google virus

jackiechan · 30.06.2010, 19:18

Hallo leute ich brauche eure hilfe , beim surfen werde ich öfters auf seiten weitergleiten die ich nicht kenne,ganz besonders bei google.

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:34:52, on 30.06.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\´´´´\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.tiscali.de/web/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 173.232.108.157 www.google.com
O1 - Hosts: 173.232.108.157 google.com
O1 - Hosts: 173.232.108.157 google.com.au
O1 - Hosts: 173.232.108.157 www.google.com.au
O1 - Hosts: 173.232.108.157 google.be
O1 - Hosts: 173.232.108.157 www.google.be
O1 - Hosts: 173.232.108.157 google.com.br
O1 - Hosts: 173.232.108.157 www.google.com.br
O1 - Hosts: 173.232.108.157 google.ca
O1 - Hosts: 173.232.108.157 www.google.ca
O1 - Hosts: 173.232.108.157 google.ch
O1 - Hosts: 173.232.108.157 www.google.ch
O1 - Hosts: 173.232.108.157 google.de
O1 - Hosts: 173.232.108.157 www.google.de
O1 - Hosts: 173.232.108.157 google.dk
O1 - Hosts: 173.232.108.157 www.google.dk
O1 - Hosts: 173.232.108.157 google.fr
O1 - Hosts: 173.232.108.157 www.google.fr
O1 - Hosts: 173.232.108.157 google.ie
O1 - Hosts: 173.232.108.157 www.google.ie
O1 - Hosts: 173.232.108.157 google.it
O1 - Hosts: 173.232.108.157 www.google.it
O1 - Hosts: 173.232.108.157 google.co.jp
O1 - Hosts: 173.232.108.157 www.google.co.jp
O1 - Hosts: 173.232.108.157 google.nl
O1 - Hosts: 173.232.108.157 www.google.nl
O1 - Hosts: 173.232.108.157 google.no
O1 - Hosts: 173.232.108.157 www.google.no
O1 - Hosts: 173.232.108.157 google.co.nz
O1 - Hosts: 173.232.108.157 www.google.co.nz
O1 - Hosts: 173.232.108.157 google.pl
O1 - Hosts: 173.232.108.157 www.google.pl
O1 - Hosts: 173.232.108.157 google.se
O1 - Hosts: 173.232.108.157 www.google.se
O1 - Hosts: 173.232.108.157 google.co.uk
O1 - Hosts: 173.232.108.157 www.google.co.uk
O1 - Hosts: 173.232.108.157 google.co.za
O1 - Hosts: 173.232.108.157 www.google.co.za
O1 - Hosts: 173.232.108.157 www.google-analytics.com
O1 - Hosts: 173.232.108.157 www.bing.com
O1 - Hosts: 173.232.108.157 search.yahoo.com
O1 - Hosts: 173.232.108.157 www.search.yahoo.com
O1 - Hosts: 173.232.108.157 uk.search.yahoo.com
O1 - Hosts: 173.232.108.157 ca.search.yahoo.com
O1 - Hosts: 173.232.108.157 de.search.yahoo.com
O1 - Hosts: 173.232.108.157 fr.search.yahoo.com
O1 - Hosts: 173.232.108.157 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {95E48323-E31F-44EE-B4CF-0CEAB6BA3191} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - hxxp://www.destatis.de/jetspeed/portal/cms/Sites/destatis/Internet/DE/Grafiken/InfoService/Logo__Themenblaetter,property=image.gif

--
End of file - 7344 bytes

--- --- ---

google virus

Log-Analyse und Auswertung: google virus

google virus

Ähnliche Themen: google virus