Google öffnet falsche Seiten

floppy · 13.08.2009, 20:42

Hallo Leute!

Ich habe ca. 2 Wochen ein Problem mit meinem PC! Und zwar wenn ich bei google bin und etwas über irgendein thema suche öffnen sich erst ganz normal die Suchergebnisse. Wenn ich dann aber etwas von den suchergebnissen anklicken will, werde ich auf andere seiten geleitet. Meistens auf Yahoo!!! Manchaml aber ganz wo anders hin. Habe schon Antivir, CCleaner, Tune up durchlaufen lassen haben aber nichts gefunden.
Hab hier im Forum schon ein paar Beiträge zu diesem thema gelesen und die sind nicht sehr viel versprechend. Darum bitte ich euch mal über meine Logfile zuschauen bevor ich meine Rechner "Neuaufsetze"ob es event. ne andere Lösung gibt.
Vielen Dank schon mal im Voraus!!

Hier meine Daten

Logfile of HijackThis v1.99.1
Scan saved at 20:48:18, on 13.08.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Florian Bark\pruefung.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EBF6101-72EA-470F-B215-2DC2D7F0CAD9}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{6355A4BC-332B-412C-9B31-FD8D63181990}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A743870-C13F-4C36-A49F-661C5E21FF8A}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS10\Services\Tcpip\..\{0EBF6101-72EA-470F-B215-2DC2D7F0CAD9}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS20\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS20\Services\Tcpip\..\{0EBF6101-72EA-470F-B215-2DC2D7F0CAD9}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c9e850e435bec8) (gupdate1c9e850e435bec8) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

4RobSen8 · 13.08.2009, 21:01

Hallo...und

Du hast eine Rufumleitung. Das siehst du an folgenden Einträgen -> O17
Normalerweise stehen dort deine Internetanbieter.

Code:

ATTFilter

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.1712

Die Einträge lassen sich nach Odessa zurück führen.

Code:

ATTFilter

(Cached data from Saturday , 3 January 2009 01:01)

85.255.112.171 = [ ]

(Asked whois.ripe.net:43 about 85.255.112.171)

 inetnum:        85.255.112.0 - 85.255.127.255 
 netname:        UkrTeleGroup 
 descr:          UkrTeleGroup Ltd. 
 admin-c:         UA481-RIPE 
 tech-c:          UA481-RIPE 
 country:        UA 
 org:             ORG-UL25-RIPE 
 status:         ASSIGNED PI 
 mnt-by:          RIPE-NCC-HM-PI-MNT 
 mnt-lower:       RIPE-NCC-HM-PI-MNT 
 mnt-by:          UKRTELE-MNT 
 mnt-routes:      UKRTELE-MNT 
 mnt-domains:     UKRTELE-MNT 
 source:         RIPE  Filtered 
 organisation:   ORG-UL25-RIPE 
 org-name:       UkrTeleGroup Ltd. 
 org-type:       LIR 
 address:        UkrTeleGroup Ltd. 
                 Mechnikova 58/5 
                 65029 Odessa 
                 Ukraine 
 phone:          380487311011 
 fax-no:         380487502499 
 mnt-ref:         UKRTELE-MNT 
 mnt-ref:         RIPE-NCC-HM-MNT 
 mnt-by:          RIPE-NCC-HM-MNT 
 source:         RIPE  Filtered 
 person:         Andrew Sotov 
 address:        Mechnikova 58/5 65029 Odessa 
 abuse-mailbox:  abuse@ukrtelegroup.com.ua
 
 phone:          380631508855 
 nic-hdl:         UA481-RIPE 
 source:         RIPE  Filtered 

(Asked whois.arin.net:43 about +85.255.112.171) (show)

 OrgName:    RIPE Network Coordination Centre 
 OrgID:      RIPE 
 Address:    P.O. Box 10096 
 City:       Amsterdam 
 StateProv: 
 PostalCode: 1001EB 
 Country:    NL 
 ReferralServer: whois: //whois.ripe.net: 43 
 NetRange:   85.0.0.0 - 85.255.255.255 
 CIDR:       85.0.0.0/8 
 NetName:     85-RIPE 
 NetHandle:   NET-85-0-0-0-1 
 Parent: 
 NetType:    Allocated to RIPE NCC 
 NameServer: NS-PRIRIPENET 
 NameServer: NS3.NIC.FR 
 NameServer: SEC1.APNIC.NET 
 NameServer: SEC3.APNIC.NET 
 NameServer: SUNIC.SUNET.SE 
 NameServer: TINNIE.ARIN.NET 
 NameServer: NS.LACNIC.NET 
 Comment:    These addresses have been further assigned to users in 
 Comment:    the RIPE NCC region. Contact information can be found in 
 Comment:    the RIPE database at http://www.ripe.net/whois 
 RegDate:    2004-04-01 
 Updated:    2004-04-06 
  ARIN WHOIS database  last updated 2009-01-02 19: 10 
  Enter ? for additional hints on searching ARIN's WHOIS database.

Ich denke nicht, dass das dein regulärer Internetanbieter ist.^^
Darum lese dir bitte folgenden Link aufmerksam durch und befolge ihn.
http://www.trojaner-board.de/75622-d...ittierung.html
Bedenke bitte vor dem Neuaufsetzten dir die Anleitungen irgendwie zu sichern, falls du nur einen Rechner hast. Darum entweder einen Laptop vom Freund dazuhohlen, oder ausdrucken.

post scriptum: Zumindest kann ich dir sagen, dass das hier öfters passiert.
Vllt. heitert dich das ein wenig auf.

Wenn du deinen Rechner neuaufgesetzt hast, kannst wieder im Tb vorbei gucken und die Seite "Anleitungen" dir genau durchlesen, damit das nicht nochmal passiert. Im besonderen den Link in meiner Signatur.

floppy · 13.08.2009, 21:05

Danke für die schnelle Antwort..kann ne lange nacht werden

Google öffnet falsche Seiten

Log-Analyse und Auswertung: Google öffnet falsche Seiten