Hi,
ein Kollege von mir hat das Problem, dass er beim Besuch von bestimmten Seiten(kino-to you****_.. etc) ungewollt auf andere Seiten(****) weitergeleitet wird. Spybot S&D, Virensuche und Hijackthis hat bis jetzt nichts ergeben.
Hier mal das Log(Paar Sachen schon gefixt, die bei hijackthis-de ausgewertet wurden):
Logfile of Trend Micro HijackThis v2_0_4
Scan saved at 15:01:59, on 18_04_2011
Platform: Windows XP SP3 (WinNT 5_01_2600)
MSIE: Internet Explorer v8_00 (8_00_6001_18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss-exe
C:\WINDOWS\system32\winlogon-exe
C:\WINDOWS\system32\services-exe
C:\WINDOWS\system32\lsass-exe
C:\WINDOWS\system32\nvsvc32-exe
C:\WINDOWS\system32\svchost-exe
C:\WINDOWS\System32\svchost-exe
C:\WINDOWS\system32\spoolsv-exe
C:\Programme\Avira\AntiVir Desktop\sched-exe
C:\Programme\Avira\AntiVir Desktop\avguard-exe
C:\Programme\Avira\AntiVir Desktop\avshadow-exe
C:\WINDOWS\Explorer-EXE
C:\WINDOWS\RTHDCPL-EXE
C:\Programme\avmwlanstick\FRITZWLANMini-exe
C:\Programme\Avira\AntiVir Desktop\avgnt-exe
C:\Programme\iTunes\iTunesHelper-exe
C:\Programme\Babylon\Babylon-Pro\Babylon-exe
C:\Programme\SweetIM\Messenger\SweetIM-exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched-exe
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1_0\AdobeARM-exe
C:\Programme\QuickTime\qttask-exe
C:\WINDOWS\system32\ctfmon-exe
C:\Dokumente und Einstellungen\oliver\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient-exe
C:\Programme\Messenger\msmsgs-exe
C:\Programme\Skype\Phone\Skype-exe
C:\Programme\McAfee Security Scan\1_0_150\SSScheduler-exe
C:\Programme\OpenOffice-org 3\program\soffice-exe
C:\Programme\OpenOffice-org 3\program\soffice-bin
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService-exe
C:\Programme\Bonjour\mDNSResponder-exe
C:\Programme\ICQ6Toolbar\ICQ Service-exe
C:\Programme\Java\jre6\bin\jqs-exe
C:\Programme\Nero\Update\NASvc-exe
C:\Programme\CDBurnerXP\NMSAccessU-exe
C:\WINDOWS\system32\svchost-exe
C:\Programme\Skype\Plugin Manager\skypePM-exe
C:\Programme\Uniblue\RegistryBooster\registrybooster-exe
C:\Programme\iPod\bin\iPodService-exe
C:\WINDOWS\system32\wbem\wmiapsrv-exe
C:\WINDOWS\system32\wuauclt-exe
C:\Programme\Mozilla Firefox\firefox-exe
C:\Programme\ICQ7_2\ICQ-exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck-exe
C:\Programme\McAfee Security Scan\1_0_150\McUICnt-exe
C:\Programme\Malwarebytes' Anti-Malware\mbam-exe
C:\Dokumente und Einstellungen\oliver\Eigene Dateien\Downloads\HiJackThis204-exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = _search-babylon-com/home?AF=14542
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = _go-microsoft-com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = _go-microsoft-com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = _go-microsoft-com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = _go-microsoft-com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *-local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask-com\GenericAskToolbar-dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar-dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0-dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2-dll
R3 - URLSearchHook: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Programme\Babylon-English\prxtbBab2-dll
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2-dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2-dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Programme\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx-dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim-dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine-dll
O2 - BHO: Winload - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2-dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2-dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI-dll
O2 - BHO: softonic-de3 - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2-dll
O2 - BHO: Babylon-English - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Programme\Babylon-English\prxtbBab2-dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask-com\GenericAskToolbar-dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv-dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin-dll
O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0-dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0-dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD2-dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Programme\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx-dll
O3 - Toolbar: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Programme\Babylon-English\prxtbBab2-dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2-dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2-dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar-dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask-com\GenericAskToolbar-dll
O4 - HKLM\_.\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE-exe
O4 - HKLM\_.\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup-exe boot
O4 - HKLM\_.\Run: [nwiz] nwiz-exe /installquiet
O4 - HKLM\_.\Run: [NvMediaCenter] RUNDLL32-EXE C:\WINDOWS\system32\NvMcTray-dll,NvTaskbarInit
O4 - HKLM\_.\Run: [NvCplDaemon] RUNDLL32-EXE C:\WINDOWS\system32\NvCpl-dll,NvStartup
O4 - HKLM\_.\Run: [RTHDCPL] RTHDCPL-EXE
O4 - HKLM\_.\Run: [Alcmtr] ALCMTR-EXE
O4 - HKLM\_.\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini-exe
O4 - HKLM\_.\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt-exe" /min
O4 - HKLM\_.\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper-exe"
O4 - HKLM\_.\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI-exe
O4 - HKLM\_.\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon-exe -AutoStart
O4 - HKLM\_.\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM-exe
O4 - HKLM\_.\Run: [facemoods] "C:\Programme\facemoods-com\facemoods\1_4_8_1\facemoodssrv-exe" /md I
O4 - HKLM\_.\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched-exe"
O4 - HKLM\_.\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9_0\Reader\Reader_sl-exe"
O4 - HKLM\_.\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1_0\AdobeARM-exe"
O4 - HKLM\_.\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask-exe" -atboottime
O4 - HKCU\_.\Run: [CTFMON-EXE] C:\WINDOWS\system32\ctfmon-exe
O4 - HKCU\_.\Run: [Octoshape Streaming Services] "C:\Dokumente und Einstellungen\oliver\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient-exe" -inv:bootrun
O4 - HKCU\_.\Run: [msnmsgr] ~"C:\Programme\Windows Live\Messenger\msnmsgr-exe" /background
O4 - HKCU\_.\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs-exe" /background
O4 - HKCU\_.\Run: [Skype] "C:\Programme\Skype\Phone\Skype-exe" /nosplash /minimized
O4 - HKCU\_.\RunOnce: [UniblueRegistryBooster] "C:\Programme\Uniblue\RegistryBooster\launcher-exe" delay 20000
O4 - HKUS\S-1-5-19\_.\Run: [CTFMON-EXE] C:\WINDOWS\system32\CTFMON-EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\_.\Run: [CTFMON-EXE] C:\WINDOWS\system32\CTFMON-EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\_.\Run: [CTFMON-EXE] C:\WINDOWS\system32\CTFMON-EXE (User 'SYSTEM')
O4 - HKUS\-DEFAULT\_.\Run: [CTFMON-EXE] C:\WINDOWS\system32\CTFMON-EXE (User 'Default user')
O4 - Startup: OpenOffice-org 3_2-lnk = C:\Programme\OpenOffice-org 3\program\quickstart-exe
O4 - Global Startup: McAfee Security Scan-lnk = ?
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\oliver\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3-htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI-dll/ActionTU-htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI-dll/Action-htm
O9 - Extra button: ICQ7_2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7_2\ICQ-exe
O9 - Extra 'Tools' menuitem: ICQ7_2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7_2\ICQ-exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag-exe
O9 - Extra 'Tools' menuitem: _xpsp3res-dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag-exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI-dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI-dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs-exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs-exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1-DLL
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr-dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui-dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui-dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched-exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard-exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService-exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder-exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service-exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService-exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs-exe
O23 - Service: _C:\Programme\Nero\Update\NASvc-exe,-200 (NAUpdate) - Nero AG - C:\Programme\Nero\Update\NASvc-exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU-exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32-exe
--
End of file - 11817 bytes
Kann jemand helfen?