google links werden umgeleitet

seeti · 16.03.2011, 21:15

Ich hatte Probleme damit Antivir komplett zu deaktivieren und habe es daher kurzerhand deinstalliert. Wundere mich nun, dass es im Log dennoch als Enabled auftaucht?!

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-03-16.01 - Name 16.03.2011  20:19:42.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1033.18.4095.3091 [GMT 1:00]
ausgeführt von:: c:\users\Name\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAME\AppData\Roaming\Local
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
I:\autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-16 bis 2011-03-16  ))))))))))))))))))))))))))))))
.
.
2011-03-16 16:48 . 2011-03-16 16:48	--------	d-----w-	c:\program files (x86)\ERUNT
2011-03-16 12:40 . 2011-03-16 12:40	388096	----a-r-	c:\users\NAME\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-04 16:34 . 2011-03-04 16:34	--------	d-----w-	c:\program files\Common Files\ResearchSoft
2011-03-04 09:30 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-04 09:11 . 2011-03-04 09:11	200704	--sha-r-	c:\windows\SysWow64\msacm32Q.dll
2011-02-23 22:48 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-23 22:48 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-02-23 08:46 . 2011-01-07 08:07	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 08:46 . 2011-01-07 08:07	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 08:46 . 2011-01-07 07:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-02-23 08:46 . 2011-01-07 07:31	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 15:45 . 2011-02-11 15:45	8952	----a-w-	c:\windows\SysWow64\vpncategories.dll
2011-02-11 15:44 . 2011-02-11 15:44	28920	----a-w-	c:\windows\SysWow64\vpnevents.dll
2011-01-26 06:53 . 2011-02-09 08:33	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 08:33	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 08:33	144384	----a-w-	c:\windows\system32\cdd.dll
2011-01-07 08:06 . 2011-02-09 08:33	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 08:33	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 08:33	366080	----a-w-	c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 08:33	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 08:33	612352	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 08:33	428032	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 08:33	3127808	----a-w-	c:\windows\system32\win32k.sys
2010-12-21 06:16 . 2011-02-09 08:33	97280	----a-w-	c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 08:33	62976	----a-w-	c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 08:33	214016	----a-w-	c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 08:33	1197056	----a-w-	c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 08:33	442880	----a-w-	c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 08:33	258048	----a-w-	c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 08:33	264192	----a-w-	c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 08:33	15360	----a-w-	c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 08:33	2003968	----a-w-	c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 08:33	1880576	----a-w-	c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 08:33	100864	----a-w-	c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 08:33	51200	----a-w-	c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 08:33	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 08:33	350720	----a-w-	c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 08:33	204800	----a-w-	c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 08:33	204288	----a-w-	c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 08:33	14336	----a-w-	c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 08:33	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 08:33	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 08:33	80384	----a-w-	c:\windows\SysWow64\davclnt.dll
2010-12-20 17:08 . 2010-07-23 08:28	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-18 06:11 . 2011-02-09 08:34	57856	----a-w-	c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 08:33	714752	----a-w-	c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 08:34	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 08:33	541184	----a-w-	c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 08:34	482816	----a-w-	c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 08:34	386048	----a-w-	c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 08:34	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 08:34	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\NAME
\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2010-09-13 1695816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
c:\users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\NAME
\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - e:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;e:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\DRIVERS\SE1008mdm_x64.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:44]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="e:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Append to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - e:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\NAME\AppData\Roaming\Mozilla\Firefox\Profiles\422bmj2o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.psychologie.uni-mannheim.de/
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-16  20:24:38
ComboFix-quarantined-files.txt  2011-03-16 19:24
.
Vor Suchlauf: 15.553.392.640 bytes free
Nach Suchlauf: 15.413.714.944 bytes free
.
- - End Of File - - 5092C43AEFF4AF0D23E41E2ABD30B999

--- --- ---

google links werden umgeleitet

Plagegeister aller Art und deren Bekämpfung: google links werden umgeleitet

google links werden umgeleitet

Ähnliche Themen: google links werden umgeleitet