| |
| |||||||
Log-Analyse und Auswertung: Werde bei Google immer auf andere Seite weitergeleitet...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
30.09.2010, 17:30
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Werde bei Google immer auf andere Seite weitergeleitet... Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - [2010.09.16 18:51:02 | 002,320,301 | ---- | M] () -- C:\Programme\Search Advisor\adgui.exe
O4 - HKCU..\Run: [Search Advisor] C:\Programme\Search Advisor\adgui.exe ()
O32 - AutoRun File - [2005.08.29 11:13:02 | 000,049,152 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.05.11 16:49:08 | 000,000,042 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
[2010.09.28 15:03:48 | 000,231,936 | ---- | C] (Alexander Roshal) -- C:\WINDOWS\Wqypaa.exe
[2010.09.28 15:15:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MT\Anwendungsdaten\WhiteSmokeTranslator
[2010.09.28 15:14:21 | 000,000,000 | ---D | C] -- C:\Programme\WhiteSmoke Translator
[2010.09.28 15:14:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MT\Anwendungsdaten\WhiteSmokeSetup
[2010.09.28 15:14:15 | 000,000,000 | ---D | C] -- C:\Programme\Search Advisor
[2010.09.28 15:14:14 | 000,000,000 | ---D | C] -- C:\Programme\Quick Web Player
[2010.08.30 22:03:13 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010.08.30 22:00:03 | 000,249,856 | ---- | C] (I-D Media AG) -- C:\WINDOWS\System32\Pringles Screensaver.scr
[2010.08.30 22:00:03 | 000,053,248 | ---- | C] (Living Screen) -- C:\WINDOWS\System32\hklspl.dll
[2010.08.30 22:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LS_Scr
[2010.08.30 00:04:12 | 000,172,032 | ---- | C] (Jorgen Bosman) -- C:\WINDOWS\System32\poweroff.exe
[2010.06.23 17:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.13 19:41:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.15 13:10:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\MT\Anwendungsdaten\.#
@Alternate Data Stream - 94 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FDE078B
@Alternate Data Stream - 248 bytes -> C:\WINDOWS\tasks\PC Einschalten um 06:25.job
@Alternate Data Stream - 248 bytes -> C:\WINDOWS\tasks\PC Einschalten um 06:16.job
:Files
C:\Programme\Search Advisor
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.09.2010, 17:48
| #2 |
| | Werde bei Google immer auf andere Seite weitergeleitet...Code:
ATTFilter All processes killed
========== OTL ==========
Process adgui.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Advisor deleted successfully.
C:\Programme\Search Advisor\adgui.exe moved successfully.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File C:\WINDOWS\Wqypaa.exe not found.
C:\Dokumente und Einstellungen\MT\Anwendungsdaten\WhiteSmokeTranslator folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\style folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\js folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\content\style folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\content\js folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\attic folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\content\img folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome\content folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientWelcome folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientRegistration\style folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientRegistration\js folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientRegistration\img folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientRegistration folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic\style folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic\js folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic\img\popup folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic\img\Background folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic\img folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\dictClientDic folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\common\js folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\common\iepngfix folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english\common folder moved successfully.
C:\Programme\WhiteSmoke Translator\html\english folder moved successfully.
C:\Programme\WhiteSmoke Translator\html folder moved successfully.
C:\Programme\WhiteSmoke Translator folder moved successfully.
C:\Dokumente und Einstellungen\MT\Anwendungsdaten\WhiteSmokeSetup folder moved successfully.
C:\Programme\Search Advisor folder moved successfully.
C:\Programme\Quick Web Player\Icons folder moved successfully.
C:\Programme\Quick Web Player folder moved successfully.
C:\WINDOWS\unvise32.exe moved successfully.
C:\WINDOWS\system32\Pringles Screensaver.scr moved successfully.
C:\WINDOWS\system32\hklspl.dll moved successfully.
C:\WINDOWS\LS_Scr folder moved successfully.
C:\WINDOWS\system32\poweroff.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} folder moved successfully.
C:\Dokumente und Einstellungen\MT\Anwendungsdaten\.# folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FDE078B deleted successfully.
ADS C:\WINDOWS\tasks\PC Einschalten um 06:25.job deleted successfully.
ADS C:\WINDOWS\tasks\PC Einschalten um 06:16.job deleted successfully.
========== FILES ==========
File\Folder C:\Programme\Search Advisor not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 263733 bytes
->Flash cache emptied: 0 bytes
User: MT
->Temp folder emptied: 31348004 bytes
->Temporary Internet Files folder emptied: 128165532 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65758745 bytes
->Flash cache emptied: 3201 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 101328380 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65621 bytes
RecycleBin emptied: 2474 bytes
Total Files Cleaned = 312,00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 09302010_184258
Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
| Themen zu Werde bei Google immer auf andere Seite weitergeleitet... |
| 0x00000001, adblock, adobe, alternate, avgntflt.sys, avira, components, converter, defogger, desktop, einstellungen, error, explorer, fehler, flash player, format, google, internet, internet explorer, location, log datei, logfile, mozilla, mp3, oldtimer, otl logfile, photoshop, plug-in, realtek, registry, rundll, searchplugins, security, server, software, sptd.sys, system error, system restore, öffnet |
Hybrid-Darstellung
