Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Firefox leitet ungewollt um, Antivirenprogramme werden blockiert

Firefox leitet ungewollt um, Antivirenprogramme werden blockiert


Plagegeister aller Art und deren Bekämpfung: Firefox leitet ungewollt um, Antivirenprogramme werden blockiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.01.2010, 18:20   #16
Feitan
 
Firefox leitet ungewollt um, Antivirenprogramme werden blockiert - Standard

Firefox leitet ungewollt um, Antivirenprogramme werden blockiert


Okay, hier der Report von RootRepeal:

Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/01/20 17:38
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA0722000	Size: 892928	File Visible: No	Signed: -
Status: -

Name: PCI_PNP4422
Image Path: \Driver\PCI_PNP4422
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA02C3000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spmg.sys
Image Path: spmg.sys
Address: 0xF7386000	Size: 1052672	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\mcmsc_xhxydguwsmhhfid
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ozcemi6xfctteyh
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 041	Function Name: NtCreateKey
Status: Hooked by "spmg.sys" at address 0xf73870e0

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "spmg.sys" at address 0xf73a5ca4

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "spmg.sys" at address 0xf73a6032

#: 119	Function Name: NtOpenKey
Status: Hooked by "spmg.sys" at address 0xf73870c0

#: 160	Function Name: NtQueryKey
Status: Hooked by "spmg.sys" at address 0xf73a610a

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "spmg.sys" at address 0xf73a5f8a

#: 247	Function Name: NtSetValueKey
Status: Hooked by "spmg.sys" at address 0xf73a619c

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x865671f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System	Address: 0x85b1a1f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System	Address: 0x852b0500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x859e81f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x859e81f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x859e81f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x859e81f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x859e81f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x859e81f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x859e81f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x865691f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x854c41f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x854c41f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x854c41f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x854c41f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x854c41f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x854c41f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x85a8a1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x85a8a1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x85a8a1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x85a8a1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x85a8a1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x85a8a1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x85a8a1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x857d44d8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x857d44d8	Size: 121

==EOF==
Und vielen Dank für deine Geduld!

edit: firefox neu installiert, läuft trotzdem nicht. IE auch nicht...
Geändert von Feitan (20.01.2010 um 18:37 Uhr)

 

Themen zu Firefox leitet ungewollt um, Antivirenprogramme werden blockiert
asus, avira, blockiert, dateien, firefox, hijack, hijackthis, hintergrund, home, installation, javaupdate, langsam, leitet, malware, malwarebytes, musik, nicht öffnen, programme, registerkarte, rootkit, sehr langsam, seite, seiten, sekunden, system, warning, windows, windows xp


« av.exe schlägt wieder zu (unter verschiedenen Synonymen) | Windows Security Alert Virus - Kein Neuaufsetzen des Systems möglich! »


Ähnliche Themen: Firefox leitet ungewollt um, Antivirenprogramme werden blockiert


  1. WEB.de Mails werden ungewollt verschickt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (8)
  2. Antivirenprogramme werden ausgeschalten
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (5)
  3. winmgr.exe blockiert Zugriff auf Antivirenprogramme warum ?
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (33)
  4. winmgr.exe blockiert Zugriff auf Antivirenprogramme
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (1)
  5. Google leitet mich ungewollt auf Google
    Plagegeister aller Art und deren Bekämpfung - 05.02.2014 (17)
  6. Windows 7 - weisses Popup blockiert jede Seite im Firefox (kann entfernt werden)
    Log-Analyse und Auswertung - 08.12.2013 (13)
  7. Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert
    Log-Analyse und Auswertung - 03.11.2013 (33)
  8. Windows 7: Browser leitet ungewollt auf Werbung weiter
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (25)
  9. Problem mit Windows 7 64 Bit -Firefox öffnet ungewollt Tabs mit der überschrift "ads" Proxyeinstellungen werden selbstständig geändert.
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (9)
  10. Antivirenprogramme werden automatisch deaktiviert
    Antiviren-, Firewall- und andere Schutzprogramme - 28.03.2013 (8)
  11. IE startet ungewollt und blockiert den PC
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  12. Hohe Systemauslastung / Google leitet ungewollt weiter
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (17)
  13. Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites
    Plagegeister aller Art und deren Bekämpfung - 16.09.2010 (25)
  14. Virus blockiert alle Antivirenprogramme !
    Log-Analyse und Auswertung - 26.08.2010 (1)
  15. Massive Systemauslastung/ Google leitet ungewollt auf andere Webseiten weiter
    Plagegeister aller Art und deren Bekämpfung - 26.12.2009 (3)
  16. Google leitet mich ungewollt auf Ebay um
    Log-Analyse und Auswertung - 26.01.2009 (1)
  17. Wintems macht probleme und Antivirenprogramme können nicht mehr installiert werden
    Log-Analyse und Auswertung - 15.02.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Firefox leitet ungewollt um, Antivirenprogramme werden blockiert - Okay, hier der Report von RootRepeal: Code: Alles auswählen Aufklappen ATTFilter ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/01/20 17:38 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 - Firefox leitet ungewollt um, Antivirenprogramme werden blockiert...
Archiv
Du betrachtest: Firefox leitet ungewollt um, Antivirenprogramme werden blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131