Hallo, meine Startseite im IE7 wird immer umgeleitet.

#0
26.11.2008, 16:37
...neu hier

Beiträge: 1
#1 Hallo, ich habe als Startseite im IE7 www.t-online.de seit kurzem wird die Startseite immer zu www.t-online-shop.de umgeleitet.
Ich habe alle Vorarbeiten abgeleistet, hier sind die LOG Dateien.
Bitte helft mir ! Danke.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:01, on 26.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijacktHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data internetsecurity\avkkid\avkcks.exe
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3938505843-88729137-729683668-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221660672531&h=d913db9513d1936fec7fa60eca4e9150/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8528 bytes

Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1424
Windows 6.0.6001 Service Pack 1

26.11.2008 16:14:06
mbam-log-2008-11-26 (16-14-06).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 50435
Laufzeit: 3 minute(s), 43 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


ComboFix 08-11-26.03 - Andrea 2008-11-26 16:21:23.1 - NTFSx86

ausgeführt von:: c:\users\Andrea\Desktop\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-10-26 bis 2008-11-26 ))))))))))))))))))))))))))))))
.

2008-11-26 16:07 . 2008-11-26 16:07 <DIR> d-------- c:\users\Andrea\AppData\Roaming\Malwarebytes
2008-11-26 16:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-26 16:06 . 2008-11-26 16:06 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-26 16:06 . 2008-11-26 16:06 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-26 16:06 . 2008-11-26 16:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-26 16:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 15:24 . 2008-11-26 16:15 <DIR> d-------- C:\HijacktHIS
2008-11-25 20:39 . 2008-11-25 20:40 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-25 20:39 . 2008-11-25 20:40 <DIR> d-------- c:\programdata\Lavasoft
2008-11-25 20:39 . 2008-11-25 20:39 <DIR> d-------- c:\program files\Lavasoft
2008-11-25 20:38 . 2008-11-25 20:38 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 15:15 . 2008-11-23 15:15 <DIR> d-------- c:\users\Andrea\AppData\Roaming\TuneUp Software
2008-11-23 15:15 . 2008-11-23 15:15 <DIR> d-------- c:\users\All Users\TuneUp Software
2008-11-23 15:15 . 2008-11-23 15:15 <DIR> d-------- c:\programdata\TuneUp Software
2008-11-23 15:15 . 2008-11-23 15:15 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2008-11-23 15:15 . 2008-11-23 15:15 603,904 --a------ c:\windows\System32\TUProgSt.exe
2008-11-23 15:15 . 2008-11-23 15:15 362,240 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-11-23 15:15 . 2008-11-18 12:20 27,904 --a------ c:\windows\System32\uxtuneup.dll
2008-11-23 15:15 . 2008-11-18 12:20 17,152 --a------ c:\windows\System32\authuitu.dll
2008-11-23 15:12 . 2008-11-23 15:12 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-23 15:12 . 2008-11-23 15:12 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-23 14:46 . 2008-11-23 14:46 <DIR> d-------- c:\users\Anna\AppData\Roaming\HP
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Videos
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Searches
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Saved Games
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Pictures
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Music
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Links
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Downloads
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Documents
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> dr------- c:\users\Anna\Contacts
2008-11-23 14:45 . 2006-11-02 13:37 <DIR> d-------- c:\users\Anna\AppData\Roaming\Media Center Programs
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> d--h----- c:\users\Anna\AppData
2008-11-23 14:45 . 2008-11-23 14:45 <DIR> d-------- c:\users\Anna
2008-11-22 19:44 . 2008-11-22 19:44 <DIR> d-------- c:\users\All Users\IncrediMail
2008-11-22 19:44 . 2008-11-22 19:45 <DIR> d-------- c:\users\All Users\IM
2008-11-22 19:44 . 2008-11-22 19:44 <DIR> d-------- c:\programdata\IncrediMail
2008-11-22 19:44 . 2008-11-22 19:45 <DIR> d-------- c:\programdata\IM
2008-11-22 18:19 . 2008-11-22 18:19 2,012 --a------ c:\windows\System32\SearchRequire.InstallState
2008-11-22 11:41 . 2008-11-22 11:41 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-20 09:45 . 2008-11-20 09:45 49,152 --ahs---- c:\windows\System32\SearchRequire.dll
2008-11-20 09:45 . 2008-11-20 09:45 2,804 --ah----- c:\windows\System32\SearchRequire.tlb
2008-11-19 19:56 . 2008-11-19 19:56 <DIR> d-------- c:\users\All Users\HP Product Assistant
2008-11-19 19:56 . 2008-11-19 19:56 <DIR> d-------- c:\programdata\HP Product Assistant
2008-11-18 15:59 . 2008-11-18 15:59 <DIR> d-------- c:\users\Andrea\AppData\Roaming\vlc
2008-11-18 15:58 . 2008-11-18 15:58 <DIR> d-------- c:\program files\VideoLAN
2008-11-18 10:36 . 2008-11-18 10:36 126,976 --ahs---- c:\windows\System32\Interop.SHDocVw.DLL
2008-11-17 19:05 . 2008-11-17 19:06 <DIR> d-------- c:\program files\PokerStars.NET
2008-11-16 16:20 . 2008-11-16 16:20 <DIR> d-------- c:\program files\CCleaner
2008-11-16 12:52 . 2008-11-16 12:52 <DIR> d-------- c:\program files\XviD
2008-11-16 12:19 . 2008-11-16 12:34 <DIR> d-------- c:\program files\DivX
2008-11-16 12:14 . 2008-11-16 12:12 737,280 --a------ c:\windows\iun6002.exe
2008-11-12 18:34 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 18:34 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 18:34 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 18:25 . 2008-11-11 18:25 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-11-11 18:09 . 2008-11-11 18:09 1,419,232 --a------ c:\windows\System32\wdfcoinstaller01005.dll
2008-11-11 18:09 . 2008-11-11 18:09 21,672 --a------ c:\windows\System32\drivers\ggsemc.sys
2008-11-11 18:09 . 2008-11-11 18:09 13,352 --a------ c:\windows\System32\drivers\ggflt.sys
2008-11-11 18:08 . 2008-11-11 18:08 <DIR> d-------- c:\users\All Users\Sony Ericsson
2008-11-11 18:08 . 2008-11-11 18:08 <DIR> d-------- c:\programdata\Sony Ericsson
2008-11-11 18:07 . 2008-11-11 18:07 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-09 17:20 . 2007-01-04 12:01 97,088 --a------ c:\windows\System32\drivers\sea1mdm.sys
2008-11-09 17:20 . 2007-01-04 12:01 9,360 --a------ c:\windows\System32\drivers\sea1mdfl.sys
2008-11-09 17:20 . 2007-01-04 12:01 6,240 --a------ c:\windows\System32\drivers\sea1cmnt.sys
2008-11-09 17:20 . 2007-01-04 12:01 6,240 --a------ c:\windows\System32\drivers\sea1cm.sys
2008-11-09 17:18 . 2007-01-04 12:01 61,536 --a------ c:\windows\System32\drivers\sea1bus.sys
2008-11-09 17:18 . 2007-01-04 12:01 5,872 --a------ c:\windows\System32\drivers\sea1whnt.sys
2008-11-09 17:18 . 2007-01-04 12:01 5,872 --a------ c:\windows\System32\drivers\sea1wh.sys
2008-10-31 22:09 . 2008-10-31 22:09 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-31 22:09 . 2008-10-31 22:09 <DIR> d-------- c:\program files\Microsoft Works
2008-10-31 22:04 . 2008-10-31 22:04 <DIR> dr-h----- C:\MSOCache
2008-10-29 15:10 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 15:10 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 15:10 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 23:16 . 2008-11-25 23:47 12 --a------ c:\windows\bthservsdp.dat
2008-10-27 16:27 . 2008-08-28 12:09 3,720,480 --a------ c:\windows\System32\cdintf300.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 16:56 --------- d-----w c:\users\Andrea\AppData\Roaming\Image Zone Express
2008-11-24 08:59 --------- d-----w c:\users\Andrea\AppData\Roaming\CorelHomeOffice
2008-11-23 14:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 14:05 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-17 11:29 --------- d-----w c:\programdata\Microsoft Help
2008-11-14 17:29 1,567,496 ----a-w c:\windows\CISUnins.exe
2008-11-14 17:29 1,567,496 ----a-w c:\windows\CICUnins.exe
2008-10-27 15:26 --------- d-----w c:\program files\Corel Home Office
2008-10-22 16:40 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-10-22 12:52 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 13:16 --------- d-----w c:\programdata\NVIDIA
2008-10-18 14:28 --------- d-----w c:\programdata\HPSSUPPLY
2008-10-18 13:23 --------- d-----w c:\users\Andrea\AppData\Roaming\Printer Info Cache
2008-10-18 13:21 --------- d-----w c:\users\Andrea\AppData\Roaming\HP
2008-10-18 13:19 --------- d-----w c:\programdata\WEBREG
2008-10-18 13:15 --------- d-----w c:\programdata\HP
2008-10-18 13:11 --------- d-----w c:\program files\HP
2008-10-18 13:11 --------- d-----w c:\program files\Common Files\HP
2008-10-18 13:09 --------- d-----w c:\program files\Hewlett-Packard
2008-10-18 13:09 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-10-17 16:54 --------- d-----w c:\users\Andrea\AppData\Roaming\Serif
2008-10-16 07:44 --------- d-----w c:\program files\MSBuild
2008-10-15 19:12 --------- d-----w c:\programdata\NOS
2008-10-15 19:10 --------- d-----w c:\program files\Windows Mail
2008-10-12 19:40 --------- d-----w c:\users\Andrea\AppData\Roaming\BOM
2008-10-11 15:10 --------- d-----w c:\users\Andrea\AppData\Roaming\Ahead
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:54 --------- d-----w c:\program files\Biet-O-Matic
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe" [2007-10-25 1189552]
"AVKTray"="c:\program files\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-12-04 603720]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
G DATA Firewall Tray.lnk - c:\program files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2008-08-22 1189552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"msacm.l3codec"= c:\windows\system32\l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3938505843-88729137-729683668-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0DB16EB1-3361-498B-8AC4-4BC4C6B86401}"= UDP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe
"{DDA470EC-2A8B-46DF-9225-B57174453AFB}"= TCP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe
"{136A2381-5664-4DA9-A3D1-AF319DD96FF4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC452D78-B692-4B24-AF28-6231BEDD97CA}"= UDP:c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc.
"{6C8C174E-67AC-4AD1-BCD4-5446B280C96D}"= TCP:c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc.
"{E805D43F-522F-42C7-BD43-594C0583E547}"= UDP:c:\program files\G DATA InternetSecurity\GUI\AVKIS.exe:G DATA InternetSecurity SE
"{B729E1C4-5B62-49A8-9F84-335DBE2A4FD7}"= TCP:c:\program files\G DATA InternetSecurity\GUI\AVKIS.exe:G DATA InternetSecurity SE
"{F3DF02BD-B27B-4894-8F7E-E6A1BEED6F6D}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{83ECFAD1-2406-44B6-A6F5-63DB68AE6286}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{BBC6CD91-AD40-4A1E-8E4F-A971866401F4}"= UDP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{5AB6478E-F6E2-45F2-A1F3-AC1D20A4BA36}"= TCP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{7008774F-C86E-45F1-A2B1-F1919357D07E}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{E41E4DC8-EEEC-4BEC-88BD-75F5F334AF92}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{24E4D019-F3CA-4CA5-B534-03F89CF963D2}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{E47561DB-C706-4BA0-8327-BF0E8368AAA1}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{781822E5-4C57-42BC-8E91-BC2AE8868665}"= UDP:c:\program files\Roxio\BackOnTrack\Main\Backup_Central10.exe:BackOnTrack Startseite
"{8B191646-B9D2-43C5-BCD3-8F186A04EC74}"= TCP:c:\program files\Roxio\BackOnTrack\Main\Backup_Central10.exe:BackOnTrack Startseite
"{C8FB1182-2CE1-4FC5-BD0B-C0217B8707C4}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{08C206B8-AC70-495E-8654-B27440BA2557}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{01D32C40-A68B-4C4C-8FD3-B2267CC945DE}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{A2DA874A-51F9-43AE-90B9-19663246A76A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{FE137A27-71A1-4A88-B20D-BB529DC26858}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{FEDCEAA2-EBFA-4527-ADD6-1C0721F02A01}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b891f445-804e-11dd-90fb-806e6f6e6963}]
\shell\AutoRun\command - L:\setup.exe

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-11-26 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-18 13:57]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{8a194578-81ea-4850-9911-13ba2d71efbd} - (no file)
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 16:22:31
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5160)
c:\program files\G DATA InternetSecurity\Shredder\Reisswlf.dll
.
Zeit der Fertigstellung: 2008-11-26 16:23:32
ComboFix-quarantined-files.txt 2008-11-26 15:23:30

Vor Suchlauf: 21 Verzeichnis(se), 105.345.855.488 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 105,351,266,304 Bytes frei

225 --- E O F --- 2008-11-25 12:42:42

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
ABBYY PDF Transformer 2.0
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 9 - Deutsch
Apple Software Update
Biet-O-Matic v2.4.1
Brockhaus multimedial 2008
CCleaner (remove only)
Corel Home Office
Corel Home Office 5.0.36
Corel Home Office 5.0.36
Firebird SQL Server - MAGIX Edition
FSCLounge
G DATA InternetSecurity
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPSSupply
Java(TM) 6 Update 7
MAGIX Foto Manager 2008 5.0.3.351 (D)
MAGIX Fotobuch 3.6
MAGIX Media Suite 1.12.0.89 (D)
MAGIX Music Manager 2007 8.2.0.76 (D)
MAGIX Online Druck Service 2.3.2.0 (D)
MAGIX Ringtone Maker SE 3.1.0.4 (D)
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MyTube Recorder
Nero 7 Premium
neroxml
NVIDIA Drivers
Philips Flat Panel Adjust
Picasa 2
PokerStars.net
QuickTime
Realtek High Definition Audio Driver
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Roxio WinOnCD LE 10
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Serif DrawPlus X2
Serif PagePlus X2
Serif PhotoPlus X2
Setup
SystemDiagnostics
Tobit.Software clipinc.fx
TuneUp Utilities 2009
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
VLC media player 0.9.6
Windows Live Anmelde-Assistent
Windows Live installer
Windows Live Messenger
WinRAR Archivierer
XviD MPEG-4 Codec

Mfg
pittiplatsch1
Seitenanfang Seitenende
27.11.2008, 12:26
Moderator

Beiträge: 7805
#2 Der T-onlineshop gehoert nicht gerade zu den Standard "Umleiteseiten"

Hake mal folgendes an und druecke fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

setze danach eine neue Startseite.

Lasse CCleaner noch deinen PC bereinigen:
http://www.trojaner-board.de/51464-anleitung-ccleaner.html
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: