Hallo Trojaner-Board,
ich benutze Firefox und werden seit ein paar Tagen bei Anklicken von Google-Suchergebnissen auf eine Seite rocketnews geleitet. Der Browser-Bildschirm bleibt dabei weiß, also keine Werbung usw.
Der Windows-Sicherheitsdienst ist deaktiviert und lässt sich nicht mehr aktivieren.
Avira-Suche erfolglos.
Hier meine Logfiles:
DDS-Editor Zitat:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_31
Run by Ingrid at 10:54:02 on 2012-06-01
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2047.908 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Klebezettel NG\klebez.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Klebezettel NG\klebez.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://mystart.incredimail.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.asus.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [IncrediMail Tray Application] c:\program files\incredimail\bin\IncMail.exe
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Klebezettel NG] "c:\program files\klebezettel ng\klebez.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{7FEB022C-329B-4818-80F5-3C12025FA45F} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{BDDF7634-F7EE-4F12-9699-B4660EC09607} : DhcpNameServer = 192.168.178.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-10-11 112032]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-11 36000]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-10-11 619472]
R2 AntiVirMailService;Avira Email Schutz;c:\program files\avira\antivir desktop\avmailc.exe [2011-10-11 375760]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-11 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-11 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-11 465360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-11 83392]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2008-2-20 24576]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-10-11 91968]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2008-2-20 1324544]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 129976]
.
=============== Created Last 30 ================
.
2012-05-29 16:55:53 200704 --sha-r- c:\windows\system32\msaatextk.dll
2012-05-29 14:45:21 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6181cbe2-c62d-4a7b-87e2-310f8b7e4583}\mpengine.dll
2012-05-02 10:42:24 -------- d-----w- c:\users\ingrid\appdata\roaming\KlebezettelNG
2012-05-02 10:41:32 -------- d-----w- c:\program files\Klebezettel NG
.
==================== Find3M ====================
.
2012-06-01 08:07:44 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-14 15:12:47 91968 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-05-14 15:12:47 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 15:12:47 112032 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-05-06 06:45:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 06:45:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 07:42:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 16:23:42 54784 ----a-w- c:\windows\system32\pdfcmon.dll
.
============= FINISH: 10:54:43,34 ===============
|
Attach-Editor: Zitat:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20.02.2008 03:12:40
System Uptime: 01.06.2012 08:55:43 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | F5VL
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | CPU 1 | 996/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 32,956 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 11,359 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Mobility Radeon X2300
Device ID: PCI\VEN_1002&DEV_718A&SUBSYS_14491043&REV_00\4&107F648&0&0008
Manufacturer: ATI Technologies Inc.
Name: ATI Mobility Radeon X2300
PNP Device ID: PCI\VEN_1002&DEV_718A&SUBSYS_14491043&REV_00\4&107F648&0&0008
Service: atikmdag
.
==== System Restore Points ===================
.
RP1283: 19.05.2012 10:00:09 - Windows-Sicherung
RP1284: 22.05.2012 18:42:10 - Windows Update
RP1285: 23.05.2012 19:17:03 - Geplanter Prüfpunkt
RP1286: 24.05.2012 17:07:15 - Geplanter Prüfpunkt
RP1287: 25.05.2012 16:20:02 - Windows Update
RP1288: 26.05.2012 10:00:11 - Windows-Sicherung
RP1289: 28.05.2012 09:57:09 - Geplanter Prüfpunkt
RP1290: 29.05.2012 16:43:56 - Windows Update
.
==== Installed Programs ======================
.
abramania mahjongg freeware 1.0
ACSynchro
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Amazon MP3-Downloader 1.0.9
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Driver Installation Program
ATI Uninstaller
ATK Hotkey
ATK Media
ATKOSD2
Avira Internet Security 2012
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
Catan - Städte und Ritter
ccc-Branding
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack für 2007 Office System
ElsterFormular
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IncrediMail
IncrediMail 2.0
Interaktive Sprachreise - English Sprachkurs 1
Java Auto Updater
Java(TM) 6 Update 31
Klebezettel NG (Version 2.9.12)
Lexmark 1200 Series
LifeFrame2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Premium
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
MSVC80_x86_v2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NB Probe
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
PC Connectivity Solution
PDFCreator
PhotoMail Maker
Power4Gear eXtreme
PowerForPhone
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Task Manager 1.8d
Security Update for CAPICOM (KB931906)
Skins
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 1.3M WebCam
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live installer
WinFlash
Wireless Console 2
XnView 1.97.8
.
==== End Of File ===========================
|
Ich war mit einer solchen Problematik noch nie befasst und hoffe auf Hilfe.
Herzlich Dank dafür schon mal im voraus.
01.06.2012, 10:06
Baum-Darstellung