óla Community.
Nun habe ich nach langem suchen doch ein Thema eröffnet. Bis jetzt ist es für mich hier noch etwas unübersichtlich.
Bitte weist mich darauf hin, wenn ich absolut Müll baue durch falsches Posten im falschen Unterforum!
/Edit: Sorry, aber ich bekomme leider weder durch löschen der [Url] noch durch den Button am obrigen Fenster der die URL auflößt die URL weg.

On Topic

Google unter Vista/Mozilla Firefox verlinkt Falsch. Derzeit 2 Seiten. Eine davon ist Ebay.

Nachdem ich mich über Google informiert hatte, was das Problem sei, habe ich mir vorgenommen hier um Rat zu beten. Denn:

"Das Problem soll eine IP. aus der Ukraine sein (Trojaner), welche immense Probleme bereiten kann, wenn man z.B. Homebanking tätigt etc."
Es wurde sogar manchem empfohlen, das System neu zu Installieren. Wobei ich davor etwas Panik habe, da ich viel Data auf dem Rechner habe, die mir sehr am Herzen liegt. Darunter viele Ausarbeitungen und Photographien.

Ich würde mich um Hilfe und eine Lösung des Problems sehr freuen!

Hier mal meine Hijack.log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:09, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [svchost] C:\Windows\svchost.exe
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 7342 bytes

Re:

Gerade lasse ich Antivir durchlaufen und habe mir STOPzilla herunter geladen, was parallel läuft.

Mit Antivir habe ich gerade diese Meldung bekommen:

Virus/Unerwünschtes Programm: C:\fixwareout\fundt\nircmd.exe
Enthält Erkennungsmuster der Anwendung APPL/NIRCDM.2

was hat das zu bedeuten?

/edit: Okay. Fixwareout scheint eine normale Anwendung zu sein.
Hoffe jmnd. ist so freundlich sich mir anzunehmen. Meine Amateurhafte Forscherei dauert ewig und bringt nichts

Okay.
STOPzilla ist nicht zu empfehlen, da man sich registrieren muss, was geld kostet, um die gefundene Bad-Data zu removen!

Jedoch zeigt STOPzilla nach Suchverlauf (der ewig dauert!) alle Bad-Data und dessen Pfad an. Wobei ich nicht weiß, ob ich diese manuell entfernen kann. Ich lasse gerade noch einmal davon ab, und habe Prevx 3.0 genutzt, was im gegensatz zu STOPzilla (42) nur 9 infizierte Dateien gefunden hat.
Außerdem will Pevx 3.0 auch eine Registration
Als nächstes lasse ich noch SPYBOT - Searc and Destroy durchlaufen. Hoffe es hilft! Werde berichten!



SPYBOT Search and Destroy ist freeware und sauber!
Habe es durchlaufen lassen. Dieses Programm hatte ein mittleres Ergebnis von 23 infizierten Data. welche gleich behoben werden können.
Außerdem erstellt Spybot nach Anfrage auf Wunsch eine Kopie der Registry, fals etwas fehl laufen sollte, wie z.B. das löschen falschter Data.

Ich hoffe mein Google-Prob. ist dadurch ggf. gelößt. Ich sende eine neue HijackThis.log und erhoffe mir trotz meiner eigenen bemühungen noch eine Rückmeldung von jmnd. der mehr bewandert ist als ich!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:44, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SpybotDeletingA4375] command.com /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3095] cmd.exe /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1040] command.com /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1399] cmd.exe /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5812] command.com /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3068] cmd.exe /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1885] command.com /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6062] cmd.exe /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2133] command.com /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC27] cmd.exe /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9528] command.com /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9573] cmd.exe /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6731] command.com /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC94] cmd.exe /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6153] command.com /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD793] cmd.exe /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8993] command.com /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD424] cmd.exe /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8097] command.com /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1671] cmd.exe /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9959] command.com /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6074] cmd.exe /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8594] command.com /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1399] cmd.exe /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6468] command.com /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3411] cmd.exe /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9983] command.com /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5483] cmd.exe /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 9929 bytes

Ich führe hier über den Tag hin ein Thema ganz allein für mich ^^
Nunja.

Ich möchte sagen, das Spybot - Search and Destroy (bis jetzt) erfolgreich meinen Rechner von dem Google-link problem bereinigt hat.
Daher meine erste Empfehlung.
Natürlich muss ich das im Verlauf weiter hin beobachten, da vlt. nicht alles gefunden worde sein muss. Jedoch ist es jetzt schon mal besser.
Für Ratschläge und weiteren Tipps bin ich gerne offen!
Denn jetzt geht es daran herauszufinden, woher ich diese Trojaner bzw. Spyware hatte und wie ich mich dagegen besser schützen kann.

Hallo und

Du hast da einen fiesen Rootkit und eines kann Spybot ganz sicher nicht: Ihn entfernen.

1.) Poste bitte beide Logs von RSIT => http://www.trojaner-board.de/74910-a...tion-tool.html

2.) http://www.trojaner-board.de/51187-a...i-malware.html

3.) http://www.trojaner-board.de/51871-a...tispyware.html (Punkt 1-3 der Anleitung)

ciao, andreas

RSIT.log (Teil 1)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Solced at 2009-07-21 19:50:26
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 22 GB (19%) free of 113 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:28, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Solced\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Solced\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Solced.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 6932 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Users\Solced\Desktop\MegaIEMn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"=REM C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE []
"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-05-23 262401]
"SynTPStart"=REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]
"SynTPEnh"=REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-13 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-13 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-13 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun []
"TOSCDSPD"=TOSCDSPD.EXE []
"Speech Recognition"=REM C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup []
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"msnmsgr"=REM C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Nokia.PCSync"=REM C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog []
"PC Suite Tray"=REM C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray []
"AlcoholAutomount"=D:\Programme 2\Alcohol 120\axcmd.exe /automount []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Aufgabenstarter]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Secure D Zone]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Shredder4]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
REM C:\Windows\ehome\ehTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
REM C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
REM C:\Program Files\TOSHIBA\Utilities\KeNotify.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-11-13 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-11-13 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
C:\Program Files\Protector Suite QL\launcher.exe [2006-12-03 49168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-05-23 509496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
REM C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toscdspd]
TOSCDSPD.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2006-12-03 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd