|
Log-Analyse und Auswertung: Firefox hat hat "google redirect Problem" & Desktophintergrund läßt sich nicht ändernWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.05.2009, 23:26 | #1 |
| Firefox hat hat "google redirect Problem" & Desktophintergrund läßt sich nicht ändern Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:05:55, on 09.05.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe D:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\programme\IGDCTRL.EXE D:\Programme\Bonjour\mDNSResponder.exe D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE D:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE D:\Programme\Java\jre6\bin\jqs.exe D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe D:\Programme\F-Secure Internet Security\Common\FSMB32.EXE D:\WINDOWS\system32\svchost.exe D:\Programme\F-Secure Internet Security\Common\FCH32.EXE D:\WINDOWS\system32\UAService7.exe D:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE D:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe D:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe D:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe D:\Programme\F-Secure Internet Security\FSPC\fspc.exe D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe D:\Programme\F-Secure Internet Security\FSAUA\program\fsus.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\Programme\Java\jre6\bin\jusched.exe D:\WINDOWS\system32\rundll32.exe D:\Programme\F-Secure Internet Security\Common\FSM32.EXE D:\Programme\Spybot - Search & Destroy\TeaTimer.exe D:\Programme\StCenter.exe D:\Programme\FwebProt.exe D:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe D:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe D:\WINDOWS\system32\LVComsX.exe \?\globalroot\D:\WINDOWS\system32\rundll32.exe D:\Programme\Trend Micro\HijackThis\HijackThis.exe D:\Programme\Spybot - Search & Destroy\SpybotSD.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.hockeyweb.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;localhost;*.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll F2 - REG:system.ini: UserInit=d:\windows\system32\userinit.exe O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [autochk] rundll32.exe D:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [autochk] rundll32.exe D:\DOKUME~1\ROCKX~1\protect.dll,_IWMPEvents@16 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe D:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user') O4 - Startup: ChkDisk.lnk = ? O4 - Startup: FRITZ!DSL Internet.lnk = D:\Programme\FritzDsl.exe O4 - Startup: FRITZ!DSL Protect.lnk = D:\Programme\FwebProt.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = D:\Programme\StCenter.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\ICQ.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Programme\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - h**p://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - h**p://www.lokalisten.de/iup/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - h**p://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - h**p://www.digitalflip.de/exe/fv390dep.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - h**p://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30600B35-6DC6-4E49-B2C7-A508EDA42E7A}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CS1\Services\Tcpip\..\{30600B35-6DC6-4E49-B2C7-A508EDA42E7A}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CS2\Services\Tcpip\..\{30600B35-6DC6-4E49-B2C7-A508EDA42E7A}: NameServer = 192.168.122.252,192.168.122.253 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: __c00D4A7E - D:\WINDOWS\system32\__c00D4A7E.dat (file missing) O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - D:\WINDOWS\system32\yhs783ijfo3fe.dll (file missing) O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file) O23 - Service: AAV UpdateService - Unknown owner - D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - d:\programme\IGDCTRL.EXE O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - D:\Programme\Bonjour\mDNSResponder.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - D:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11390 bytes |
09.05.2009, 10:45 | #2 |
| Firefox hat hat "google redirect Problem" & Desktophintergrund läßt sich nicht ändern Hallo und
__________________1.) Deinstalliere (zumindest vorrübergehend):
Code:
ATTFilter F2 - REG:system.ini: UserInit=d:\windows\system32\userinit.exe O4 - HKLM\..\Run: [autochk] rundll32.exe D:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [autochk] rundll32.exe D:\DOKUME~1\ROCKX~1\protect.dll,_IWMPEvents@16 O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe D:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM') O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user') O4 - Startup: ChkDisk.lnk = ? Alle O8, O9, O16, O20 und O22-Einträge ciao, andreas
__________________ |
Themen zu Firefox hat hat "google redirect Problem" & Desktophintergrund läßt sich nicht ändern |
0 bytes, ad-aware, adobe, antivir, avg, avgnt, avgnt.exe, bho, bonjour, dsl, excel, explorer, f-secure, firefox, google, gservice, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet security, logfile, monitor, object, problem, rundll, security, software, system, windows, windows xp, ändern |