2008.10.14 - NOD32 3519 2008.10.14 - Norman 5.80.02 2008.10.13 - Panda 9.0.0.4 2008.10.13 - PCTools 4.4.2.0 2008.10.13 - Prevx1 V2 2008.10.14 - Rising 20.66.02.00 2008.10.13 - SecureWeb-Gateway 6.7.6 2008.10.13 - Sophos 4.34.0 2008.10.13 - Sunbelt 3.1.1722.1 2008.10.14 - Symantec 10 2008.10.14 - TheHacker 6.3.1.0.110 2008.10.14 - TrendMicro 8.700.0.1004 2008.10.13 - VBA32 3.12.8.6 2008.10.13 - ViRobot 2008.10.13.1417 2008.10.13 - VirusBuster 4.5.11.0 2008.10.13 - weitere Informationen File size: 65536 bytes MD5...: ecbcd35f44cebd44d64ff5d5529ed22b SHA1..: d534e106f9f04e841533ff74deeffb66286b6c98 SHA256: eb4d37ea1b5c24e8898d5fb90acd864ba7082050448b2e014d491fed142ef4a6 SHA512: ce8ba3b635731b9afe4160fb79493e2f3213139f5b11a82c84c4d84361cf353c fced7e385ce24aca7e02ad5bfcac7b80cf38adac313144da6dbe6d7e0d420c32 PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x403c6c timedatestamp.....: 0x486dd193 (Fri Jul 04 07:30:27 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3d05 0x4000 5.88 5dd55bbc4fef8ccb72c556117ef703ef .rdata 0x5000 0x2e78 0x3000 5.07 75d47c1c8a92d6e803ab682e91b2e971 .data 0x8000 0x8d0 0x1000 1.07 748d57a0e7525ed4e27f4f7f5156ef95 .rsrc 0x9000 0x65fc 0x7000 4.67 c1d80658df0787f50beb8f6ced27a375 ( 6 imports ) > MFC80.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > MSVCR80.dll: _setmbcp, __CxxFrameHandler3, _CxxThrowException, _unlock, __dllonexit, _encode_pointer, _lock, _onexit, _decode_pointer, _terminate@@YAXXZ, _amsg_exit, __getmainargs, _cexit, _exit, _XcptFilter, _ismbblead, exit, _acmdln, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler4_common, _crt_debugger_hook, __type_info_dtor_internal_method@type_info@@QAEXXZ, _invoke_watson, _controlfp_s > KERNEL32.dll: InterlockedExchange, lstrlenA, GetLastError, SetLastError, LoadLibraryA, GetModuleHandleA, GetProcAddress, Sleep, GetVersionExA, GetProcessHeap, LocalFree, GetCurrentProcess, FreeLibrary, FormatMessageA, GetACP, InterlockedCompareExchange, GetStartupInfoA, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetLocaleInfoA, GetThreadLocale, GetSystemTimeAsFileTime > USER32.dll: wsprintfA, MessageBoxA, EnableWindow, RegisterWindowMessageA > ADVAPI32.dll: GetSidSubAuthority, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount > COMCTL32.dll: InitCommonControlsEx |
|
14.10.2008, 09:16
| #5 | |
| | internet explover liefert falsche seiten (nach google suche)Zitat:
hy raman hier bitte ist der log von virustotal.com ertmal fettes merci für die schnellen antworten auf meine fragen  cooles forum hier. mfg flo |
|
14.10.2008, 12:00
| #6 |
| | internet explover liefert falsche seiten (nach google suche) Das scheint ein umbenanntes NtRegEdit.exe zu sein. Ob die von der Malware mit eingeschleusst wurde, kann ich dir nicht sagen... Hm, hast du einen USB Laufwerk mit Buchstaben f:\, auf dem sich eine Autorun.exe befindet? Diese Datei scheint auch Malware zu sein... Erstelle dir mal eine Antivir bootcd und pruefe damit den Rechner: http://board.protecus.de/files/avira-bootcd-info/index_de.html Mach das mal morgen, da es heute wohl ein engineupdate geben soll.... Drweb CureIT kannst du aber heute schon nutzen!  http://www.trojaner-board.de/59299-anleitung-drweb-cureit.html
__________________ --> internet explover liefert falsche seiten (nach google suche) |
|
| Themen zu internet explover liefert falsche seiten (nach google suche) |
| ad-aware, bho, browser, chip.de, defender, desktop, dll, explorer, falsche seite, google, hijack, hijackthis, internet, internet explorer, intrusion prevention, log, mein log, nvidia, object, programme, proxy, rundll, seiten, software, suche, symantec, system, vista, windows, windows defender, windows sidebar |
Hybrid-Darstellung
