Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Google/Bing ... redirect Virus rocketnews

Google/Bing ... redirect Virus rocketnews


Log-Analyse und Auswertung: Google/Bing ... redirect Virus rocketnews

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 05.07.2012, 21:35   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
ATTFilter
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
"DisableCAD"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.07.2012, 19:50   #17
danielm
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Hallo hier das neue Log von ComboFix:

Code:
ATTFilter
ComboFix 12-07-08.02 - Daniel Meyer 09.07.2012  19:51:03.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3992.2705 [GMT 2:00]
ausgeführt von:: c:\users\Daniel Meyer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Daniel Meyer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-09 bis 2012-07-09  ))))))))))))))))))))))))))))))
.
.
2012-07-09 17:59 . 2012-07-09 17:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-05 20:25 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-03 15:58 . 2012-07-03 15:58	--------	d-----w-	C:\_OTL
2012-06-28 15:59 . 2012-06-28 15:59	--------	d-----w-	c:\program files (x86)\ESET
2012-06-28 15:37 . 2012-06-28 15:37	--------	d-----w-	c:\users\Daniel Meyer\AppData\Roaming\Malwarebytes
2012-06-28 15:37 . 2012-06-28 15:37	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-28 15:37 . 2012-06-28 15:37	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-28 15:37 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-24 13:00 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-24 13:00 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-24 13:00 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-24 13:00 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-24 12:59 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-24 12:59 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-24 12:59 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-24 12:59 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-24 12:59 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-21 18:29 . 2012-06-21 18:29	--------	d-----w-	c:\users\Daniel Meyer\AppData\Local\Granta Design
2012-06-21 18:26 . 2012-06-21 18:26	--------	d-----w-	c:\programdata\FLEXnet
2012-06-21 18:11 . 2012-06-21 18:11	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2012-06-21 18:09 . 2012-06-21 18:09	--------	d-----w-	C:\Temp
2012-06-21 18:06 . 2012-06-21 18:21	--------	d-----w-	c:\program files (x86)\Common Files\Autodesk Shared
2012-06-21 17:59 . 2012-06-21 18:29	--------	d-----w-	c:\users\Daniel Meyer\AppData\Roaming\Autodesk
2012-06-21 17:59 . 2012-06-21 18:29	--------	d-----w-	c:\programdata\Autodesk
2012-06-16 08:57 . 2012-06-16 08:57	--------	d-----w-	c:\users\Daniel Meyer\AppData\Local\Macromedia
2012-06-10 21:40 . 2012-06-10 21:40	--------	d-----w-	c:\users\Daniel Meyer\AppData\Local\AVG Secure Search
2012-06-10 21:40 . 2012-06-10 21:40	--------	d-----w-	c:\program files (x86)\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 18:07 . 2012-04-05 19:13	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 18:07 . 2012-03-11 07:49	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 02:50 . 2012-04-19 02:50	28480	----a-w-	c:\windows\system32\drivers\avgidsha.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-05_15.40.02   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-08 18:20	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-04 15:59	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-04 15:59	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-08 18:20	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-04 15:59	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-08 18:20	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-09 17:07	45524              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-09 17:07	46084              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-07-09 17:07	93792              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-07-01 18:27	93792              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-10 17:39 . 2012-07-09 17:07	6598              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3444563756-3052769380-1124892696-1000_UserData.bin
+ 2012-07-09 17:03 . 2012-07-09 17:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-09 17:03 . 2012-07-09 17:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-05 15:39 . 2012-07-05 15:39	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-09 17:08	652360              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-05 15:22	652360              c:\windows\system32\perfh009.dat
- 2011-04-12 07:43 . 2012-07-05 15:22	697082              c:\windows\system32\perfh007.dat
+ 2011-04-12 07:43 . 2012-07-09 17:08	697082              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-07-09 17:08	121292              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-05 15:22	121292              c:\windows\system32\perfc009.dat
+ 2011-04-12 07:43 . 2012-07-09 17:08	148346              c:\windows\system32\perfc007.dat
- 2011-04-12 07:43 . 2012-07-05 15:22	148346              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-07-09 15:17	415792              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-05 15:38	415792              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-07-06 15:23	7226361              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-24 18:10	7226361              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-03-10 20:22 . 2012-07-05 15:38	2213176              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-10 20:22 . 2012-07-09 15:17	2213176              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-10 17:36 . 2012-07-09 15:17	4620896              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3444563756-3052769380-1124892696-1000-8192.dat
+ 2012-07-08 18:26 . 2012-07-08 18:26	8451584              c:\windows\Installer\61bed.msi
+ 2012-07-06 15:27 . 2012-07-06 15:27	8451584              c:\windows\Installer\5d097.msi
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-10 1104440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-27 98304]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-3-10 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-02-23 690352]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-02-05 130048]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-21 1432400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-01-23 31344]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-28 203776]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe [2010-02-05 2713920]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-02-05 117760]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-10 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-28 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-28 287232]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-02-05 736840]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2011-10-20 302296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-13 10629184]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
S3 V0540Dev;Creative Camera VF0540 Driver;c:\windows\system32\DRIVERS\V0540Vid.sys [2009-06-15 321376]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 18:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-8019-43e7-ab83-36267ee975f3%7D&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&ds=AVG&v=11.1.0.7&lang=de&pr=fr&d=2012-06-10%2023%3A40%3A46&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*a*r*t*y*É5\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-09  20:18:01
ComboFix-quarantined-files.txt  2012-07-09 18:17
ComboFix2.txt  2012-07-05 20:22
ComboFix3.txt  2012-07-05 15:42
.
Vor Suchlauf: 14 Verzeichnis(se), 61.542.313.984 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 61.360.050.176 Bytes frei
.
- - End Of File - - 7D626B54DA20C0CF53B88F0D395BA0F3
Gruß
Daniel
__________________
Alt 10.07.2012, 10:55   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
__________________
Alt 10.07.2012, 16:17   #19
danielm
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Hier das Log vom ADWCleaner:
Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/10/2012 at 17:16:27
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : *** - ***-PC
# Running from : C:\Users\Daniel Meyer\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.1.0

***** [Files / Folders] *****

Folder Found : C:\Users\Daniel Meyer\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Daniel Meyer\AppData\Local\Babylon
Folder Found : C:\Users\Daniel Meyer\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Daniel Meyer\AppData\Roaming\pdfforge
Folder Found : C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\SweetIMToolbarData
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\SweetIm.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111304&babsrc=N[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-8019-43e7-ab83-36267ee975f3%[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-801[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{D9ADECB0-0DB9-4D47-8D4D-6097CCC982E8}");
Found : user_pref("sweetim.toolbar.version", "1.4.0.0");

*************************

AdwCleaner[R1].txt - [8411 octets] - [10/07/2012 17:16:27]

########## EOF - C:\AdwCleaner[R1].txt - [8539 octets] ##########
Gruß
Daniel

Alt 10.07.2012, 21:22   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.07.2012, 05:22   #21
danielm
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Hallo Hier das neue Log:

Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/11/2012 at 06:16:03
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : *** - ***-PC
# Running from : C:\Users\Daniel Meyer\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Daniel Meyer\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Daniel Meyer\AppData\Local\Babylon
Folder Deleted : C:\Users\Daniel Meyer\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Daniel Meyer\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\SweetIMToolbarData
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\SweetIM
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\SweetIm.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\prefs.js

C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111304&babsrc=N[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-8019-43e7-ab83-36267ee975f3%[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-801[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{D9ADECB0-0DB9-4D47-8D4D-6097CCC982E8}");
Deleted : user_pref("sweetim.toolbar.version", "1.4.0.0");

*************************

AdwCleaner[R1].txt - [8488 octets] - [10/07/2012 17:16:27]
AdwCleaner[S1].txt - [7202 octets] - [11/07/2012 06:16:03]

########## EOF - C:\AdwCleaner[S1].txt - [7330 octets] ##########
Gruß
Daniel

Alt 11.07.2012, 10:33   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.07.2012, 21:09   #23
danielm
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


GMER Log:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-13 22:04:50
Windows 6.1.7601 Service Pack 1 
Running: cjbo8wv6.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234df3323d                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234df3323d (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
Osam Log:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:13:32 on 13.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PWMCP64V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP64V.cpl
"TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM64.sys
"AVG Anti-Rootkit Driver" (Avgrkx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx64.sys
"AVG AVI Loader Driver" (Avgldx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx64.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx64.sys
"AVG TDI Driver" (Avgtdia) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdia.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsdrivera.sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsfiltera.sys
"AVGIDSHA" (AVGIDSHA) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsha.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"DzHDD64" (DzHDD64) - "Lenovo." - C:\Windows\System32\DRIVERS\DzHDD64.sys
"Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit" (NETw5s64) - ? - C:\Windows\System32\DRIVERS\NETw5s64.sys  (File not found)
"Lenovo System Interface Driver" (lenovo.smi) - "Lenovo Group Limited" - C:\Windows\System32\DRIVERS\smiifx64.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{8A0BC933-7552-42E2-A228-3BE055777227} "{8A0BC933-7552-42E2-A228-3BE055777227}" - ? -   (File not found | COM-object registry key not found)
{9F2C5BFD-3CB1-419F-9F5F-90B32ADD5BA8} "{9F2C5BFD-3CB1-419F-9F5F-90B32ADD5BA8}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgse.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
"Senden an Bluetooth" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files (x86)\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - ? - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File not found)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NUSB3MON" - "NEC Electronics Corporation" - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt" - ? - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"  (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"AcPrfMgrSvc" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
"AcSvc" (AcSvc) - "Lenovo" - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
"AD Monitor" (ADMonitor) - ? - C:\Windows\system32\ADMonitor.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Windows\system32\ATService.exe
"Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager" (mitsijm2013) - " " - C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
"Data Transfer Service" (dtsvc) - ? - C:\Windows\system32\DTS.exe
"FLEXnet Licensing Service 64" (FLEXnet Licensing Service 64) - "Flexera Software, Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\AMT\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
"Lenovo Camera Mute" (LENOVO.CAMMUTE) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Keyboard Noise Reduction" (LENOVO.TPKNRSVC) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
"System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG64.exe
"vToolbarUpdater11.2.0" (vToolbarUpdater11.2.0) - ? - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Gruß
Daniel

aswMBR Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-13 22:16:23
-----------------------------
22:16:23.799    OS Version: Windows x64 6.1.7601 Service Pack 1
22:16:23.799    Number of processors: 2 586 0x1706
22:16:23.799    ComputerName: ***  UserName: ***
22:16:24.002    Initialize success
22:17:18.500    AVAST engine defs: 12071301
22:17:27.002    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:17:27.002    Disk 0 Vendor: PLEXTOR_PX-128M3 1.01 Size: 122104MB BusType: 11
22:17:27.002    Disk 0 MBR read successfully
22:17:27.018    Disk 0 MBR scan
22:17:27.018    Disk 0 Windows 7 default MBR code
22:17:27.018    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:17:27.018    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
22:17:27.033    Disk 0 scanning C:\Windows\system32\drivers
22:17:30.528    Service scanning
22:17:40.278    Modules scanning
22:17:40.278    Disk 0 trace - called modules:
22:17:40.278    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
22:17:40.293    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004907550]
22:17:40.293    3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800442a060]
22:17:40.496    AVAST engine scan C:\Windows
22:17:41.198    AVAST engine scan C:\Windows\system32
22:18:52.662    AVAST engine scan C:\Windows\system32\drivers
22:18:56.734    AVAST engine scan C:\Users\Daniel Meyer
22:19:12.817    AVAST engine scan C:\ProgramData
22:19:17.918    Scan finished successfully
22:20:37.619    Disk 0 MBR has been saved successfully to "C:\Users\Daniel Meyer\Desktop\MBR.dat"
22:20:37.619    The log file has been saved successfully to "C:\Users\Daniel Meyer\Desktop\aswMBR.txt"
Geändert von danielm (13.07.2012 um 21:21 Uhr)

Alt 13.07.2012, 22:03   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.07.2012, 14:33   #25
danielm
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Hallo hier ist das Malwarebytes Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

20.07.2012 15:19:48
mbam-log-2012-07-20 (15-19-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 327506
Laufzeit: 11 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und hier das SUPERAntiSpyware log:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/20/2012 at 04:42 PM

Application Version : 5.5.1006

Core Rules Database Version : 8932
Trace Rules Database Version: 6744

Scan type       : Complete Scan
Total Scan Time : 01:03:02

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 802
Memory threats detected   : 0
Registry items scanned    : 68195
Registry threats detected : 0
File items scanned        : 147090
File threats detected     : 34

Adware.Tracking Cookie
	C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Cookies\K6EZ54SY.txt [ /atdmt.com ]
	C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Cookies\DB1BR9ES.txt [ /imrworldwide.com ]
	C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Cookies\1IU05LZR.txt [ /c.atdmt.com ]
	C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Cookies\VV1JT3PP.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Cookies\8MNEL3YB.txt [ /doubleclick.net ]
	C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Cookies\5W4ZZABE.txt [ /adfarm1.adition.com ]
	C:\USERS\DANIEL MEYER\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel_meyer@tribalfusion[2].txt [ Cookie:daniel meyer@tribalfusion.com/ ]
	C:\USERS\DANIEL MEYER\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel_meyer@adx2.chip[1].txt [ Cookie:daniel meyer@adx2.chip.de/ ]
	C:\USERS\DANIEL MEYER\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel_meyer@atdmt[2].txt [ Cookie:daniel meyer@atdmt.com/ ]
	C:\USERS\DANIEL MEYER\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel_meyer@revsci[2].txt [ Cookie:daniel meyer@revsci.net/ ]
	C:\USERS\DANIEL MEYER\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel_meyer@apmebf[1].txt [ Cookie:daniel meyer@apmebf.com/ ]
	C:\USERS\DANIEL MEYER\Cookies\K6EZ54SY.txt [ Cookie:daniel meyer@atdmt.com/ ]
	C:\USERS\DANIEL MEYER\Cookies\DB1BR9ES.txt [ Cookie:daniel meyer@imrworldwide.com/cgi-bin ]
	C:\USERS\DANIEL MEYER\Cookies\VV1JT3PP.txt [ Cookie:daniel meyer@ad2.adfarm1.adition.com/ ]
	C:\USERS\DANIEL MEYER\Cookies\5W4ZZABE.txt [ Cookie:daniel meyer@adfarm1.adition.com/ ]
	C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL_MEYER@ADX.CHIP[1].TXT [ /ADX.CHIP ]
	C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL_MEYER@AD.360YIELD[1].TXT [ /AD.360YIELD ]
	C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL_MEYER@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
	C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL_MEYER@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
	C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL_MEYER@C.ATDMT[2].TXT [ /C.ATDMT ]
	C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DANIEL_MEYER@SERVING-SYS[2].TXT [ /SERVING-SYS ]
	.2o7.net [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	.hertz.122.2o7.net [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
	.stats.paypal.com [ C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\COOKIES.SQLITE ]
Gruß und Dank
Daniel

Alt 20.07.2012, 18:18   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.07.2012, 23:16   #27
danielm
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Hallo Arne,

mein System läuft wieder problemlos. Danke für die Hilfe.

daniel

Alt 23.07.2012, 11:45   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google/Bing ... redirect Virus rocketnews - Standard

Google/Bing ... redirect Virus rocketnews


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => http://www.adobe.com/products/flashp...ribution3.html

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 2 1 2

Themen zu Google/Bing ... redirect Virus rocketnews
.dll, adobe, avg, avg secure search, avg security toolbar, battle.net, bho, error, explorer, fehler, festplatte, firefox, firefox 13.0.1, flash player, format, google, helper, home, igdpmd64.sys, install.exe, langs, lenovo, logfile, microsoft office word, mozilla, msiexec.exe, office 2007, plug-in, pwmtr64v.dll, registry, remote control, richtlinie, rundll, scan, search the web, searchscopes, secure search, security, software, starmoney, udp, usb, usb 3.0, virus, visual studio, vtoolbarupdater, windows


« AKM Trojaner hat mich erwischt, wie vorgehen? | Trojanerbefall von: TR/Atraps.gen & 2 + BDS/ZAccess.T + Win64/Sirefef.AL »


Ähnliche Themen: Google/Bing ... redirect Virus rocketnews


  1. My online search virus - redirect auf Bing.com
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (11)
  2. Google Redirect-Virus
    Log-Analyse und Auswertung - 02.11.2012 (3)
  3. Google Redirect Virus
    Log-Analyse und Auswertung - 31.10.2012 (49)
  4. Google Redirect Virus (Rocketnews & co.)
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  5. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  6. Redirect Virus > Rocketnews, Sicherheitscenter lässt sich nicht starten
    Log-Analyse und Auswertung - 18.07.2012 (27)
  7. Google Redirect Virus bzw. Google Hijack + PC Langsam
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  8. rocketnews virus; weiterleitung über google suche auf fremde falsche seiten
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  9. Google redirect Virus
    Log-Analyse und Auswertung - 19.06.2012 (22)
  10. Google Weiterleitung - Rocketnews: Virus?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (11)
  11. Google redirect Virus, werde bei den Suchergebnissen immer auf rocketnews.com weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (6)
  12. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (21)
  13. Weiterleitung bei google (bing etc.)-Suche auf falsche Seite "rocketnews.com/...."
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (2)
  14. google redirect virus
    Log-Analyse und Auswertung - 09.07.2011 (7)
  15. Google Redirect Virus was nun ?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (3)
  16. Google Redirect Virus
    Log-Analyse und Auswertung - 17.06.2011 (6)
  17. Google Redirect Virus
    Log-Analyse und Auswertung - 03.04.2011 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Google/Bing ... redirect Virus rocketnews - Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code: Alles - Google/Bing ... redirect Virus rocketnews...
Archiv
Du betrachtest: Google/Bing ... redirect Virus rocketnews auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55