Google Links werden auf seiten wie 95p.com umgeleitet. (malware?)

austriana3 · 29.12.2011, 10:09

Hallo ich habe folgendes Problem wenn ich auf google links gehe werde ich automatisch auf andere Links umgeleitet wie schon im Titel gesagt 95p.com.
Ich habe diese Anleitung gefunden hxxp://cgi.zdnet.de/forum/viewtopic.php?t=4722

Ich habe den CCleaner drübergejagt und Malwarebytes hier der log von malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.24.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: 08PERCHTR [administrator]

Protection: Disabled

29.12.2011 09:47:14
mbam-log-2011-12-29 (09-47-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218495
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 2
C:\Dokumente und Einstellungen\Administrator.HSVIEHHAUSEN\Anwendungsdaten\E48B0\5B112.exe (Trojan.Dropper.PE4) -> 1848 -> Delete on reboot.
C:\Programme\LP\12CE\16B.exe (Trojan.Dropper.PE4) -> 2380 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|16B.exe (Trojan.Dropper.PE4) -> Data: C:\Programme\LP\12CE\16B.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Data: C:\Programme\B0C52\lvvm.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:62545 -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Dokumente und Einstellungen\Administrator.HSVIEHHAUSEN\Anwendungsdaten\E48B0\5B112.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Programme\LP\12CE\16B.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Dokumente und Einstellungen\ropercht\Anwendungsdaten\firefox.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\ropercht\Anwendungsdaten\java.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\ropercht\Anwendungsdaten\WINWORD.EXE (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

(end)

austriana3 · 29.12.2011, 10:14

WindowsScan Log:
Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS *****
***** ***** ***** ***** *****

29.12.2011 WindowsUpdate.log 09 58:1.312.916
29.12.2011 setupapi.log 09 58:24.184
29.12.2011 0.log 09 56:0
29.12.2011 wiadebug.log 09 56:157
29.12.2011 wiaservc.log 09 56:50
29.12.2011 bootstat.dat 09 56:2.048
29.12.2011 SchedLgU.Txt 09 56:31.978
11.12.2011 NeroDigital.ini 10 50:116
09.11.2011 setupapi.log.4.old 06 47:1.210.944
11.10.2011 win.ini 07 40:3.020
Mobile 24.09.2011 ModemLog_HUAWEI 11 22:9.686
25.08.2011 MB4.INI 16 52:1.197
07.05.2011 setupapi.log.3.old 17 06:1.031.027
12.03.2011 wininit.ini 11 13:226
17.01.2011 Thumbs.db 14 10:12.800
13.12.2010 awshkwv.ini 15 58:133
Modem 30.11.2010 ModemLog_ThinkPad 18 55:36.908
03.11.2010 cncscore.ini 15 52:221
14.10.2010 setupapi.log.2.old 06 37:1.039.265
15.06.2010 diagwrn.xml 13 39:1.887
15.06.2010 diagerr.xml 13 39:1.887
18.09.2009 setupapi.log.1.old 14 20:1.781.234
30.12.2008 recht.ini 10 09:69
30.12.2008 CrocChem.INI 09 56:72
30.12.2008 CrocPhys.INI 09 54:165
30.12.2008 Cronos.cfg 09 48:54
30.12.2008 cbt_meta.ini 09 39:2.048

Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32 *****
***** ***** ***** ***** *****

29.12.2011 wpa.dbl 09 56:2.278
29.12.2011 TPHDLOG0.LOG 09 56:388.736
29.12.2011 log.txt 09 56:44
29.12.2011 ICAutoUpdate.log.bak 09 56:1.040
29.12.2011 TPAPSLOG.LOG 09 41:659.072
29.12.2011 d3d9caps.dat 01 07:1.324
01.12.2011 PnkBstrB.exe 12 36:189.248
01.12.2011 PnkBstrA.exe 12 36:90.112
30.11.2011 tmbvcm32.dll 07 40:70.656
26.11.2011 PnkBstrB.xtr 08 38:271.200
25.11.2011 jupdate-1.6.0_29-b11.log 21 31:6.552
25.11.2011 perfh007.dat 21 30:532.652
25.11.2011 perfh009.dat 21 30:506.736
25.11.2011 perfc009.dat 21 30:90.008
25.11.2011 perfc007.dat 21 30:107.662
25.11.2011 PerfStringBackup.INI 21 30:1.254.520
21.11.2011 MRT.exe 19 08:50.295.240
04.11.2011 TubeFinder.exe 12 17:311.296
24.10.2011 RemoteControl.dll 12 51:158.208
23.10.2011 PnkBstrB.ex0 19 05:271.200
18.10.2011 FNTCACHE.DAT 10 12:348.200
17.10.2011 FlashPlayerCPLApp.cpl 15 49:414.368
10.10.2011 inetcomm.dll 15 22:692.736
08.10.2011 PwdServ.cmd 20 23:152
03.10.2011 mshtml.dll 09 34:5.971.456
03.10.2011 javaws.exe 05 06:157.472
03.10.2011 javaw.exe 05 06:145.184
03.10.2011 java.exe 05 06:145.184
03.10.2011 deployJava1.dll 05 06:472.808
03.10.2011 javacpl.cpl 02 37:73.728
28.09.2011 VB6FR.DLL 09 18:119.568
28.09.2011 MSCMCFR.DLL 09 18:141.312
28.09.2011 ReyXpBasics.tlb 09 18:208.500
28.09.2011 ControlSubX.ocx 09 18:24.576
28.09.2011 PCCLPFR.DLL 09 18:9.728
28.09.2011 COMDLG32.OCX 09 18:152.848
28.09.2011 VB6STKIT.DLL 09 18:101.888
28.09.2011 CMDLGFR.DLL 09 18:32.768
28.09.2011 PropertyGrid.ocx 09 18:364.544
28.09.2011 PICCLP32.OCX 09 18:84.512
28.09.2011 crypt32.dll 08 06:604.160
26.09.2011 uiautomationcore.dll 10 41:614.912
26.09.2011 oleaccrc.dll 10 41:23.040
26.09.2011 oleacc.dll 10 41:220.160
20.09.2011 TZLog.log 19 37:127.504
19.09.2011 bdmjpeg.dll 08 07:15.360
19.09.2011 bdmpega.acm 08 07:58.368

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost

***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****

Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process 0 Console 0 28 K
System 4 Console 0 240 K
smss.exe 1200 Console 0 436 K
csrss.exe 1256 Console 0 5.224 K
winlogon.exe 1292 Console 0 7.808 K
services.exe 1336 Console 0 5.604 K
lsass.exe 1348 Console 0 3.220 K
DTS.exe 1584 Console 0 1.712 K
ibmpmsvc.exe 1596 Console 0 1.468 K
AtService.exe 1624 Console 0 21.152 K
ati2evxx.exe 1652 Console 0 3.696 K
svchost.exe 1684 Console 0 5.340 K
svchost.exe 1764 Console 0 4.960 K
svchost.exe 1904 Console 0 32.908 K
btwdins.exe 1932 Console 0 2.628 K
S24EvMon.exe 1976 Console 0 15.096 K
svchost.exe 340 Console 0 5.228 K
svchost.exe 464 Console 0 7.588 K
spoolsv.exe 772 Console 0 9.412 K
sched.exe 816 Console 0 1.800 K
ati2evxx.exe 832 Console 0 4.652 K
svchost.exe 968 Console 0 6.600 K
AcPrfMgrSvc.exe 292 Console 0 5.760 K
AppleMobileDeviceService. 580 Console 0 14.264 K
mDNSResponder.exe 668 Console 0 4.680 K
EvtEng.exe 1864 Console 0 14.284 K
hamachi-2.exe 2056 Console 0 7.408 K
ica.exe 2096 Console 0 12.780 K
iviRegMgr.exe 2564 Console 0 2.340 K
jqs.exe 2576 Console 0 1.452 K
LMS.exe 2656 Console 0 6.556 K
mbamservice.exe 2736 Console 0 6.888 K
mdm.exe 3040 Console 0 3.024 K
PnkBstrA.exe 3156 Console 0 2.276 K
RegSrvc.exe 3252 Console 0 3.200 K
svchost.exe 3396 Console 0 4.400 K
tvt_reg_monitor_svc.exe 3420 Console 0 3.508 K
TPHDEXLG.exe 3440 Console 0 1.720 K
rrpservice.exe 3456 Console 0 3.892 K
rrservice.exe 3484 Console 0 7.756 K
tvtsched.exe 3500 Console 0 6.172 K
UpdateMonitor.exe 3524 Console 0 8.328 K
UNS.exe 3560 Console 0 7.744 K
PWMDBSVC.exe 3740 Console 0 3.576 K
AcSvc.exe 4036 Console 0 20.296 K
SUService.exe 1980 Console 0 13.368 K
wmiprvse.exe 2292 Console 0 8.800 K
explorer.exe 2312 Console 0 41.760 K
wmiprvse.exe 2344 Console 0 5.556 K
SvcGuiHlpr.exe 2800 Console 0 6.752 K
wmiapsrv.exe 3608 Console 0 4.712 K
alg.exe 4052 Console 0 4.600 K
SynTPLpr.exe 2848 Console 0 2.272 K
SynTPEnh.exe 3856 Console 0 5.024 K
svchost.exe 1712 Console 0 3.600 K
PrivacyIconClient.exe 1808 Console 0 24.204 K
TpShocks.exe 3624 Console 0 2.732 K
EZEJMNAP.EXE 3248 Console 0 3.424 K
jusched.exe 3064 Console 0 3.128 K
LPMGR.EXE 3112 Console 0 7.588 K
MOM.exe 3152 Console 0 3.676 K
rundll32.exe 3200 Console 0 7.256 K
ACTray.exe 3276 Console 0 5.368 K
ACWLIcon.exe 1048 Console 0 5.372 K
scheduler_proxy.exe 2456 Console 0 5.176 K
avgnt.exe 4392 Console 0 3.220 K
Updater.exe 4676 Console 0 4.724 K
DivXUpdate.exe 5072 Console 0 10.444 K
datamngrUI.exe 5296 Console 0 5.656 K
hamachi-2-ui.exe 5320 Console 0 4.928 K
ctfmon.exe 5352 Console 0 3.604 K
Skype.exe 5528 Console 0 79.660 K
GoogleToolbarNotifier.exe 5820 Console 0 1.732 K
PMB.exe 6012 Console 0 19.284 K
ManyCam.exe 4208 Console 0 19.296 K
rvfktc.exe 4504 Console 0 6.424 K
CCC.exe 4904 Console 0 6.200 K
Steam.exe 5916 Console 0 10.964 K
SSScheduler.exe 4104 Console 0 2.196 K
orbitdm.exe 4892 Console 0 1.128 K
orbitnet.exe 1248 Console 0 6.692 K
wuauclt.exe 100 Console 0 4.248 K
firefox.exe 3828 Console 0 111.704 K
rhnbs.exe 5280 Console 0 6.404 K
plugin-container.exe 5692 Console 0 23.456 K
notepad.exe 4644 Console 0 540 K
rbvnpq.exe 2360 Console 0 10.328 K
5B112.exe 5796 Console 0 7.316 K
lvvm.exe 232 Console 0 6.768 K
WinRAR.exe 5624 Console 0 11.028 K
cmd.exe 3576 Console 0 2.008 K
tasklist.exe 5936 Console

austriana3 · 29.12.2011, 10:15

HijackthisHiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:06, on 29.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
C:\Programme\iTALC\ica.exe
C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Intel\AMT\LMS.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe
C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Ask.com\Updater\Updater.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Pando Networks\Media Booster\PMB.exe
C:\Programme\ManyCam\Bin\ManyCam.exe
C:\DOKUME~1\ADMINI~1.HSV\LOKALE~1\Temp\rvfktc.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Privat\Steam\Steam.exe
C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programme\Orbitdownloader\orbitdm.exe
C:\Programme\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\ADMINI~1.HSV\LOKALE~1\Temp\rhnbs.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\DOKUME~1\ADMINI~1.HSV\LOKALE~1\Temp\rbvnpq.exe
C:\Dokumente und Einstellungen\Administrator.HSVIEHHAUSEN\Anwendungsdaten\E48B0\5B112.exe
C:\Programme\B0C52\lvvm.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:62545
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = daten-srv.szwf.local;hs-vh-cd01;<local>
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll
F3 - REG:win.ini: load=C:\Programme\B0C52\lvvm.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (file missing)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [picon] "C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Programme\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Programme\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [facemoods] "C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [eDonkey2000] C:\Programme\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [16B.exe] C:\Programme\LP\12CE\16B.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Programme\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [dnb system restore] %TEMP%\sgvtbs.exe
O4 - HKCU\..\Run: [divxupdater] %TEMP%\rvfktc.exe
O4 - HKCU\..\Run: [Media Streamer] %TEMP%\tgbssm.exe
O4 - HKCU\..\Run: [Steam] "E:\Privat\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hsviehhausen.local
O17 - HKLM\Software\..\Telephony: DomainName = hsviehhausen.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hsviehhausen.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hsviehhausen.local
O20 - AppInit_DLLs: C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll C:\PROGRA~1\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Programme\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iTALC Client (icas) - Unknown owner - C:\Programme\iTALC\ica.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programme\Intel\AMT\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 18117 bytes

--- --- ---

Google Links werden auf seiten wie 95p.com umgeleitet. (malware?)

Log-Analyse und Auswertung: Google Links werden auf seiten wie 95p.com umgeleitet. (malware?)