Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google verweist auf falsche Seiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.12.2008, 00:01   #1
Jack Bender
 
Google verweist auf falsche Seiten - Standard

Google verweist auf falsche Seiten



Hallo,

Habe beim Entpacken einer Datei von AVG die Warnung bekommen das diese einen Trojaner enthält, konnte ihn aber nicht löschen.
Seit dem Verweisen die Links auf Google auf verschiedenste Seiten aber meistens auf h**p://UUU.bestedeutschewebseiten3.com/8/offers.html
wenn ich eine adresse direkt eingebe lande ich auf der gewünschten seite...
habe schon einiges gegoogelt und auch versucht, aber irgendwie klappt das nicht so recht.

Habe bis jetzt schon

fixwareout laufen lassen
denn CCleaner angewandt
und auch mit Hijack this alle warnungen beseitigt.

Habe WinXP SP 2 und AVG als Virusscanner der läuft zwar noch findet aber nichts und lässt sich auch nicht mehr updaten.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:55, on 20.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
c:\Programme\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Programme\Bonjour\mDNSResponder.exe
E:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
E:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\nvsvc32.exe
c:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
c:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\DOKUME~1\LIGHTF~1\LOKALE~1\Temp\winloggn.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
E:\WINDOWS\system32\ctfmon.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
E:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
E:\Programme\NETGEAR\WG111v2\WG111v2.exe
c:\Programme\AVG\AVG8\avgui.exe
C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] c:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [jsf8j34rgfght] E:\DOKUME~1\LIGHTF~1\LOKALE~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Veoh] "c:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [jsf8j34rgfght] E:\DOKUME~1\LIGHTF~1\LOKALE~1\Temp\winloggn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = E:\Programme\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - c:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - c:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - c:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - c:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - c:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7337 bytes

Alt 21.12.2008, 00:42   #2
Jack Bender
 
Google verweist auf falsche Seiten - Standard

Google verweist auf falsche Seiten



Habe mal noch silent runner laufen lassen
"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "E:\WINDOWS\system32\ctfmon.exe" [MS]
"Sony Ericsson PC Suite" = ""C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon" ["Sony Ericsson Mobile Communications AB"]
"Veoh" = ""c:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide" ["Veoh Networks"]
"(Default)" = "(empty string)" [file not found]
"LightScribe Control Panel" = "E:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden" ["Hewlett-Packard Company"]
"jsf8j34rgfght" = "E:\DOKUME~1\LIGHTF~1\LOKALE~1\Temp\winloggn.exe" [null data]
"Jnskdfmf9eldfd" = "E:\DOKUME~1\LIGHTF~1\LOKALE~1\Temp\csrssc.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"AVG8_TRAY" = "c:\PROGRA~1\AVG\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."]
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"SunJavaUpdateSched" = ""c:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k"
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"jsf8j34rgfght" = "E:\DOKUME~1\LIGHTF~1\LOKALE~1\Temp\winloggn.exe" [null data]
"UnlockerAssistant" = ""C:\Programme\Unlocker\UnlockerAssistant.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Programme\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "E:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "c:\Programme\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "c:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{1CA6BBC9-E9FA-4021-822B-075DF1837B63}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{846083A4-BFC6-4447-985C-6578B466A7D7}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}" = "NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{4FBFFA8D-F390-471a-AE46-FEB93623AD63}" = "NeroDigitalInfoHandler"
-> {HKLM...CLSID} = "NeroDigitalInfoHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87}" = "NeroDigitalThumbnailHandler"
-> {HKLM...CLSID} = "NeroDigitalThumbnailHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "c:\Programme\Unlocker\UnlockerCOM.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "c:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
-> {HKLM...CLSID} = "DWFShellExt Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Autodesk shared\dwf common\DWFShellExtension.dll" ["Autodesk, Inc."]
AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "c:\Programme\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Programme\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "c:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Programme\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "c:\Programme\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "c:\Programme\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Programme\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "c:\Programme\Unlocker\UnlockerCOM.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


Default executables:
--------------------

<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""E:\WINDOWS\system32\NOTEPAD.EXE" "%1"" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoFolderOptions" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Removes the Folder Options menu item from the Tools menu}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\

"Disable Config" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Dokumente und Einstellungen\Lightfighter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AlcoholAutoPlayV2.BurnDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

AlcoholAutoPlayV2.ReadDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "ReadDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

BridgeCS3ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS3"
"InvokeProgID" = "Adobe.adobebridge"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Programme\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "E:\Programme\Gemeinsame Dateien\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

MSPlayCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.AudioCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\Command\(Default) = ""E:\Programme\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.DVD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\Command\(Default) = ""E:\Programme\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"" [MS]

MSRipCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.RipCD"
"InvokeVerb" = "Rip"
HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command\(Default) = ""E:\Programme\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"" [MS]

MSVideoCameraArrival\
"Provider" = "@E:\Programme\Movie Maker\wmm2res.dll,-100"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""E:\Programme\Movie Maker\moviemk.exe" /RECORD"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MSWMPBurnCDOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.BurnCD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""E:\Programme\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:PortableDevice /Device:"%L"" [MS]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "E:\Programme\VideoLAN\VLC\vlc.exe --started-from-file cdda://%1" ["the VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "E:\Programme\VideoLAN\VLC\vlc.exe --started-from-file dvd://%1" ["the VideoLAN Team"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "c:\Programme\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Programme\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Programme\Winamp\winamp.exe"" ["Nullsoft"]
__________________


Antwort

Themen zu Google verweist auf falsche Seiten
antivirus, antivirus scan, avg, bonjour, browser, computer, dll, explorer, falsche seite, google, hijack, hijack this, hijackthis, hkus\s-1-5-18, internet, internet explorer, locker, netgear, nvidia, pdfcreator, rundll, seiten, senden, symantec, system, temp, trojaner, verweise, warnung, windows, windows xp



Ähnliche Themen: Google verweist auf falsche Seiten


  1. Google öffnet falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (20)
  2. Google öffnet falsche Seiten
    Log-Analyse und Auswertung - 08.01.2013 (18)
  3. Google verweist auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (3)
  4. (2x) Google läd falsche Seiten
    Mülltonne - 15.08.2012 (1)
  5. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  6. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (4)
  7. google verweist auf falsche seiten
    Log-Analyse und Auswertung - 15.09.2011 (1)
  8. Google lenkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (1)
  9. Google verweist auf falsche Seiten / Block durch Firefox
    Log-Analyse und Auswertung - 15.12.2010 (19)
  10. Google verweist auf falsche Seiten
    Log-Analyse und Auswertung - 15.04.2010 (2)
  11. Google öffnet falsche Seiten
    Log-Analyse und Auswertung - 13.08.2009 (2)
  12. Google verlinkt auf falsche Seiten (auch p****seiten)T_T
    Plagegeister aller Art und deren Bekämpfung - 22.05.2009 (2)
  13. Google zeigt falsche Seiten an
    Log-Analyse und Auswertung - 15.02.2009 (3)
  14. Falsche Seiten bei Google und Co
    Mülltonne - 21.12.2008 (0)
  15. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (11)
  16. Falsche Seiten bei Google
    Log-Analyse und Auswertung - 14.08.2007 (1)
  17. Falsche Seiten bei Google
    Mülltonne - 14.08.2007 (2)

Zum Thema Google verweist auf falsche Seiten - Hallo, Habe beim Entpacken einer Datei von AVG die Warnung bekommen das diese einen Trojaner enthält, konnte ihn aber nicht löschen. Seit dem Verweisen die Links auf Google auf verschiedenste - Google verweist auf falsche Seiten...
Archiv
Du betrachtest: Google verweist auf falsche Seiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.